Bambu Studio is literally a PrusaSlicer fork. You don't get to build on the community and then threaten it.
They are offering a cloud infrastructure that allows users to remote control the printer via their software. If they don't want users to use a non-approved software to access their cloud, they should just build auth around it and explicitly tell people that. The accessibility for users to utilize the printer without going through official software and cloud is a whole other can of worms of course.
This whole fiasco could have been avoided by not being so confrontational, giving their user base ideological ammo.
Bamboo not understanding the OS licencing when they themselves took from Prusa if I remember correct is pretty rich.
Like when you think of the App/Play store lockdowns, the new ReCaptcha attestation stuff, and other things that have a more authoritarian angle to it as of late, you can at least see how it happens: most of their consumers aren't technical and don't even know how to argue against it or why they should care.
With Bambu on the other hand, I'd think a good portion of its customers do actively care about this kind of thing. 3D printing just doesn't have the same market reach as computers and smartphones.
Also, it seems to me like there's eventually going to be a turning of the tide on all of these pushes (app stores included) and companies that are making these kinds of moves aren't seeing that writing on the wall.
Anyways, yeah, my next purchase will be a Prusa.
That said none of this is surprising. Bambu Labs have been very candid about their playbook which is following Apple's lead. They want to be the Apple of printers, a very walled garden with high integration good UX and not a lot of freedom because they want to tightly control the full experience.
And that is going to alienate a lot of people and endear a lot of others. The only reason they've even paid lip-service to open source or open hardware is simply to get a foothold in an industry that had strong roots in that area. Now that they're a more established brand we should expect them to start bricking in the garden and adding controls.
Fortunately I think they've been a net-good for the printer landscape, they shook things up pretty hard and I think there's now more competitive models from other brands.
My understanding is that right now, you can run your printer in LAN or USB mode without Bambu's cloud, and this is supported natively by OrcaSlicer (or any slicer using USB), but you lose some of the Cloud monitoring features.
You can also use Bambu's cloud with their Cloud Connect app and gain those monitoring features while using a third-party slicer, but at the expense that you send your prints through their cloud.
Or, you can use Bambu Studio and get the "fully integrated" experience.
My understanding is that this plugin just replicated their Bambu Studio communication with the Cloud, and that it _enabled_ you to send your prints to their cloud, not _disabled_ it. Is there something I'm missing that made this valuable? (ie - did it do some hybrid where it could hack in the Cloud monitoring without sending the prints through the Cloud?) Otherwise, I think what Bambu are doing are distasteful but I don't understand all of the Chinese espionage hand-wringing or "stealing our files" commentary around this.
EDIT: I finally got to the bottom of this; there is a cloud-based RPC method called `bambu_network_start_local_print` where Bambu's Cloud would authorize a print using (ostensibly) only locally transferred data. The goal of this project was basically to pretend to be the Bambu plugin in order to authorize this method, which is otherwise locked behind Bambu's auth system. This makes more sense. I wish the commentary on this subject would actually explain this.
Having said all that, the hardware is very good. Software, not so much.
For anyone considering alternatives: You should know that almost all other 3D printers expect you to know a little more about how they actually work than Bambus. Bambus are as close as you can get to a "just works" type experience, but modern alternatives from others are nowhere near as hard as they used to be.
The closest "easy" alternative is probably Prusa, but you'll pay significantly more for a Prusa machine than you would a Bambu. They're an excellent company, and the complete opposite of Bambu when it comes to Openness. If money is no object, Prusa is highly recommended.
Beyond Prusa, there's a lot of other options. https://auroratechchannel.com/#section2 This list is a good one.
I personally run an old Elegoo Neptune 4 pro - but my needs are quite low. If I were buying today, a Snapmaker U1 or the Creality K2 Plus is probably where I'd end up going.
> We have documented incidents of service outages caused precisely by spikes in unauthorized traffic - overwhelming the servers, causing service disruptions affecting everyone. The cost was instability felt by all users.
So it's a problem that their printers are popular, and they can't be bothered to scale their infra, so let's gate everything based on USER AGENT STRING! This is so crazy of an excuse that I don't believe it.
That’s not impersonation. That’s Bambu discovering that user agents are not authentication.
