FW 1.08.03.00 from Bambu WILL BREAK ORCASLICER for X, P and A series #8063
Comments
|
Yeah, this is scandalous...just read it this morning. You will have to export .3mf files from Orca to Bambu Connect (beta, that doesn't support live çamera view still) so another layer of crap to go through. I really like that in Orca I can send GCode to more than one brand of printer I own. |
|
It will be able to be called via a formatted URL but it's still annoying that's for sure, they're taking control over OUR printer |
I am curious to see how they are planning to prevent the usage of libnetworking.so in external software (like Orca), since with BambuStudio you don't require BambuConnect, so the .so definitely includes the whole binding implementation. This can be easily reverse engineered, same as the crappy encryption of log and config files. |
|
|
|
Excuse my ignorance but shouldn't we use this report to just implement the new formatted URL scheme? |
|
There's no real answer to that but complain on social media, email them , file a complaint support ticket...
Yes, but that doesn't fix the inherit bad move by bambu. They have no authority to lock down EVEN LAN MODE! |
This is one option, right. The other is to just build the functionality of the BambuConnect agent into Orca. I had a quick check and it looks like they started to use certificates (maybe x509) for message/payload encryption. The certificate used by the client (BambuStudio or BambuConnect) probably would have to be trusted there upfront (likely included in firmware update). Essentially, mTLS. The thing is, the certificate and it's key would have to be embedded both in BambuStudio and BambuConnect. It won't take long to reverse and obtain it. The "problem" Bambu Lab is trying to solve is rather complex and the abilities they have in "solving" it are limited. But of course, one could follow their wishes and implement the URL handler. |
I think there's space for both solutions. I would suggest as a community we should prioritize the URL handler to get unblocked, then pursue the direct implementation. The problem is the latter may end up being a cat & mouse situation which isn't great for the community at large. |
|
Either way @SoftFever has his work cut out unless someone else implements support in a pull request. I know 1 thing I ain't updating fw unless I have too anymore |
I agree with you.
Did anyone noticed that Bambu Lab states that @SoftFever was informed about this upront? Maybe there were already some thoughts how to continue.
https://blog.bambulab.com/firmware-update-introducing-new-authorization-control-system-2/, section "FAQ" |
|
Also: Will Orca stay compatible with non-updated printers? |
|
I had the same thought as @gschintgen, but on a more time sensitive level... The PR containing the updates to the Bambu material presets (and the fix for TPU for AMS) has been merged but Orca hasn't posted a release with those fixes. In this case I can manage, but I'm also worried that future updates to material presets etc will become dependent on "playing nice" with whatever Bambu cooks up. So I definitely hope that @SoftFever will provide some clarity on their intentions for non-updated printers. eta: "also" in 2nd paragraph |
|
Bambu Lab released "bambu connect" which will fix this issue, you upload the .gcode.3mf file from orca and it will send it to the printer. |
|
Sure but will Orca be able to query the AMS for what filament is loaded so it knows how to slice and if Bambu introduces new filament types will Orca be able to recognize them? |
It doesn't fix anything until OrcaSlicer is updated to automatically send sliced files through BC. And they still limit what YOU can do with YOUR printer even in kan mode |
Supposedly the read of values (other than can) is not protected. |
Would be interesting to know expiration dates on those certs as those effectively become the day the printer died if not renewed. A true end of life date. |
|
For reference, Bambu has an option for "complaints" on their general inquiry form, here. I would encourage anyone who is concerned or opposes this change to use this. |
The only problem with reversing it from their code is it becomes a cat and mouse game with every software update to reverse the cert again. Not to mention it may put Orca at odds with Bambu with them labeling us as some kind of cracking group they can issue C&D legal threats to. Honestly Bambu Connect wouldn't be so bad if it wasn't still in a feature incomplete Beta state and offered a real API that 3rd party slicers can connect through to maintain current functionality, but right now its half @$$ed and feels like they're trying to push us back to Bambu Studio. In the mean time we don't seem to have a choice in the matter, implement a URL handler for printers on 1.08.xx+ and keep current functionality as legacy support for those of us who will stay on 1.07.xx. Until Bambu Connect becomes feature complete and obtains a Linux package I will be staying on 1.07.xx for the time being. |
|
Bambu informed me of this change two days before their announcement. |
Why would we have to go through hoops just to send a file to the printer? It works nicely now, i dont need to add another program in the middle to take care of file sending, it's just going to make things slower. |
Considering BS and OS are a fork of the other, can't you legally just reverse it? |
the "main program" is open source. no need to RE anything. their binary blobs, that the main program interfaces with, are not. whether or not it is legal to RE that has nothing to do with OS' license. |
|
I heard back from their development team; they are not going to greenlight OrcaSlicer to send prints directly to their machine. It has to be done through their Bambu Connect application. |
|
Well that just sucks. Definitely not updating fw now untill they kill legacy mode |
