Reverse Engineering Bambu Connect
366 comments
·January 20, 2025NelsonMinar
nialv7
bait-and-switch? We, those who advocate for open source 3D printers, saw it coming from miles away. This has very very clearly been their plan all along, they themselves said as much (e.g. they are doing the "apple model"). They have been very transparent about this, yet people still fell for it.
stavros
I bought a printer. It had some stuff. I didn't want that stuff to be gone after I bought it. That's a bait-and-switch, because they didn't explicitly say "be aware, that stuff is going away on Jan 2025".
bb88
I don't know how I feel about this. I hear your frustration about this. OTOH, Bambu is a walled garden approach. I also know the Prusa Core 1 is going to be less open to keep the cheap aliexpress knock-offs at bay. This could be an issue with Bambu labs as well if cheap knockoffs start appearing using reverse engineered P1Ps with modified P1P firmware.
https://hackaday.com/2024/11/20/with-core-one-prusas-open-so...
op00to
They never officially supported compatibility with Orca, or Home Assistant. Vendors break compatibility with unsupported stuff all the time. Don’t make purchase decisions on unsupported features if you’re gonna get all bent out of shape about it.
DrBenCarson
AFAIK, Apple has never retroactively removed functionality from devices people already purchased
Selling a walled garden is one thing, building walls around a garden you already bought is another thing entirely
ulrikrasmussen
This is the Google model then. Base everything on open source, even allow unofficial builds of your operating system (LineageOS, Graphene), but slowly introduce more and more device attestation and DRM so it becomes de facto impossible to actually use anything but the closed builds because everything from banking apps and electronic identification apps to streaming apps will refuse to run on your "unsafe" operating system.
askariwa
Just some of them:
- Battery Management (iPhone 6, 6s, and SE): In 2017, Apple introduced a battery management feature in iOS 10.2.1 to prevent unexpected shutdowns by throttling the performance of iPhones with degraded batteries. This led to slower device performance without informing users, which is a removal of expected performance functionality.
- 32-bit App Support: With the release of iOS 11 in 2017, Apple dropped support for 32-bit apps. This meant users could no longer use older apps that had not been updated to 64-bit, effectively removing access to those apps on updated devices = You want the new OS? -> you have less functionality.
- Pulse oximetry features were recently removed from new Apple Watches due to Masimo's patent infringement claim.
nunobrito
They did even worse.
New firmware upgrades made older devices slower and painfully unusable: https://www.techradar.com/news/apple-might-be-slowing-down-y...
And they have plenty of experience building walls around a garden. Ask anyone using OSX for the past 15 years and you will see how difficult it has become to write or publish software for Apple.
mls-pl
And main difference with Apple is that you don't have to log in to their services on iPhone yet still have full _phone_ functionality.
makeitdouble
As the issue here came through software update, you should look at it under the same lens for Apple.
For instance did an OS update ever prevent you from doing something that you could before ?
Yes. Countless times. OS updates have breaking changes, older apps lose support etc.
And for iOS these updates are irreversible under supported ways, while the very nature of the "there's an app for this" paradigm means losing a third party app equals losing that functionality for your device when you upgrade (you won't get a translation layer or virtualization to help the transition)
You may like Apple more and feel they communicate better, but fundamentally it's the same situation.
cap11235
[flagged]
hooverd
Open source didn't compete on quality for price. I could pay 2k plus 40 hours of my time for a Voron or buy something that just works. I think Prusa only put out their CoreXY offering after they realized Bambu was eating their lunch. The Apple model works because people want to print rather than tinker.
harrall
Well Prusa was open and did compete.
But for 3D printers that worked out of the box under $1000, Prusa had no real competition itself.
The Mk3 came out in 2017 and I swear Prusa just sat on their laurels. I was a Mk3s+ owner (well, still am) and was pretty disappointed how little improved with the Mk4.
Bambu’s competition was Prusa and they clearly strived to improve over what Prusa had accomplished.
moooo99
> Open source didn't compete on quality for price.