Still I suspect it is about spying in wartime, Bambu printers are at the core of the Ukrainian war effort, the main reason even Ukraine is winning since januari 2026.
First China prevented Ukraine from using any of the drones that they sold in millions to Russia while exercising the built in kill switches in Chinese drones used in by Ukrainians.
Suddenly Bambu, another Chinese company started listening in on the 3D printing on a massive scale in secret factories all over Ukraine that make the drones to replace the Chinese drones. Very suspicious.
Whatever is the reason Bambu locks down software or firmware on their 3D printers, now is the time for programmers to change the situation. We need to put up money like Louis Rossmann did [1], not to fight legal battles but for a assembly language programmer to reverse engineer the Bambu firmware and make a free and open source version.
This firmware replacement will cost a couple of months to write so we all should send that programmer a little money so he/she can release it for free.
A free Bambu firmware will allow the Ukranians to continue producing another few million drones and save over a hundred thousands lives by ending the war.
Now is the chance for us outsiders to help Ukraine, by freeing Bambu firmware.
[1] https://www.youtube.com/watch?v=qLLVn6XT7v0
P.S. I would be willing to do the reverse engineering but I would need at least 35 euro per day (to eat) to build a new firmware for all Bambu models from scratch. I would need a few different models of printers on loan for a few weeks to test the new firmware. I estimate it would take 5-9 months to rebuild firmware for all models from zero and release it. Maybe Rossmann and Geerling could use their influence and coördinate this freeing of the firmware?
I just emailed Rosmann and Geering to see if we together can free the Bambu firmware. Anyone who wants to help, please contact me trough my HN profile.
I don't have my notes in front of me, but I managed to do all of that with hardly any trouble at all. IIRC, you only had to change one setting on the printer itself, and optionally block the printer from Internet access via the firewall to prevent automatic firmware updates and telemetry. I have only used OrcaSlicer to tweak my models, mess with parameters, and send the prints to the printers.
So other than Bambu getting all heavy-handed with a legitimate open-source fork of their slicer software (which is definitely not okay), I'm not sure I'm clear on what the kerfuffle is about. Are their printers now MORE locked down than before? Or maybe only certain models?
1. OrcaSlicer: so it's a fork of Bambu's official client, Bambu Studio - but it apparently still goes through Bambu's servers for printing? How exactly does that work? Does it also "impersonate" the User-Agent, and Bambu was okay with that?
2. OrcaSlicer-bambulab: if the goal of this fork-of-a-fork is to bypass Bambu's cloud servers, why would it still need to "impersonate" the UA and communicate with Bambu's servers (as Bambu claimed)? Wouldn't the whole point be to avoid doing that in the first place?
What printers are similarly priced and have similar specs, for someone relatively new to 3D printing?
same for breach National Defense Authorization Act (NDAA)
Bambus p2s and their ams2 pro have had more hardware reliability issues in 1 month than is normal
Wayyyy more than my p1s and ams combo
I think there’s also some issue in their firmware that needs to be rolled back or perhaps properly tested
Gonna sound harsh :
This isn’t a printer anymore … it’s AI slop
Then I installed the app (open source in github) and started using the “cloud” services. I consider myself pretty stupid with such things, and it was absolutely the easiest thing I’ve done in 10 years.
The price is very high though. But at least you OWN the damn thing.
- they benefit from open source software work
- we benefit from their dirt cheap top performing machines
As long as they remain the lowest priced and the best, they can do whatever they want if you ask me. They provide insane social value through accessibility. Before them, it was Creality with the Ender 3.
My problem with Pruša as an European is that it turns us into the equivalent of being a Chinese citizen who can't afford the Temu product they make at work. Their machines are priced more or less only for US export, and not really something most people here can reasonably buy. They even refuse to use injection moulding out of some self righteous principle, which drives the price per unit up further all the while selling less durable machines cause they're half RepRap. I take it sort of as a personal insult and I will never buy one even though I can afford it, I see it as bad value. Like buying a gold plated watch or something.
I'm fairly certain user agreements have been used for suing makers of game cheats and other similar things. Certainly in the industry I work in, there was a company making third party software and integrating it with the industry standard tool without going through the official channels, which caused people to violate the user agreement when used. They got sued and settled.