They use a closed-source network plugin to communicate with their printer. They are going to require authentication to use the plugin, so... |
|
@SoftFever Can you please keep the current functionality for all that go LAN Only mode and stop updates as it is now as a separate way of connecting addionally to whatever cloud connection they want to go for? |
|
If this was really about security and invalid costly usage of their APIs they would provide a key for usage of the networking plugin to Orca. They could literally review the usage/invocation in Orca and they'd have leverage to ensure it is used properly there. This is NOT about any of the above. This is about lock-in and control. I am no pessimist but you have to face the facts. All of you have correctly pointed out that obtaining certificates by reversing of the plugin is a cat and mouse game. But even if it's just about resistance to their malicious practice, I believe it's the right choice to pick the battle. Edit: this however shall not be affiliated in any way with Orca due to various reasons, including but not limited to legal concerns. |
|
Bambu Lab is asking for your "honest feedback" through the official channel here: If you'd like to increase the chances of your voice being heard, you may want to consider leaving a review on https://www.trustpilot.com/review/bambulab.com?sort=recency |
It's actually standard practice to roll certificates like that annually or so.. it strikes me more as a "normal" way to do what they're doing.. however what they're doing is decidedly unfriendly in the first place , so... |
for you and @Aggeloz : For the one you have, just block it from firmware updates/interwebs to "save it". It's not worth the effort to try and lobotimize the AP and MC and re-create the whole controller setup... at that point you may as well be building your own ratrig/voron. There's little downside to just blocking updates and carrying on as far as I can see. |
Yep, and I read that some decompiled code is splattered with RFID checks that are bypassed for now. I will bet they block third party filaments and force users to buy only there stuff for the AMS. At that point users pay a lot more for it, and tolerate out of stock constantly or they throw AMS in the trash. |
|
We need to root the firmware and have true 3rd party firmware. X1plus played nice w/ bambu. They tiptoed around the king. The days of benevolence are over. Let’s do this right. |
I have done this. I put my printer into LAN mode and blocked it from the internet. Hopefully the 1.08.02.00 firmware continues to function and doesn't have some sort of timeout. I've been watching my firewall rules, and it seems like my X1C has been attempting to call home periodically even though it is in LAN only mode. Interestingly the A1 mini has not (so far). Longer term I'm more than willing to replace the AP board if need be to use custom firmware. Someone has already has Klipper running on their P1: https://github.com/ChazLayyd/Bambu-Lab-Klipper-Conversion. |
I've already blocked Internet access to the printer and the slicer itself, the problem is, as I posted a link, someone mentioned that the printers have a certificate in them that after it expires the printer stops accepting any new messages and basically gets rendered useless unless you update it's firmware. |
If the option still exists (don't know myself, haven't tried with a new firmware printer), try signing it up to the custom firmware branch which can force downgrade it, then install x1plus. |
I have a p1s unfortunately, no x1plus for me.. |
My mistake, sorry about that. Sounds like the only other real option is a board replacement then, or seeing if an external flashing method has ever been made for downgrading. |
|
Wait. Do they implicate orca gets a certificate here? The description is vague but the diff looks like it! |
Nothing new here. This is just to send through Bambu Connect. Orca Slicer is still getting nerfed judging by that PR. |
|
do not use bambu products. |
Looks like there is: https://blog.bambulab.com/updates-and-third-party-integration-with-bambu-connect In developer mode, orca can be used without Bambu Connect. 🙏 Looks like the PR from Bambu already reflects developer mode. |
|
Just seen this 5mins ago, LAN mode is getting enhanced….finally, as well as MQQT warnings etcMikepar iPadOn 20 Jan 2025, at 10:37, Simon ***@***.***> wrote:
#8103
Wait. Do they implicate orca gets a certificate here? The description is vague but the diff looks like it!
Nothing new here. This is just to send through Bambu Connect. Orca Slicer is still getting nerfed judging by that PR.
Looks like there is: https://blog.bambulab.com/updates-and-third-party-integration-with-bambu-connect
In developer mode, orca can be used without Bambu Connect. 🙏
Looks like the PR from Bambu already reflects developer mode.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>
|
Good move, it's always better to take away freedoms in incremental steps. From what I understand we just loose cloud printing, settings sync and the ability to downgrade firmware for now? And only when they add additional features they actually do want to restrict (require BBL subscription/parts/consumables) they need to reveal that those won't be available through legacy APIs. |
|
They DON'T say it will be available for all future models. |
I didn't see that explicitly stated in the blog post? I wasn't sure how to read the merge request, but if correct it's a win for the community. I would be more than happy with a full Lan/developer mode with me being responsible for my network security (what's new?) Sadly it's taken a massive backlash to prompt this move which Bambu could easily have pre-empted had they learned from others' experiences. |
|
From the blog
In developer mode, orca can be used without Bambu Connect. 🙏
This is their perceived workflow…
|
Tbh I think they could have just learnt from their own experiences and some basic common sense....
