Bamboo Lab, the company behind my favorite 3d printerGave myself a hell of a week. Now, I have found answers to some of my burning questions, which I hope you will also appreciate. But first, some backstory.
Since last Thursday, some creators have promised to no longer purchase Bamboo printers, with the company even removing some of their 3D models from its online repository. Turns out it will add a new proprietary authentication mechanism Which may prevent you from using third-party tools to remote control your printer.
Although you'll still be able to stick a file to an SD card and physically drop it into your printer or use Bamboo's proprietary cloud, the old way of printing remotely from a third-party slicer is no more. Will – Unless you download a new proprietary Windows and Mac “Bamboo Connect” desktop app the intermediary between your slicer and Bamboo's hardware.
“Unauthorized third-party software will be prohibited from performing critical functions” – Bamboo
While Bambu was clear from the beginning that it would be a optional The update, which you can easily choose not to install, the company has also deployed as a necessary One to secure the printer from remote hack. Some owners immediately saw this as a potential bridge slaveryHowever.
He noted how Bamboo printers can already detect that you're using an official roll of filament and envisioned a future where Bamboo could prevent you from using third-party filament. He noted how Bamboo is already planning a subscription service for its print farm software. Requires regular cloud activation And envisioned a future where your Bamboo printer would stop working if you didn't pay.
Bambu has refuted these and many other fears In a later “Setting the record straight” blog postAnd explained that its new tool doesn't require Internet access or a user account — and it backtracked very slightly, promising to offer a “Developer Mode” at your own risk, which gives local access to your printer without any new holds on. Absolutely proprietary authentication. unfortunately, That mode may also disable your ability to access your printer through the cloud,
Meanwhile, Bambu didn't do himself any favors Preventing people from using the Wayback Machine To investigate its changing statements, by allegedly censoring criticism of the company on its subreddit, and by claiming that Orca Slicer's developer has partnered with Bamboo to continue printing directly from its popular third-party slicer. were working when they had didn't really promise their support,
It also doesn't help that Bamboo's security around its new Bamboo Connect app is as hackneyed as it gets Its private key and authentication certificate have already been extractedOr that users have discovered that Bamboo gives itself the right to block new print jobs until the printer automatically finishes downloading firmware updates. In its terms of use,
Anyhow, I think the real question here is: Are These mark more revelations, or at least a step toward a more walled garden, or not?
Here are the questions I sent Bambu and the answers I received through spokesperson Nadia Yacoubi:
1) Will Bamboo commit to publicly controlling its printers and never requiring a subscription to print from them on a home network?
For our current product line, yes. We will never need a subscription to control or print to our printer on the home network. However, there may be specific business scenarios in the future that require exceptions, i.e. 3DP vending machines, but these will apply to completely different applications and customer needs. If any such product line is introduced, we will clearly communicate the same before its launch.
1c) Will Bamboo publicly commit to not putting any existing printer functionality behind subscriptions?
2) Will Bamboo publicly commit to not restricting the use of third party filament in any way, shape or form?
For our current product line, yes. We have no plans to restrict the use of third party filament in any way.
3) Will Bamboo publicly commit to never monitoring files and prints transmitted between users and their printers over home networks?
Let's explain how it works:
- LAN Mode: Nothing is transmitted through our servers.
- Cloud Mode: Users control their privacy through “Secret Printing”. When enabled, no print history is recorded, and files are not stored in the cloud.
- Cloud Features: For features like re-printing, files are temporarily stored in the cloud so users can access their print history. Under no circumstances do we consider printing files/models without the express consent of our customers.
Bamboo has additionally agreed to add a new developer mode. Some users are concerned that the move is only temporary and that Bamboo may simply remove Developer Mode and claim it was too much of a security risk or say that enough users have used it to justify keeping it around. Didn't choose the option.
4) Will Bamboo publicly commit to keeping developer mode with local MQTT, livestream, and FTP permanently and never removing it in any future updates or shipping batches of the X1, P1, A1, and A1 Mini?
Yes. However, if a serious security issue arises in the future, we may need to make adjustments to address it. Users can always choose whether they want to update their printer firmware or not.
5) Will Bamboo publicly commit to offering and keeping local developer mode available in any future printer releases?
We cannot commit to features for non-existent future printers. However, we will clearly explain all relevant details to customers before they make a purchasing decision.
6) Will Bamboo publicly commit to controlling its current and future printers remotely over a LAN without a user account or Internet access?
For existing models: Yes. For future products, while we aim to maintain this functionality, we believe it is not responsible to remain committed to a specific technical approach indefinitely. However, we will clearly explain all relevant details to customers before they make a purchasing decision.
Bamboo has announced that Bamboo Connect will integrate with third-party slicers like Orca, but some users are confused as to why an app like Bamboo Connect is needed when you can instead add more secure authentication to the printer, like the industry standard With practices. The printer generates a secure token/API key instead of creating a proprietary middleman authentication app.
7) Did Bamboo consider and reject interoperability methods of securing its printers, such as tokens?
7b) Will Bamboo commit to converting its authentication system to interoperable? If Bamboo rejected interoperable secure authentication systems, why?
If the software communicates and interacts with our cloud systems, our opinion on how it operates is justified. As highlighted in our blog postUnauthorized third-party software has long posed constant challenges to the stability of our cloud services and machines.
While we trust that most developers work with good intentions, users are often unaware of the complexities and security requirements hidden within such software. The lack of transparency of all software makes interoperable secure authentication systems inadequate to fully resolve these issues. Our goal is to secure the entire Bamboo Labs product ecosystem, providing every user with confidence that our products are secure and easy to use – free from worries about complex network configurations. And with the changes made, we're one step closer to integrating third-party access in a secure manner.
8) Is it true that the developers of Orca Slicer were not actually working on integration with Bambu and that Bambu announced their involvement without approval?
We are in ongoing discussions with Softfever, the developer of Orca Slicer, since January 14th regarding firmware updates and possible integration into new releases. “Work together” may be vague. More specifically, messages were exchanged, files were sent, and their receipt was confirmed with an indication that they would be reviewed.
9) Will panda touch And will the same supporting tools continue to work under developer mode?
We guarantee to keep ports/channels open, but implementation is up to third party developers.
9b) Is Bambu answering the questions of that company?
Since release, we have received many inquiries from third-party software developers, including BigTreeTech devpartners@bambulab.comWe are currently in the process of finalizing our response. It's worth noting that we warned third-party developers blog post From March 2024: ''If you are developing a device that controls the entire printer, including the heating elements and motion system, please do not expect long-term support unless it has been approved by us in advance. This especially applies to for-profit organizations.”
10) Will you allow users to roll back to older firmware, such as if they accidentally upgrade without understanding the limitations?
Yes. Firmware rollback will always be available.
11) Does the private key leak change any of your plans?
No, this does not change our plans and we have taken immediate action.