I finally got to the bottom of this; there is a cloud-based RPC method called `bambu_network_start_local_print` where Bambu's Cloud would authorize a print using (ostensibly) only locally transferred data. The goal of this project was basically to pretend to be the Bambu plugin in order to authorize this method, which is otherwise locked behind Bambu's auth system.
The alternative is to run the printer in LAN mode (which OrcaSlicer has always supported) where the client connects natively over MQTT, but after Bambu added their cloud authentication, this requires putting the printer in Developer mode and severing the Cloud features.
Orca Slicer was forked to improve usability and features, not to get around any cloud printing requirements, Bamboo added those later and removed the ability to print locally.
It has to impersonate to transfer a gcode file locally, which is another open standard.
Bamboo restricted LAN printing, that is the issue.
None, really. Prusa printers are good enough though. If you value freedom and privacy, its worth a few extra dollars.
The Mk3 is also easy, and can be had for cheap now, but it doesn't have auto Z-adjust which is really nice. It's also noticeably slower compared to the latest models.
[1] https://store.creality.com/products/k2-k2-combo-3d-printer-l...
They rubbed people the wrong way launching the CC2 with multi-color support before they developed the multi-color add-on that was promised for the original CC. I didn’t plan on multi-color with the CC, so that didn’t personally bother me too much.
I recently got a Snapmaker U1 for multi-toolhead prints and love it so far - much less waste than a filament changer and I’m using it for more exotic prints like a mix of conductive and regular PLA in a single part that wouldn’t work well in a filament changer single toolhead printer.
And I still use my CC for occasional single color prints (recently it’s been dedicated to TPU but I’m probably going to move that over to the U1 so I can do “over molded” TPU+PLA prints).
In short, if you’re willing to spend more I’d highly recommend the U1 if you know you’d benefit from the toolchanger. CC is probably a fine budget machine but there are a lot of other similar budget corexy machines to consider these days as well (I got CC when it was groundbreaking for features at its price but competition has caught up by now).
You're right that they're expensive but you get free human support 24x7, you get an open platform, lots of contributions to open source (even Bambu Studio is a fork of Prusa Slicer), and they pretty much go on forever.
My Core One+ started its life as an original MK3 and went through each iteration of upgrades, and it works like new. I'm now waiting for an INDX upgrade for it.
IMO the main drawback of consumer Prusa offerings is the lack of good chamber heating for more advanced materials. I can print PC on my Core One+ in the summer with the chamber at 45℃ (good enough for most uses, but 60 would be better), but in the winter it becomes a lot harder.
The Core One L is supposedly better in that regard but I've seen reports that it's still not ideal.
Other than that, I feel the extra cash pays itself back in the long run.
Then in 2025 they changed their 'open community license' to say users may not:
“Sell complete machines or remixes based on these files, unless you have a separate agreement…” and “The Restriction: You cannot commercially exploit the design files…”
https://blog.prusa3d.com/core-one-cad-files-release-under-th...
Maybe this is more a comment on how open source has had to change in the face of commercial exploitation of the vulnerabilities traditional open source licenses create for the businesses doing the R&D.
Louis Rossmann has decided to put himself in the crosshairs instead, with a video goading Bambu: https://youtu.be/1jhRqgHxEP8?si=BwfoCKxujd0XwNJ0
Here's what I don't get. How is infra load any different between someone using their slicer build, and someone using their code in another slicer (or a fork)? It's still (ultimately) the same human making the same requests. If they can't handle the load then the solution is to obviously carefully manage the supply of the printers, if your infra is incapable of handling more than 3 users (accurate figure going by the tone of their blog post), then don't have more than 3 of your printers in the wild at any single time. Problem solved.
They're doing what it takes to be a business. I was glad when they moved to more injection molded parts instead of trying to 3D print their own parts. It was a cool idea at the start but the time for that was long past.
My only slight objection is that you can tell they're trying to have it both ways: They want all of the good will and reputation of being open source, but they're also trying hard to put as many limits on this as they can. Like all projects trying to walk the line between open and closed source, I think they're at their best when they're honest about what they're doing. The moves they made with their open license are completely reasonable and I support them, but that blog post was a bit of a letdown when they tried to make it about fighting patent trolls for the community or something. When you reach Prusa scale you have to be honest that you're no longer one and the same with the community. You are the medium-ish size business that people rely on. Taking away the right for others to sell the products is a reasonable business move, but please be honest about it rather than trying to tell us it's for our own good.
I have no first-hand idea of they’re ’morally’ better than Bambu - I haven’t looked into it - but I think the folks in charge of buying them considered that.
I’m not saying we shouldn’t shame those companies for not abiding to their words, but there is more to it than outrage. Suing them (or the threat of) might also work here if they really went against the license.
My biggest annoyance is that I can no longer use OrcaSlicer to interact with my printers (e.g. sync filaments) and start prints remotely. I am still very annoyed at Bambu Labs for this stupid move, as it directly impacts my usage.
What most people seem to be missing in these discussions is that some of us have printers in remote workshops, not next to us. So all the "LAN" or "Developer" options aren't great, especially if you have to pick between those OR the cloud.
I'm not up to date with their latest printers, but the Bambu printers used during this timeframe have easy ways to enable LAN only mode. You can leave it disconnected from the network entirely and use an SD card, too.
The app lets you enable root access and install firmware mods. There are multiple efforts to reverse engineer the firmware.
> A free Bambu firmware will allow the Ukranians to continue producing another few million drones and save over a hundred thousands lives by ending the war.
If that were true, it seems to me, that Ukraine would have already done it if it was somehow standing in their way.
Makes fleet management a bit harder but I don’t believe that requires internet access unless I missed some update.
I have a P1S myself, and I find Bambu to be a strange company. They're one that has benefited tremendously from OSS while sometimes violating both the ethos and licenses.
They specifically engineer it such that your prints need to go through an intermediary even when it could send it right to your device on a simple network. That'd be like a laserjet routing through the cloud instead of going to your device. With nothing much in the way of encrypting your designs and protecting your data, it feels like this was done on purpose. Given the shameless track record of many (most?) Chinese companies on IP, my assumption is that they're mainly doing this to steal designs. The juxtaposition of their poor track record on OSS, what seems like a shady approach to privacy and IP protection, and the aggressive legal posturing - all sum up to what I think is a very untrustworthy organization.
Luckily my designs are in the "look at this trash" territory, so I don't have anything to worry about, but I certainly wouldn't use this for important work.
Why do you have to do that on a product you own that is running in your home?
Perhaps the kerfuffle is about making legal threats against open source developers.
I've got an a1 mini myself, and I'm not aware of anything comparable on the market, but there's a clear need for some competition now.
Have you looked into Centauri Carbon ?
Is there any more to read about this angle? China blocking Ukraine's access to the tech?
They released the multi color system for $55. I've ordered and waiting for it but the printer itself has been pretty nice.
Then their org has the option to burnish or bury models that align with their goals.
point: they enfrocing network access for their products (including USA), which are sensitive. so, maybe export control problems?
Could too much thermal insulation cause the bed temperature to lower (to avoid overheating chamber temp) to the point the print no longer adheres? etc.
If you could recommend some articles on the subject I would highly appreciate it.
You can be entirely in favor of the open source ethos, even as a commercial entity, but then certain actors can take advantage of that ethos and just directly commercialize your R&D investment and take all the proceeds of your investment, whether or not they comply with attribution or share-alike requirements.
It’s tough seeing an open source project you’ve poured tons of care and effort into (and WANT people to share and remix and build cool things) get more or less “extracted” for profit without contributing back (code or money).
At the end of the day, none of it really matters unless you’ve got money and time to actually try to enforce your licenses, or have enough customer mindshare to effectively change the behavior of bad actors without needing legal action.
I’ll probably use licenses like Prusas in the future for similar reasons, even though I generally prefer to use less restrictive ones. Bad actors, or even just non-benevolent actors, can really sour the open source ethos, and it sucks but there’s no way to legally enforce “don’t be a jerk” without restricting a legal document in slightly unpalatable ways.
If I make an open source car, I don’t want someone else taking my design work, and then selling a cheaper version of my product, I want my consumers to build their own parts.
This is just Bambu alienating their customer base, again.
I think the primary problem is actually more than just Bambu's behavior, it's that China is an authoritarian country, and most of the population not only accepts the idea of central servers monitoring and "moderating" behavior but largely may embrace it as a sensible thing to do. It's probably beyond Stockholm Syndrome to the point of much of the culture genuinely not completely even understanding the idea of why privacy and personal control is important.
Much of the United States is so far on the other side that they can't begin to understand the position Bambu is in. Large companies in that country just do not have the option to allow their users to bypass censorship and monitoring.
I do think it's actually great that this type of issue gets in everyone's face though and it's great people are fighting back. But realize that the problem is deeper than one company. It's the whole type of government and attitude towards it and technology.
Which degraded their hardware usability so much, that it's literally much worse than a decade ago. Even basic functions like choosing which speaker should play or ... what content to play does not work properly.
Just another company to avoid by now.
New product launches by them feel less exiting (I don't want/need laser engraving capabilities in my 3D printer) and I agree with other commenters that these days, there are good alternatives. Unfortunately I have to say that wasn't around the time I bought the printer. When you just wanted to print things without making 3D printing a hobby, their machines were a no-brainer!
But yeah, bye bye Bambu Lab.
Only thing that's more annoying than their blog posts trying to "set things straight" is the "we told you so" crowd.
He was right.
You buy this, you "vote" for this.
The open alternative exists. It costed more, but I saved a bit more and got it.
Vote with your wallet, where and while you can.
This for me was the most telling.
The main issue is how close the walls are to the bed, which makes a lot of insulation projects dead in the water. If a radiator reflector foil [0] can be made to fit, it might help quite a bit as well.
Other than that, proper active chamber heating is really where we should be heading. When I have the time I might attempt to replace the left panel with one.
[0] https://www.amazon.co.uk/Radiator-Reflective-Thermal-Heating...
Maybe you should make a source-available car, or a car with select portions of CAD available, or something else that fits your intended business model better than open-source.
Different licenses are build around different philosophies, and the common open source definitions allow commercialization as long as the source & modifications you make are freely available to others. Prusa is breaking from that tradition.
This will be the only legal way to own a 3D printer if WA HB 2320 or CA AB 2047 are passed. If you don't like it, call your representatives immediately.
I love their 3d printer. It "just works" like none I had before it.
But now they've killed their 3d printer business and all their stuff is absolutely dependent on their web services. So that thing is up shit creek without a paddle whenever they flip that switch.
It really hurts to think about replacing an expensive, WORKING thing just because it became abandonware.
The Chinese government subsidizes Bambu Labs, so it's pretty easy to understand why this is such a big deal for them. It's not like the CCP wants to democratize manufacturing. They want the data.
the Ukraine war started in 2014 technically. But even if we go to the "current" wave start, that was 24 February 2022[0].
Bambu Labs released their first printer (X1C, on kickstarter) on 31 May 2022, let alone their "must go through cloud service" restriction starting in early 2025[1].
[0]: https://en.wikipedia.org/wiki/Russo-Ukrainian_war
[1]: https://blog.bambulab.com/firmware-update-introducing-new-au...
https://www.newsweek.com/china-ukraine-russia-war-drone-uav-...
It's a much more interesting and dynamic place than before Bambu's market entry
Money is a bit tight, so I decided against prusa as my first printer.
I am curious if anyone has good experiences with alternatives for the p1s with regards to ASA printing?
I don't see the ground the OSS community are standing on to demand Bambu provide free services.
Surely people can check the traffic and build a server to answer similarly, no? Or is this much more than job management?
Maybe this is impossible and I'm talking out of my ass, but for me it seems like a perfect opportunity to completely remove the problematic party from the equation.
The receiver of the C&D should see a lawyer about what changes or user-facing messages might get Bambu to back off. This is a normal, solvable business disagreement, not an excuse for everyone to get their pitchforks out again.
Also: I run multiple Bambu printers offline and they all work fine via sneakernet without anyone's files going anywhere. People should stop acting like these devices are bricks when used without internet access.
Serious question: why not just release whatever you want but not tie it to your identity? Bambu demands OcraSlicer make changes under threat of litigation? OK, cool. Enjoy the 5,000 forks of OcraSlicer that implement that functionality in exactly the same way. Hell, post a notice that they were compelled to remove the feature, and that they're thereform removing the release x.y.z, with the sha256 hash of "...".