Not sure quite what you mean, would you mind clarifying? |
|
Clarifying, from their blog update OrcaSlicer will still need to go through a revised network plug in via the cloud, or if using LAN Orca goes through Bambu Connect which is cloud authorised at some point according to their workflow image.
However, they say in Developer Mode MQTT, FTP and LAN mode will be not needed to be connected to the internet
Well have to wait and see how this pans out
Mike
par iPad
… On 20 Jan 2025, at 11:56, Peter Roberts ***@***.***> wrote:
Not sure quite what you mean, would you mind clarifying?
|
|
What bothers me in their blog post and in the video inside stating, "orca will work as before and you can get the info from the printer" which is half true... I can no longer set temps, watch the cam, set ams colors.... I really don't like the way they communicate, because its always with some shenanigans.... |
Seem's like they are meeting halfway: https://www.layerloop.co/p/bambu-labs-firmware-drama-continues |
|
Halfway is address security using industry standard techniques while fully
preserving (or improving) user control. That's half way, fix security and
don't break things.
…On Mon, Jan 20, 2025, 12:43 PM Steven Hubert ***@***.***> wrote:
What bothers me in their blog post and in the video inside stating, "orca
will work as before and you can get the info from the printer" which is
half true... I can no longer set temps, watch the cam, set ams colors.... I
really don't like the way they communicate, because its always with some
shenanigans....
Seem's like they are meeting halfway:
https://www.layerloop.co/p/bambu-labs-firmware-drama-continues
—
Reply to this email directly, view it on GitHub
<#8063 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHAZ24JHLWACAHEW43D7EOL2LUYVPAVCNFSM6AAAAABVKKTCI2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMMBSHE3TOMZVGI>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
Agreed, I would love to say Bambu is meeting us in the middle, but some of what their recent blog post said seems sketchy. For one, the code for RFID lockout and AMS control is in the firmware. They say it doesn't exist, but we can actually see it. On top of that, their current implementation of developer mode seems to disable ams control (if this is incorrect, please do correct me). Theres also the matter of a "bricking a machine" or a "killswitch in the printer". This is all related to their certificates expiring. While this isn't Bambu locking out your printer for sure, the very nature of the tech they're using means that when the certificate expires and isn't renewed, you will lose any functionality related to it. They're assuming that you WILL always be online for it to renew the certificate, which not everyone will be. Most of these problems seem to be easily solved had they implemented something like oauth2 on top of the existing protocols. You use a mfa key like every other website on the internet for security reasons. Really though, this still was a failure of communication that started this whole thing. Had we started with bambu saying "hey guys, we have a security issue, this is how we're thinking of handling it, what are your thoughts?" instead of "here's a beta firmware and app that half works but this is what you'll be using from now on" and THEN we need to react with negativity, there'd be much less criticism in the first place. Or it's just me being high and mighty and this would've happened anyway... |
|
This isn't a compromise. We're losing features we had for years. What they're doing is wrong, period. |
|
we gotta teach bambu that it is not okay to f*ck with makers |
While I share the sentiment, I'd prefer it being on good terms. Scorched earth would be PrusaSlicer (or whichever Slic3r Bambu forked for Bambu Studio) editing their license to stop Bambu forking it, but that will A) hurt us by displacing open source and B) just force Bambu to retreat further into their shell. I'd rather let legitimately open conversation go on. I understand bandwidth is expensive for Bambu. Monetizing their cloud servers is their right. But they could at BARE minimum allow full access over lan to everything we could use before, especially when they sold us a product that had those cloud features for free to start with. None of this obfuscating things that already exist behind paywall bullshit. |
Sorry if I'm lost, but based on my understanding that is exactly what they're doing (developer mode). Except for their invalidation of warranty claims (do you mean this?). As you can see based on my comments I am/was pissed too, however I can see the rationale of trying to control the usage of their cloud service through 3rd parties (to some extend) Please take this as an invitation to correct me and not as attempt to defend Bambu Lab. |
and others
Is there an existing issue for this feature request?
Is your feature request related to a problem?
Bambu is going to release a "security" firmware update that will essentiall break the current networking plugin, ALL functionality.
https://blog.bambulab.com/firmware-update-introducing-new-authorization-control-system-2/
This includes
Another piece of proprietary blob "Bambu Connect" WILL BE REQUIRED
https://wiki.bambulab.com/en/software/bambu-connect?ref=blog.bambulab.com and will need to be called using an url scheme
ANY AND ALL BAMBU USERS should immediately complain to Bambu Lab as this virtually takes full control over what YOU can do with YOUR PRINTER! DO NOT UPDATE TO 1.08.03.00 if you rely (like myself) on orcaslicer until support for Bambu Connect has been added!
Which printers will be beneficial to this feature?
Others
Describe the solution you'd like
Implement support for Bambu Connect
Describe alternatives you've considered
There are no alternatives
Additional context
No response
The text was updated successfully, but these errors were encountered: