Well done sir! This really validated all my trials and tribulations I've had with my Mini. I want to love it soo bad, and I want input shaper to work without all the issues I've had. But when I put it side by side to my new Bambu... It's clear who comes out as the victor after every print. Regardless, Prusa has a special place in my heart.

Agreed, Bambu has been continuously in "damage control" mode since these announcements. That their cloud service has been attacked, as you've noted, is THEIR problem, not ours or our printers. There is ZERO reason they can't lock their cloud service down to ONLY accept connections from Bambu Slicer with NO CHANGE to the printers. And I too have NO PROBLEM with them charging for such a cloud service on a "opt in" basis, offer me some benefits and let ME decide if I want to use them and thus pay for them. There is also ZERO reason why Studio or Handy or OrcaSlicer or any application (even PrusaSlicer itself!) >not< be able to access the printer AT ALL without a "key" that is ONLY visible on the printer's front panel without requiring any sort of "middle man" software.

LOL, I cringe EVERTIME I see channels do this. It seems like all of them do this. Finally someone who does it like I do. Great job. I just received my Saturn 4 Ultra two days ago and will be printing this hanger. Again, great job.

Bambu = Communist POS

So the question is why are they doing this, most obvious thing would be to steal IP as the Chinese have been doing for decades.

You know. Now that we've added slightly below the bare minimum security we need to start changing you a subscription.

I cannot believe I have lived so long without this video in my life, it cured my debilitating hype fixation on putting Elmer's glue on my hand, letting it dry, and then peeling it off.

Bambu implemented and requires TLS for MQTT(s), FTP(s), and HTTP(s)(cameras) back in 2023. This is authenticated with you access code. LAN mode is already secured by Bambu in 2023. Look at the release notes for 01.04.00.00. Another reason why Bambu Connect excuse is bullshit.

Something I think MOST people are missing is that there is a VERY good chance that bambu has been directed to make these changes, at least in part. With a pending trade war between china and the US the ccp is very likely telling companies like bambu to lock their sh*t down. Bambu, being a chinese company doesn't get a say in it. Not if they want to stay in business. Don't get me wrong, I am NOT defending them at all but when you're left with choosing to follow the orders of a tyrannical government and getting to keep your company or not following orders and having your company taken from you by the government and turned into a state owned enterprise most would chose to step in line. There's also the possibility that part of it is also to regulate what users can actually print (ie only "approved" models and no bang-bangs) to help PREVENT further technology restrictions. Chances are bambu is just running scared and took the easy way out. Personally I blame the bambu fanboys for going along with the closed ecosystem for as long as they have. All they did is show bambu they can get away with a LOT more.

My pair of mini+'s have Bondtech extruders and Revo mini hotends which I installed at least 2yrs ago... Both printers have been on the sidelines for at least 12mo. They print quite nicely but I have other, bigger machines that do more and do it faster.

heh. people who don't get that newer machines from them will be locked down even more are deluding themselves. all they're waiting for is the furor to die down, then they'll slip it into the next generation of machines. watch.

I have a thought, does a VPN make this security concern invalidated or does the "malicious" file or g-code security argument bypass the protections of a VPN?

inb4 Bambu loses their ongoing patent infringement lawsuit and bricks printers by discontinuing cloud services to get out of paying any licensing fines.

Think about all the files they’ll have access to for “research”

I've got three Anycubics and was excited to get a P1S until this all came out. Yeah, trust destroyed now. Looking at another Anycubic now. I've used them for a long time and they've been solid and easy to repair.

I think you are on to something. Even if your printer doesn't connect to their cloud you are still connected to their cloud via the Bambu Connect. Maybe you can try this: try to open Bambu Connect while not connected to the internet, what will happen?

I don't think cloud cost is in any way what their problem is. Lanmode previously was that. There had nothing to be done to accomplish this. They simply want to be able to lock out people. And as their new firmware seems to have a time limitation, the update gives them the ability to use that as a timebomb.

The problem for Bambu was their OpenSource Slicer. If the would put the connect partinto the bamvustudio it would be opensource as well. So if the want to exclude access for exveryone, they have to uses a closed source middleware, there is no way the could do it in an open source component.

hello, thank you for this video. as a simple amateur printer, (I have 2 P1S, 1 A1, but also 1 MK4S MMU3, I'm not a sectarian ;-) ), the relevance of your deciphering of Bambulab communication, helped me understand the “underhand” side of the approach. I wasn't sure what to make of all this, but you've opened my eyes and helped me to understand. Thank you for your work.

The blocking hacking is a lie...they literally have bin working with AI to make the printer call the cops on you if it is sus of a print

When Bambu opened up their firmware to X1Plus I was excited about them opening up to open source and the reason I bought a X1C. I have loaded X1Plus on my X1C but won't spend another penny with HP/Bambu until they change their path. Thanks God they did this just before releasing the new and improved H2D printer, I would have bought one of those probably had they not done this.

Bambu Lab has a cloud service that is a part of the whole Bambu Lab printing ecosystem and has day #1. You repeatedly stated the problem is with "their cloud" or "their service" like "that's a you problem but not a me problem", but it is a "me problem" if you want to use that ecosystem. If you don't want to participate in their cloud system, then switch to LAN mode and be done with it (especially with Developer mode now). If you do want to use the cloud system (because maybe you like Bambu Handy), then don't act like they are being nefarious for trying to implement new security and protect their service. Critique the specific security implementations they are proposing, sure, but I don't get the conspiracy I felt like you were implying multiple times in the video. Like with the "We haven't before but we are now" statement you added when you read how they take security seriously, that is not what they said and that is unhelpful conjecture. A company is allowed, and honestly encouraged, to add more security based on a couple of years of experience (remember they are like 2-3 years old or something at this point) with what they are seeing. I'm not saying the way they chose to try and lock things down was the best or even correct way to do it, but I would rather them try something and work with the community to adjust trajectory if the initial approach isn't well received. I feel like they did that with introducing Developer mode for LAN mode. If that isn't sufficient, the community will let them know and I am sure they will adjust trajectory again. They seem to be very responsive to their user base and I think people are way overreacting and reading in a LOT. I don't disagree with someone else's video watched recently where they said "Developer Mode" should be called "Secure Mode" as it is more like a firewall for the printer, and someone can turn it off the secure mode if they want to allow insecure things like the MQTT to work with the printer. I don't think it's bad that Bambu Lab would introduce a printer firewall for n00bs who bought one from Best Buy and have no clue what they are doing other than pressing print. I can only imagine the backlash they would get if their printers got hacked because they didn't do something, then people would be yelling at them for not introducing a printer firewall, so honestly I think for some people Bambu Lab can't do anything right which is sad. This response to your video is NOT an attack. This is a "I don't get it" and I'm leaving the door open for you to explain to me what I misunderstood. I'm also only 1/2 through the video though, so maybe you turn the corner at some point, but I felt compelled to respond to your tone in inferences though as I don't think are very helpful/constructive to the situation.

The only objective point of view on this topic so far, minus the fake outrage.

I ordered an A1 combo a few days before all this happened. Anyone have any suggestions for something comparable? I can live without the multicolor printing. but i don't wanna have to tinker with the machine out of the box.

My p1p will be the last bambu I buy.

Everyone needs to do a hard stop on anything Bambu. A powerful message must be sent. I believe if we don’t put this down all companies are going to go this way. They want all 3d printers monitored and controlled.

So if I vote to not update the firmware to maintain the functionality the printer had, they are no longer supporting my printer. Super Red Flag

Have a Bambu still in a sealed box - will get rid of it.... Just like I got rid of Adobe...........

Best breakdown of this issue. I just changed my printer over to LAN because I don't want to use the cloud. Though it does suck to lose the Handy app. I also will not be updating my printer. I currently have a P1S which I think isn't affected much as the article kept saying X series. However it probably will be all the same in the end. This sucks cause it is a good printer. Maybe we'll get a great jailbreak/custom os for the P series getting rid of this crap.

Bambu is turning into john deer

I believe Prusa will release an upgrade kit to the Prusa Mini one day Probably an accelerometer, upgraded hot end with better cooling. They might release a new version of the Mini but offer an upgrade kit similar to the i3 Mk3.5S Companies can do a 180 (just like we saw Bambu do over this week with this new firmware).... In my opinion what has stopped the release of an update to the Mini is Prusa knowing they needed to release a core XY that was also affordable to compete against Bambu and Creality. I agree that the upgraded Pinda Probe should have been free though, a crap decision on their side. Very nice video. I have issues tuning pressure advance on my Mini too.

Can they explain to me, how BambuConnect is going to prevent DDOS attacks on Bambu’s servers?

I bought a P1S for christmas and now im hit with this I only use Lan mode but its about the principle

Im just going to delay my next filament order and see what happens in the future and probably will get other fully open source printer setup just in case bamboo lab locks things down

TLDW: Just Bambu turning YOUR printer into THEIR printer by updating the TOS and firmware automagically.

we Can't Always go back to the ender 3. but remember what bambulab does the rest of the player will do the same

It's really bizarre how they want you to run the secure part of their software outside of the printer, on a platform they don't control. Why? What if Brother pushed a firmare to their laser printers (e.g., through a Windows update), and now you can't print directly to your printer. Now you have to download this additional piece of software on your computer, and just have to hope they support your OS. Now, if someone hacks into, uhm, Brother Connect, they have access to your computer AND your printer.

If somebody will hack a Bambu server, he will be able to control thousands of printers. I wonder how anyone could think that centralization enhances security...

A big point, every printer I have allows me to telnet with ssh and ftp files with sftp, everyone but Bambu Lab uses encrypted file and video transfer. The disaster waiting to happen is Bambu Studio, this software forces you to enter a 8 digit number every time you connect yet Bambu Studio will open any file you click on and use the parameters in that file to convert to want ever created that file. A user on a X1c can open a file from an A1 mini and then spend the time to reset all the parameters. Bambu Studio is a joke, adding embossed text is like dealing with an 8 year olds idea of a GUI and that is on the working parts. UPDATE: I don't think the A1 printers have the power to encrypt, 1FPS video and warning about turning video on during the printing. I do know job sent to the Bambu printer take forever to transfer compared to my other three Klipper printers.

90% of the 3D printing market are Chinese owned companies. So we have Prusa but, who else that are not Chinese owned?

Here is a baseless take, put on your tin foil hat. Bambu has backdoors and everything was good. Then Bambu started selling machines to Israel. Israelites found the backdoors. Now Bambu has to implement a security update to prevent the hard baked backdoors. Which could be a huge risk for all those machines in China.

So mr bamboo lab you want to protect every one from the naughty hackers on the internet by FORCING US ONTO THE INTERNET ? You must think we.are dum.

I was going to post a smart ass comment, but, as I was writing it, I realized that nothing is going to change because of the LAST paragraph I wrote in this post. Dang it. ;) 100% correct that this is on Bamboos side of the network cable. I run several different web servers at home. Port 443 and 80 are open for anyone to come in and have a peek. Quite literally. Thing is, I've got a reverse proxy. If you don't know the FQDNs I'm listening for and redirecting to, you don't get anything productive. You basically get a "host not found" error. And there's a reason for this specific action of activity I do. A> When I can be bothered, I'll go and take a look at the logs on the proxy and see what requests are being made, count 'em up, and get an idea of who's knocking at my door. Know what? I'm probably getting millions of requests a day as well. On a residential line. I don't advertise, it's not commercial, I use it for my wiki, using it for some services I may use remotely, etc. The calls are made by bots, or scanning software. It's not people actively looking for holes manually. Google does it, MSoft does it for Bing, etc. It's constant noise out there, but, not really anyone LOOKS to see what attempts are being made like I do. (Very morbid curiosity) B> Again, when I can be bothered, I'll figure out who's making the wrong requests and start throwing day long inbound IP blocks. Once the firewall on the proxy server is told to drop packets, the only hit is a few bytes of bandwidth from a remote server that never gets an answer. But that's just me. I don't make suspicious calls to my servers, so wherever I'm at, short of my phones cell internet service being "shared" at the ISP level, I'm never going to block myself. Bamboo can't do IP filtering because of the cell phone shared edge IP address problem. They have to implement software on their side that either passes or fails the suspicious calls. Every single call has to be looked at and a decision has to be made. But because the bots are making making these calls constantly, they're not going to save money due to bad calls, because they're probably ANSWERING the calls. At least with AWS, ingress of information to the services doesn't cost as much as EGRESS of information. If bad requests are just dropped and ignored or a simple 500 error goes back, then their outbound costs go down.

AFAIK they used to use standard FTP, I blogged about it and got an answer some time later - google "Bambu lab X1-Carbon - the flipside" and "karlsbakk", but they have switched to FTP over TLS now AFAIK. Dunno about MQTT, though.

BamPoo

What is the need for Bambu to be able to have these open channels and live feed for the printers? Why have this a function?

With the recent events going on with Bambulab, I'm revisiting my Prusa Minis. I'm here to see what ive been absent from the last couple of years as my Minis have been dormant since getting an X1C, followed by an A1 Mini. They just might come back out and be my go-to machines once again

Just a small thing mqtt has support for authentication. So all 3 serveses can be secured. No bambu cloud crap needed.

just do as any other manufacturer slicer->printer. obviously the goal is another……

Who hacks 3d printers? Like I feel like a hacker would be targeting something way more challenging and profitable