Now OrcaSlicer has complied, and the community has an semi-official way to make sure that the commits that were removed aren't modified when they get them from other sources.
I'm a confused about the whole "3D printer sends prints to its manufacturer's server" issue. Because I wouldn't want to connect hardware device like a 3D-printer to a network in the first place.
Can I buy a Bambu Lab printer and just never hook it up to any network?
Will I be able to print from sd-card just fine?
Can I update the firmware from an sd-card?
If these two are possible, I would not have any problems with such a device. If they are not, I would not even think about getting such a device.
And when it comes to slicing software: Can I use any slicing software and all I have to do is load the hardware info of the Bambu Lab printer I want to use? Or do I have to use Bambu Lab Studio or a fork like Orca Slicer for some reason?
And while we are at it: Does command line slicing software exist? I wouldn't want to dabble with a GUI. I would want to define the parameters of a print job in a yaml or json file and then slice it like "./slice.sh config.yaml myobject.stl"
Previously I bought an Ender printer for around the same amount. Never did get it to work. I'm not an engineer or a mechanic. I have other technical hobbies, astronomy for example. I tried making a telescope mirror with results similar to the Ender printer. I buy ready made telescopes, not telescope kits.
I have immense admiration for those who can and will make telescopes and 3D printers. I'm very interested in the base technology. But when I want to print something, or look at a faint fuzzy, I just want the system to work.
(Interestingly, I actually like star hopping, the process of finding an observation target with a finder scope and star charts. Go to telescopes have no interest for me. Go figure ...)
To me this seems like a failure of the U.S. corporate/economic system. We should be able to make a 3D printer that simply works. We should be able to make a drones that work as well as the DJI drones. (My understanding is that Bambu Labs was started by a group of former DJI engineers.).
I don't have any solutions here. Not buying a Bambu Labs printer means I don't get to print things in 3D. I would pay more, but whenever I look into the various alternatives that I'm assured are turnkey, they turn out to not be turnkey. And if my Bambu printer breaks I can generally buy a new one cheaper than paying someone who knows what they are doing to fix it.
I'll admit this kind of offends my geek sensibilities. I actually agree, at least emotionally, with Geerling. But I also agree that the U.S. military industrial complex should be able to make excellent consumer facing 3D printers.
If I were doing commerce with the 3D printer I almost certainly would be using something else. Maybe. For what its worth, I'm basically printing out puppet mechanisms and art figures. Occasionally a wall hook or missing part for something that I happen on a STL file for.
It only stops the honest people from doing that (and possibly much more, like manufacturing and selling replacement parts or mods).
Creating 3D models from existing products is relatively fast and easy. The hard parts have always been the actual design process, materials selection, and setting up the supply and manufacturing chain.
Prusa took what was practically a non-issue (cloning of their modern printers which have multiple custom parts and are overall not easy to clone cheaply anyway) and used it to restrict the freedoms of end users and small businesses while crying about how they are the victims.
I lost a lot of respect for Prusa when they came out with the OCL.
A damn patent would have been both more effective and less restrictive for reasonable commercial purposes.
But you raise a good issue: are they selling these at a loss in order to leverage some sort of lock-in? If that's the reason they're so cheap, that's important to know.
I honestly wouldn't mind paying twice as much for something that's more open. But it's also an issue I haven't looked very deeply into. For my first 3d printer I just wanted something cheap and foolproof.
I mean I print ASA with my Voron, but that is build it yourself and high level of tinkering.
There are alternatives like QIDI Q2. But .. it will probably not be as fire and forget as Prusa or Bambu.
However, I hope you see that the behavior reported by Jeff here is just bad. They are either not understanding open source licenses or are acting in bad faith.
Yet! Enshittification is a given, even if not premeditated. Finding open solutions now is proper planning.
Last year I said I'd probably never recommend another Bambu Lab printer again.
I still use my P1S, but after Bambu Lab started pushing their always-connected cloud solution as the new default:
I had to do that to keep it under my control, instead of Bambu's.
But I'm weird—I acknowledge that. I'm one of those crazy ones who likes to own something they purchased, and not have the company watch everything I do with hardware I paid for.
Bambu Lab could've left the status quo at that, and I wouldn't be writing this blog post.
But they didn't.
For context: OrcaSlicer is a fork of the open source project Bambu Studio, which is a fork of Prusa Slicer, which is a fork of slic3r. (They are all licensed under the AGPLv3 open source license).
OrcaSlicer already has to dance around Bambu's weird default setup where every file you print goes through Bambu's servers, meaning they can see everything you ever print on your printer.
That is, unless you're like me and you run it in Developer mode, and completely block it from the Internet on old firmware.
Some people are okay with using OrcaSlicer and printing through Bambu's cloud. It's convenient if you're on the road and want to start a print on your printer at home, without managing your own VPN.
I run my own WireGuard VPN, so I don't need that, but I understand not everyone has the resources to manage their own remote access.
Bambu saw a fork of OrcaSlicer that allowed you to use all your printer's features without having to route prints through Bambu's cloud called OrcaSlicer-bambulab and was like, "You know what? No. For the 0.1% of power users who want to run OrcaSlicer without the cloud delivery mechanism like we have in our AGPL-licensed Linux Bambu Studio code... no. You have to use our app, and only our app."
So they threatened that OrcaSlicer fork's developer with legal action for things that developer didn't do. For example, they indicated the fork used an impersonation attack, despite the fork using Bambu Studio's upstream code verbatim.
These are very serious public accusations.
Bambu Lab did not write to me with these specific public claims first. They also refused my request to publish the full correspondence. Instead, they published a one-sided public statement where I cannot reply directly.
In practice, this presents me to the public as someone bypassing security, impersonating their client, and creating a risk to their infrastructure. I reject that characterization.
Bambu is abusing the open source social contract, and using their legal might, to suppress a tiny number of their users1, for who knows what reason.
It seems dumb to me, because it would've been easier (and more profitable) to do nothing at all2. Instead, they wrote a blog post blaming an individual open source developer for their own infrastructure and security problems.
This is where the actual issue arises: the modification in question worked by injecting falsified identity metadata into network communication.
In simple terms: it pretended to be the official Bambu Studio client when communicating with our servers.
I don't think they understand open source culture. Security either, if a public user agent string is their only protection against DDoS attacks...
Instead of finding solutions to ecosystem problems and building a more secure platform, Bambu is putting devoted power users like the fork's developer on blast3.
When tensions flared last year, they wrote a similar blog post blaming community backlash on 'unfortunate misinformation'. I imagine they meant speculation from community members (like myself) frustrated the whole software ecosystem and ownership model was turned upside down post-purchase.
This year they're blaming one developer of a tiny slicer fork for the potential impact he could have on their entire cloud infrastructure.
It creates structural vulnerability. If this method were widely adopted or incorrectly configured, thousands of clients could simultaneously hit our servers while impersonating the official client. Our systems would have no way to distinguish traffic, because the requests would look identical.
I love how they frame this as a developer trying to impersonate their app, when he's literally using the same AGPL-licensed code their Linux app uses.
I find it doubly ironic since their own fork caused Bambu users' telemetry to hit Prusa's servers back in 2022, and (to my knowledge) Prusa didn't snap back with a C&D.
They spent the rest of their blog post talking about vulnerabilities, bugs, and instabilities—as if that has anything to do with a developer using upstream code verbatim in his fork.
Maybe they could take a new approach and just not lock down their whole ecosystem in the first place.
But who am I kidding? Nothing I say, and no amount of complaining in the comments below, seems to help Bambu see the fault in their ways.
Spending a little more for a printer from another company just might do it, though.
Louis Rossmann posted a video saying he'd pledge $10,000 to help the open source dev fight Bambu's legal threats. And I'd happily chip in too, but that's only useful if the dev wants to put himself back in Bambu's crosshairs.
The better play might just be to skip Bambu altogether.
The OrcaSlicer fork in question didn't seem to have much uptake outside of a very small subset of users prior to Bambu Lab's cease and desist order. ↩︎
Maybe ask for the fork to not include "bambulabs" in the name, since that could be a reasonable trademark-related demand. ↩︎
The fork's developer mentioned "I previously helped Bambu Studio users with Linux and Wayland issues, including on Bambu Lab's own GitHub. That makes it especially absurd to me that I am now being publicly presented as someone dangerous to their infrastructure." ↩︎
You're correct of course that this is an entirely distinct argument from what Bambu's legally allowed to do under existing law.
They ARE however deterrents to bad actions from less-than-scrupulous entities, and enforcement mechanisms against fully-unscrupulous entities.
I suspect (but will admit I am just guessing here) that Prusa would prefer not to get to the enforcement stage because it is both costly and annoying, but having that in your back pocket is, sadly, necessary in a litigious society with some number of unscrupulous actors, and the deterrent effect alone is likely enough to achieve most of their goals.
But, though there are some explicit laws where that’s how it works, that’s not generally how the legal system works. If I have a private server, and I don’t give you permission to access it - or, even better, tell you not to, it doesn’t really matter how I secure it. If you access it, you’re in the wrong.
To give a physical analogy, it doesn’t matter how I’ve secured my house. Even if the door is open, you’re not allowed to just waltz in (or, to take it a bit further, come in and start using my stuff).
The legal risk comes from why you are doing it and what protections you are bypassing.
If you are doing it specifically to bypass Bambu's authorized access, then it is very likely to fall afoul of the Computer Fraud and Abuse Act. The mechanism (spoofing the UA) is entirely incidental to the motivation (bypass authorized access), which is what the law cares about.
I don't know if that is what is happening here because the article is talking about a fork that is bypassing Bambu's servers entirely (which is permitted under the AGPL) and Bambu is not happy.
Edit: On re-reading, it seems to me the fork is still calling Bambu's servers. It's just bypassing some things.
yeah, just get a lawyer! not like that's an expensive thing to do as an individual, private, open-source dev, at the risk of being stuck in a legal dispute versus a corporation with deep(er) pockets.
Another aspect is that releasing something under copyleft without putting an identity behind it is toothless. Someone can copy it and now if you want to go after them, you need to out yourself anyway.
https://www.josefprusa.com/articles/open-hardware-in-3d-prin...
In short, these Chinese companies are pushed by the state, in essentially massive dumping. And not only that, they get Chinese hardware patents granted on open inventions from the wider 3D printing community as their own creation & then try to push those spurious patents also in the West.
I would doubt this is the case, Orca Slicer exists since 2022 and is very popular. This is not a "somebody just noticed a thing" situation.
The funny part here is it seems Bambu is more exposed to a libel suit than the developer is for... checks notes clicking 'Fork' on Bambu's github. Since the moment he did that, his software was supposedly in breach of Bambu's...expectations.
At least in the US, the law against unauthorized access to a computer system has no requirements for how good the security has to be. If you should reasonably know you're not supposed to be using it, that's potentially enough to make it illegal.
SD cards work but it's extremely less convenient than just printing straight from the slicer.
You can use any slicer you want but Bambu wants only their slicer to directly connect.
CLI slicing is not something you want in general. Visual confirmation of the toolpaths is very important to making prints as successful as possible.
Am currently somewhat into the topic of UAs for a personal project (not connected to Bambu printers), so am honestly interested for any tangible information, I just dislike us assuming something illegal because a corporate entity views it in a negative light.
[0] https://www2.ca3.uscourts.gov/opinarch/131816p.pdf ("We also note that in order to be guilty of accessing “without authorization, or in excess of authorization” under New Jersey law, the Government needed to prove that Auernheimer or Spitler circumvented a code- or password-based barrier to access. See State v. Riley, 988 A.2d 1252, 1267 (N.J. Super. Ct. Law Div. 2009). Although we need not resolve whether Auernheimer’s conduct involved such a breach, no evidence was advanced at trial that the account slurper ever breached any password gate or other code-based barrier. The account slurper simply accessed the publicly facing portion of the login screen and scraped information that AT&T unintentionally published.")
Imagine if pizza consisted of software and hardware and you only bought hardware but software could be changed by dev/seller. Now your pizza shrunk in size, changed taste, or could only be eaten by a fork that is supplied for free by the pizzashop, otherwise special chemical compounds would make it disintegrate if you'd try to eat it using your hands or anything else. Technically you still have that pizza you bought...
Here it looks like you can connect Orca?
However, even that sounds suspiciously like a project in and of itself. I haven't had time to design and print anything in the last month. So I expect I'll keep rolling along like I am. Things could always change, though.