Well, Open Source did compete on one quality very well: being open, hackable and staying that way. With this being removed from Bambu lab printers it seems as if this is a very much valued aspect for many 3D printing enthusiasts, yet few people were willing to compromise for this aspect.
Apparently it is true, you don’t know how much you value something until you don’t have it anymore
nialv7
I paid ~$750 for my 350mm Voron 2.4 kit (and, sure, 40 hours of my time. But look, you want to do 3D printing, 40 hours are just a small initial investment).
pandemic_region
> The Apple model works because people want to print rather than tinker.
Entirely this. I bought my A1 mini over the Christmas holidays and couldn't be happier with it, it's my first 3D printer. Searching for models on Makerworld, adjusting tiny bits here and there if needed and print. It just works and I don't really care about anything else, much like my Brother printer.
kamranjon
Curious if anyone has tried the Core XY printers from Creality? I think they use open source software and are generally in the same ballpark as the Bambu printers price-wise. Also saw they have a similar AMS style system as well.
seabird
There's a middle ground between the Apple model and assembling everything yourself.
beeflet
it just works until it doesn't
LeoPanthera
"Fell for it" implies that everyone buying a Bambu printer expected some degree of openness. Maybe some customers actually want an "Apple model", where the device mostly looks after itself and "just works" as much as possible.
asveikau
I got into 3d printing a few years ago and noticed the same, bambu made me nervous for exactly this.
But the fanboyism and shilling in the 3d printing community is intense. If you mentioned these misgivings you'd get flamed. If you bought or enjoyed another printer people would advise you to sell it and buy Bambu. Lots of people in various threads seemed to defer to that kind of expert advice.
I think there is/was a similar fanaticism for Prusa going on, but it seems a little less at the forefront since Bambu.
maverwa
As someone who recently bought a bambu printer, I have to agree: I am not surprised. Still disappointed, but in no way surprised. The "apple experience" is why I went for a bambu device (along with the price, and some excellent recommendations from friends). I was even surpised that the "LAN Mode" actually works somewhat good. Should have got a prusa...
42lux
Come on even makerbot wasn’t that blatant. I believe a lot of us haven’t seen it coming.
junon
Good for you. Kind of a non sequitur, though, and gaslight-ey at that.
dagmx
I don’t understand why you think it was hackable or open?
Since the launch of the X1, it’s been closed firmware and tightly controlled. That’s always been the compromise people make to get one.
I’d really like to understand what bait and switch you think has happened, and what you could do before with officially sanctioned methods that you can’t now?
Gigachad
You can print of an SD card without any special software or online services, the same as you can on Prusa printers. It's just the server/internet stuff that's locked down. Which I wish was open too, but it's still has fully unrestricted local printing functionality.
hatsunearu
https://www.reddit.com/r/BambuLab/comments/1i548m9/this_is_p...
Looks like it's not true?
dangus
From that link if you continue reading, commenters in the thread point out that LAN mode didn't even exist when the printer came out, and that it's more flexible now than when they first came out on the market.
My other comment on this thread contains the rest of my thoughts. Overall, I think this outrage is overblown.
Aaron2222
I _think_ that's browsing the SD card from Bambu Studio when the printer's set to LAN Mode, not printing from SD on the printer itself.
op00to
“Hackable” and “open” were never advertised or officially supported by Bambu. It is foolish to make a purchase decision based on an unsupported and unadvertised feature, and while you can be angry that seems silly.
madeofpalk
> on the understanding it was reasonably hackable and open
Where did this understanding come from? I'm pretty happy with my Bambu printer, but I was never under any understanding that it was hackable, let alone open. Since the beginning I was slightly frustrated at the RFID fillament spools not being open-enough for others.
NietTim
> on the understanding it was reasonably hackable and open
I, honestly, have no idea why you thought that. Bambulab has been under fire from the very beginning about not being open at all and not contributing back to the open source community they're build on.
I bought one of their printers during black friday too, it took me a long time to get over the fact that it isn't an open printer, and I never want to go back to tinkering for hours to get meh quality prints.
gjsman-1000
> standing it was reasonably hackable and open
Not sure where you got this idea from. Despite the hacking, print from SD Card remains an option, and the device does not need an internet connection for initial setup. Version 01.08.02.00 is the first firmware version that supports offline updating, even if it is also the latest version.
nico
If you are looking for alternatives, I highly recommend the Qidi q1 pro
Despite an initial issue with the hot end (which was easy and fast enough to fix with help from support). I’ve been really happy with it
It prints pretty much anything. Fast, reliable and very cheap compared to equivalent printers in the market
ActionHank
Voron for life
dlgeek
What I don't get...BambuSlicer is open source. And, not only is it open source, it's a fork of PrussaSlicer, so Bambu doesn't have the ability to re-license it.
It's licensed under the Affero GPL which is very strict about the licensing of derived works. That license requires Bambu to include the source code to any additions they make, including all of the logic, keys, etc. that they're baking into any binary distributions. If they don't, they're violating the copyright rights of Prussa and many others.
So, either Bambu has to open source all of this, which defeats the purpose (given that it's already leaked, that's gonna happen anyway) or they have to route everything through a separate program for their own slicer.
whatsthatabout
BambuConnect is not part of BambuStudio - That's intentional, so BambuLab does not need to share/open-source it.
The current implementation (the Bambu network plugin thingy) isn't a part of it either, it's downloaded by the client when BambuStudio is opened.
dlgeek
They claimed that studio wouldn't need connect.
I don't know AGPL well enough to know if a plugin is considered a derived work but it sure seems to imply it:
> For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work.
franga2000
I was very against Bambu in the beginning for their lack of proper network (not cloud!) support. Then they added LAN mode and I actually considered getting one. Luckily I was lazy and never got around to it. What the fuck Bambu?? Security, really? Not even HP dares to make that excuse...
jdietrich
Bambu Lab have been quite explicit about this. Their consumer-grade printers rely on a cloud service; for people who want or need printing over a private LAN, they offer the X1E.
iamsaitam
HP just straight locks you out of your printer unless you pay ransom every month..
JoshTriplett
All HP printers still give you the option of paying full price for ink cartridges and owning the printer. The rental model is one they try very hard to steer you into, with lots of dark patterns, but you can still use HP printers with no account and no subscription ink model.
moooo99
I mean, I technically see why authentication may be something they want to consider, especially for the less technically inclined users that Bambu is very obviously targeting.
However, this can be easily achieved without bricking every single third party integration. That should simple be a toggle in the settings that works entirely local
ThouYS
I wish Prusa weren't asleep at the wheel, then we would have bought a core one (that is, the hypothetical variant with large build volume and same quality as bambulab).
Instead, we bought a P1S, which is, technically speaking, a fantastic machine.
teruakohatu
Not really asleep at the wheel. More like they invented the wheel, produced the open source slicer (a fork of the original slicer but vastly improved), which was then used by Bambu who could manufacture a printer for less in China rather than in the EU.
Prusa themselves run 600 printers. They are commercial grade. If I was using a printer for commercial design or prototyping I would go with Prusa. Not only because I would prefer my designs were not sent overseas by an always cloud connected printer.
bborud
I ThouYS may have a point. It seems to me that Prusa were tempted to go after the prosumer/pro market and invested a lot of time and engineering horsepower into higher spec machines (Prusa XL, HT90) and resin printers (SL1S).
A lot of 3D printer companies have tried to go this route. It is not a strategy that tends to succeed.
I don't know their sales numbers, but I would be willing to bet that the ROI on those printers is nowhere near their bread-and-butter, high volume, mass market models.
I think their priority should have been to build something like the Core One (a P1S killer) rather than these expensive and risky forays into pro/prosumer land. The Core one is, realistically speaking, at least 24 months late to market. This was avoidable.
Everyone who operates a 3D printing farm, and who isn't a complete muppet, knows that closed down products like those of Bambu Labs are risky. Both because some 3D printer manufacturers kind of have a history of being dickish, and because the big boys are coming after Bambu labs with their patent lawsuits and whatnot. There are clear risks in dealing with companies like Bambu.
Dealing with Prusa involves significantly less risk. This reduced risk has value. You can charge a bit more for Prusa products due to the reputation of the company.
Most people I know who own 3D printers would rather have done business with Prusa. But Prusa only had the MK4 on offer and were burning cash on, let's be frank, irrelevant vanity projects.
Yes, Prusa were very much asleep at the wheel. Or at least, they had some strategic lapses in judgement. Let's hope they understand their customer base better now. I'd be happy to be a bit patient with them if it means we can get something that performs like Bambu printers, but from Prusa.
I'll even be willing to pay perhaps as much as 20% more just because I trust Prusa more than Bambu.
esskay
Thing is even with the core one finally releasing...its not a compelling product.
It costs more than the P1S - which lets fact it, thats what it should be compared to, not the X1C as the Core one doesn't have the stronger nozzle, nor any features that would make it a 'pro' level product.
They also still dont have an answer to the AMS, which is a big selling point for the Bambu's. The MMU3 may be better than the previous one but its just like putting lipstick on a pig - it's a mess, with tubes all over the place, spools dotted around, and then you've got to constantly babysit it and tune it.
Side by side the P1S with an AMS is still significantly cheaper and from a marketing perspective a much more visually pleasing offering.
Also worth mentioning that whilst the core one is about to come out, the MMU isnt actually even supported yet, and theres no timeline for when it will be.
Prusa are so far behind at this point and really shouldn't be. Chances are the core one is going to come out and just like the XL and MK4 will be extremely buggy for a good 6 months. How people still accept this is bonkers.
the_mitsuhiko
> which was then used by Bambu who could manufacture a printer for less in China rather than in the EU.
I'm not at all convinced that Prusa's main issue is the cost. Yes, cost is a huge part of it, but the other one is also just usability. When the X1C launched and later the A1, there was a huge difference in usability between what Prusa and Bambu had. Prusa is catching up and that is good. But they will have to do more on that front still, and the higher cost is less of a concern. It becomes a problem when the more expensive printer is worse too.
Netcob
I got my first 3d printer, an MK3S+ a year ago. Pretty late in its lifecycle, but I wanted to spend more time printing than fixing issues.
And it definitely worked! I got the kit and built it within 10h or so (very enjoyable time actually, like building LEGO as a kid) and have printed lots of stuff ever since. During that entire year I only had a clogged extruder one time and had to take that apart a bit. Any other issues I've had were either due to bad filaments or my own errors (not taking long overhangs or low adhesion seriously while slicing).
And all this time I have been using it completely offline with OctoPrint on an RPi.
albrewer
I sold a mk3s because I could never get it to work to my satisfaction. I tried for weeks, trying everything I could find on the internet, using filament supplied by Prusa.
Eventually the print head crashed into a failed print overnight, fusing nearly the entire head inside a ball of PLA filament that formed after the printer happily carried on shoving out molten plastic.
I didn't have another 3d printer to print the replacement parts. I was so frustrated with it at that point I just got rid of it.
Until I can treat a 3d printer like a Brother laser printer (forget about it for 9 months at a time and then have it work perfectly when I need it with zero maintenance), I don't think I'll invest in another one.
AuryGlenz
You just described Bambu printers with your last paragraph. They just work.
animex
Wow, so the actual content is also sent to the cloud? Not just authentication/metadata? Massive overreach. Imagine a inkjet/laser printer company sending every page you printed to their servers? (actually I wouldn't be surprised if HP does this already)
null
mikelovenotwar
Commentary on the situation from Louis Rossmann https://www.youtube.com/watch?v=aIyaDD8onIE
c0nsumer
I've been following along with a lot of this, because having picked up one of their printers about a month ago, I was immediately very nonplussed with the security. It took some work to get it running isolated on an IoT VLAN, yet still usable from my main machine.
Thus, on first blush, I welcome security improvements from them, but I'm also anxious to see what they hold.
I do wonder where this is going with the keys, because I've seen a lot of "OH LOOK WE HAVE THE KEYS" but nothing about what the keys are used for or how they are useful. Or if they are even useful.
Hopefully there'll be more interesting news about this soon and some solid, technical info.
lvturner
My understanding is that if I want to print via LAN, I have to auth against Bambu's internet servers, which is most definitely something I don't want.
Actually for my use case this doesn't work at all -- my printers are region locked to China, but I'm not currently in China so I can't connect to those servers -- meaning (I think!) if I upgrade their firmware, I can't print via LAN on my own local network... which just leaves a bad taste in my mouth.
These are great printers, but there's no need for that.
c0nsumer
Can you link to some specific detail on that, because I keep seeing that claim, but without any technical info.
I have a P1S which currently can print completely isolated from the internet. Unfortunately (or maybe not?) the new firmware isn't available for my printer, so I can't dig into it myself yet.
But I'd really like to see some sort of "when I try to do X it tries to connect to Y" or "I used to be able to do X, and now Y is required as demonstrated here".
Something more than the current hearsay and pitchforks echo chamber.
lvturner
From their blog post: https://blog.bambulab.com/firmware-update-introducing-new-au...
"Critical Operations That Require Authorization
The following printer operations will require authorization controls:
Binding and unbinding the printer.
Initiating remote video access.
Performing firmware upgrades.
Initiating a print job (via LAN or cloud mode).
Controlling motion system, temperature, fans, AMS settings, calibrations, etc."
dns_snek
I don't have a definitive source readily available, but from talking to people who were investigating the technical aspects, connection between the printer and slicer software will be mutually authenticated using a certificate that will issued by Bambu Cloud, issued only to blessed 1st party software, and verified by the printer upon connection over the local network.
So your blessed Bambu Studio instance connects to Bambu Cloud and requests a certificate, the server issues the certificate to you (or not), and then Bambu Studio may use it to connect to the printer on your LAN.
The certificates have an expiration time of 1 year, meaning that the printer functionality would severely degraded (missing network connectivity), at most 1 year after they take the servers offline or stop issuing certificates for any reason.
Not a definitive source for what I said, but it contains some information: https://hackaday.com/2025/01/19/bambu-connects-authenticatio...
ipv6ipv4
It's vendor lock-in (or DRM), not security. Security would be a protocol based on a user specific secret that doesn't inherently require locking down anything to Bambu Lab only software (think username/password). Vendor lock-in is about locking the user into using Bambu Lab software, which is what we see here.
You would never allow your bank account to be secured with something akin to Bambu Lab's "security fix".
hWuxH
- what the key is used for: signing critical operations, most notably print and gcode commands: https://git.devminer.xyz/archive/bambu-connect/src/commit/47..., list of known MQTT commands: https://github.com/Doridian/OpenBambuAPI/blob/main/mqtt.md
- what the firmware does: verify these operations, meaning it can reject MQTT messages with an invalid/missing signature from third party software
- the big flaw with that approach: by extracting the key, third party software can get full access again
- improvement to security: none (that obfuscation layer doesn't prevent anything if the printer/cloud were vulnerable)
authentication stays the same as before: https://git.devminer.xyz/archive/bambu-connect/src/commit/47...
asah
hn8726
Honestly, the response is not that great. Right off the bat they're just going on the defensive, enumerating "false claims" that printer will require subscription etc. But the concern wasn't that Bambu _will_ do that, but that they _could_ do that, and generally that inserting Bambu's infrastructure as a mandatory step in the printing pipeline is _not great_.
Then, the first point in their `truth about the update` section:
> This is NOT about limiting third-party software. We're creating Bambu Connect specifically to ensure continued third-party integration while enhancing security. We're actively working with developers like Orca Slicer to implement this integration.
The `we're actively working` with Orca was already addressed by the OrcaSlicer developer [0]
> Bambu informed me of this change two days before their announcement.
and Bambu's idea of "working with" is helping to implement redirect from Orca to their own software that would actually start the print. Seems like limiting third-party software to me.
> This is beta testing, not a forced update. The choice is yours.
This is bizarre, surely beta firmware is intended to be release firmware at some point? If anything, the community outrage proved beta track to work as intended.
> About Panda Touch. We reached out to BTT as soon as we became aware of their product. We warned them that using exploited MQTT protocols...
Also addressed by BQ in [1], tl;dr they tried to work with Bambu but didn't get much response, only a warning that the MQTT might stop working in a future update. So technically Bambu _reached out_, but only to say "don't improve our product". In the end, Bambu is screwing over their customers more than BQ
Further down they still go and defend their decision
> When using third-party slicing software like Orca Slicer, the difference in users experience is not much.
and proceed to demonstrate that Orca Slicer will _easily_ open the new app which will be able to start the printing. Which is exactly what the community complained about, and doesn't address things like missing Linux support.
Finally, they're presenting a diagram showing how the new flow looks like. Except the diagram is missing any details about what the new software does — it doesn't show how, when and why the new software communicates with the cloud.
For someone with even cursory understanding of security, the changes just don't make much sense, and Bambu is not doing much to explain the security protocols they're trying to implement. For all I know they just slapped a private certificate somewhere in the Bambu Connect app and started signing requests to the printer, which doesn't improve security at all if the private key is already public
[0] https://github.com/SoftFever/OrcaSlicer/issues/8063#issuecom...
[1] https://old.reddit.com/r/BIGTREETECH/comments/1i5lzzf/latest...
KennyBlanken
> Unpacking app.asar without fixing it first will result in an encrypted main.js file and 100 GB of decoy files generated, don't try it.
I know it's not exactly a zip bomb, but it's kinda close, and goddamn, that's obnoxious.
spaceguillotine
Bambu should be working on scaling their consumables and customer service, it takes weeks to resolve any tickets, 8 days to a first response has been normal for them.
dawnerd
It’s kind of a joke they think they’re ready to roll out a print farm subscription when they can’t even keep basic filament in stock, or like you said even provide basic support. They’ve grown far too quickly.
freefruit
What can't you fix? All the issues I've had you could find a video on YouTube on what to do.
userbinator
I'm not surprised that 3D printers are turning out to be as hostile as 2D ones. As usual these days, "security" is the excuse.
goda90
There's so much open source software, firmware, and hardware out there for FDM 3D printers, I doubt they'll ever get as bad as regular printers. It's much more a tinkerers world than 2D printing ever would be.
jopsen
Are regular printers that bad, if buy brother?
I bought a B/W laser printer and have been generally impressed with the lack of BS that came a long with it.
It did ask for toner once, so I bought something from a third-party.
cuu508
Some are good, some are bad, buyer beware.
No direct experience, but I recently read[1] Brother HL-L3220CW counts printed pages, and refuses to print after a set number of pages, even if there's still toner in the cartridge. Some models have a way to reset the page count but this one apparently does not.
[1] https://spicausis-lv.translate.goog/2025/01-brother/?_x_tr_s...
(I also use a Brother B/W laser printer, got it second hand for almost nothing, works fine)
wongarsu
I've only made good experiences with laser printers, from very small ones to full-sized copy machines. Some of the more expensive inkjet printers are reportedly also quite good. You are still stuck with the usual horror show that is software from hardware companies, but otherwise it's not so bad. And the occasional paper jam, but 3d printers are no better in terms of reliability
The bad reputation is just from HP's tactic to sell printers cheaper than everyone else, in more stores than anyone else, then make the money back with the scummiest tactics imaginable.
DrBenCarson
Yep laser printers are the equivalent of modern CoreXY printers with solid auto calibration
lucasoshiro
Well, at least you can build a 3D printer at home. I built mine years ago (https://lucasoshiro.github.io/hardware-en/2020-06-14-3d_prin...) nowadays you can even build a better one.
rustcleaner
With 3D printing out for a while now, there's zero good reason IMHO that there isn't a 2D-plotter retrofit which allows someone to attach one or more [colored] pencils or pens. I'm really shocked the overpriced ink monopolies weren't attacked in this manner, as a young child I distinctly remember a kiosk in a grocery store which 'printed' messages and images on blank cards using colored pencils, for customer order. None of this is remotely new.
krisoft
> there's zero good reason IMHO that there isn't a 2D-plotter retrofit which allows someone to attach one or more [colored] pencils or pens
This is a thing. Obviously.
https://urish.medium.com/how-to-turn-your-3d-printer-into-a-...
