3DPrinting
3DPrinting is a place where makers of all skill levels and walks of life can learn about and discuss 3D printing and development of 3D printed parts and devices.
The r/functionalprint community is now located at: or [email protected]
There are CAD communities available at: [email protected] or [email protected]
Rules
-
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia. Code of Conduct.
-
Be respectful, especially when disagreeing. Everyone should feel welcome here.
-
No porn (NSFW prints are acceptable but must be marked NSFW)
-
No Ads / Spamming / Guerrilla Marketing
-
Do not create links to reddit
-
If you see an issue please flag it
-
No guns
-
No injury gore posts
If you need an easy way to host pictures, https://catbox.moe may be an option. Be ethical about what you post and donate if you are able or use this a lot. It is just an individual hosting content, not a company. The image embedding syntax for Lemmy is 
Moderation policy: Light, mostly invisible
view the rest of the comments
Trying to play the devil's advocate here, and I am really interested in your takes on this (I'm not affiliated with Bambu, and I am shocked about the whole development as well, having bought a P1S recently):
Bambu currently has printers reachable on LAN and Cloud without much of security. This has one major downside for them and for the customers: if some malware is spread via whatever means, which then identifies whether it can see a Bambu printer on its LAN, it could send random GCode commands to brick the printer and/or waste energy and filament. I don't think you could set the printer ablaze with this, but you could definitely destroy the printer. If this happens to a lot of printers at the same time, customers wouldn't be happy.
So Bambu needs to somehow secure their interfaces in a way that malware cannot exploit easily, while at the same time allowing non-Bambu software to talk to the interface. Their idea seems to be, that Bambu Connect can proxy your requests to the printer, and (hopefully) verify the commands being sent are innocent enough. This will protect their userbase and themselves from financial harm.
A loud group of users now complain, rightfully, that this will brick their workflows. Also, this will open the doors for Bambu to e.g. move to a subscription model or remove support for non-Bambu filament. Looking at the workflow: They now claimed to allow a local "dev mode", which basically disables security, but allows skilled users to use their established workflows. They then don't want to offer too much support for this, which in my opinion is okay. This is similar to how unlocking your Android phone (if done via official means) would void some part of your warranty (not fully, and not for the hardware I think).
As for the potential subscription model, filament support, etc.: They can and would do this regardless, if they want to. This is always a risk for customers buying a closed-source product. I still bought one, because they are supposed to be the easiest to use and setup for people new to 3d printing, and so far I tend to agree. Would I be happy about open source firmware? Yes, absolutely. But we might not get that, and I was aware of the when buying the printer. I can still hope that some security professionals cleverer than me will figure out a way to install custom firmware at some point, but there is no guarantee (just an increased chance, now that they alienated their users -- some hacker might accept this as a challenge).
Please contradict me and discuss with me, I want to understand if there is anything wrong with my logic.
The Security argument doesn't hold water when you're pushed toward the cloud use for transmitting data over your own network cable would suffice.
Define APIs and API keys (local and cloud).
Instant safe communication, local and/or cloud.
But don't they currently allow local connections and also use them if the printer is running in cloud mode? I would assume if the printer can be "seen" by your machine locally, Bambu Studio would connect locally for some of its data transfer? Regardless of printer configuration (LAN only or Cloud) it still has its local ports open, which currently can be used by e.g. Home Assistant without any cloud connection. This is nice, but at the same time can be a security risk, as any local malware might also send commands. So a way to secure the local connections is definitely needed.
API keys would be nice for any type of connection, but it's something they'd need to implement, including a way to request/revoke them from either your Bambu account (cloud again, not preferred by the open source community) or directly from the printer (might be a hassle to use with the P1S' small screen). Instead they decided to go full-throttle by using some form of certificate authentication, possibly using per-device and per-account certs in the future, that might be generated locally and signed by their endpoints using your Bambu account.