Only a randomly selected tutorial.
> I'm really shocked the overpriced ink monopolies weren't attacked in this manner,
Inkjet and laser printers easily print whole page 300 DPI raster images in seconds. Plotters need vectorial data and their printing speed depends on how complicated what you are printing. These things simply don’t serve the same use case. You can do nice art and heart warming cards with a plotter, but you can’t hit print on your boarding card / dhl label / word document and expect your plotter to give you what you see on your screen.
> None of this is remotely new.
I agree that none of this is remotely new. Plenty of people tinker with plotters for fun and profit. There are even pre-packaged consumer centric solutions where you pay the price of convenience with lack of freedoms. (See the similar debacle around the Cricut plotters.)
bsder
> I'm really shocked the overpriced ink monopolies weren't attacked in this manner
Because those of us who understand mostly don't care. Those who know bought a Brother laser printer and got on with life.
When those who understand need genuine inkjet prints, we go to a store that owns a printer that is several orders of magnitude better than we will ever need and pay them a pittance to get it printed.
That having been said, I really do wish we had an open source laser printer because, at some point, Brother is going to pull this same bullshit.
jjkaczor
Man, I love my Brother - it is 10-years old this spring, driver updates keep coming for new operating systems in both 32/x64 - and never has a hassle with third-party toner cartridges. While it is intended for a small office (and therefore fairly large and heavy), it has been easily hands-down the best hardware purchase decision I have ever made. (And - it there was a $300 off sale discount when I got it - so $500+tax)
gjsman-1000
Admittedly, the printing system for 2D Printers is a nightmare. Windows Secured Core PCs, for example, disable all 3rd party printing drivers and only support open driverless standards for printing like Mopria. According to people who have looked at it, let’s just say CUPS in macOS and Linux is not very likely to be a paragon of security, having an RCE scare 3 months ago.
If the printing stacks within operating systems are trash, who knows what horrors your network-connected printer firmware has. (Locking down 3rd party ink cartridges in the name of security - what’s an ink cartridge going to do? Buffer overflow the data it sends to the printer? Oh wait, maybe the printer is that dumb and we’re overthinking this, and it’s more inexcusable than first glance suggests.)
MezzoDelCammin
I'm kinda curious what will this lockdown do to the efforts to replace their controller and/or firmware with something more open. Something like [1]
It's nice to have a private key to their cloud authentication, but ultimately it's the printers firmware that's the issue. While Bambu owns and updates that, they can change the keys basically anytime they decide that they had enough of the alternative Bambu Connect servers that people will inevitably create with the current keys.
[1] https://github.com/ChazLayyd/Bambu-Lab-Klipper-Conversion
DoctorOetker
according to [0] the ipcam is logging video even when the camera is disabled.
I suggest we collectively print Tiananmen Square Tank Man scenes.
[0] https://www.reddit.com/r/BambuLab/comments/1i548m9/comment/m...
buckle8017
these printers have spaghetti detection so it actually makes sense the camera is always on
wpm
Spaghetti detection is supposed to happen on-device.
buckle8017
Yes? the reddit guy is saying the device is always saving pictures on the device.
DoctorOetker
it does not make sense: spaghetti can be detected without logging it, just process and evaluate frames, and if necessary accumulate multiple evaluations (not images) to achieve better signal to noise ratio.
bigiain
> I suggest we collectively print Tiananmen Square Tank Man scenes.
Anyone got a link to a good .stl?
DoctorOetker
we will have to make one, I suggest we also use machine translation to include the historical background into the print in their own language.
I am angry at the bait-and-switch Bambu is pulling. I bought one of their printers in the Black Friday sale on the understanding it was reasonably hackable and open. Now they're trying to lock it down so I can't print on my own printer without using their approved software and DRM chain. It's outrageous.
More info on the hacking (the first in what may be a long stupid fight): https://hackaday.com/2025/01/19/bambu-connects-authenticatio...