Talk:Bambu Lab Authorization Control System: Difference between revisions
m Cleaned up talk page. |
Free Software Foundation Involvement and Relevance |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
==Free Software Foundation inquiry== | |||
Because OrcaSlicer contains GPLv3‑licensed code, any claim that users cannot fork, modify, or redistribute it would represent a misinterpretation of GPLv3 and could have broader implications for the copyleft ecosystem. Given the potential impact, it may be worth inquiring whether the Free Software Foundation is aware of the situation. Even a simple clarifying statement from the FSF would help assert the correct interpretation of GPLv3 and bring wider awareness to an issue that may affect more than just this one project. | |||
The Free Software Foundation (FSF) serves as the primary steward of the GPL and AGPL licenses and periodically issues clarifying statements when these licenses are misunderstood or misrepresented. The FSF has emphasized that the AGPL cannot be used to impose additional restrictions or limit users’ rights to modify, fork, or redistribute software, as explained in its statement “The AGPL is not a tool for taking freedom away” ( https://www.fsf.org/blogs/licensing/agpl-is-not-a-tool-for-taking-freedom-away ). Because the FSF’s mission includes defending correct copyleft interpretation, situations involving potential misuse of GPL/AGPL terms may warrant their attention. Information about FSF governance and board membership is available at https://www.fsf.org/about/staff-and-board. | |||
==Bad experience== | ==Bad experience== | ||
I am not a bambu labs customer. I planned to be. But I spoke on their official facebook forum about a problem with a sunlu printer asking if anyone on there may know because the sunlu paths to help were fruitless. Immediately, people were crying that I had mentioned another printer brand and how that was irrelevant but I was pleading to the experts for a bit of help. Moments later, Bambu Lab staff banned me from the group. I binned the plan to become a customer right there. Some of the customer base and indeed the company, are toxic. Now I see this plan to own their customer base and I sure this is illegal with not logical reason - remember an airgapped network has only it's own security issues, one way traffic is a thing - except a poor excuse. Good luck in changing them. I dare say they will refuse all the way. | I am not a bambu labs customer. I planned to be. But I spoke on their official facebook forum about a problem with a sunlu printer asking if anyone on there may know because the sunlu paths to help were fruitless. Immediately, people were crying that I had mentioned another printer brand and how that was irrelevant but I was pleading to the experts for a bit of help. Moments later, Bambu Lab staff banned me from the group. I binned the plan to become a customer right there. Some of the customer base and indeed the company, are toxic. Now I see this plan to own their customer base and I sure this is illegal with not logical reason - remember an airgapped network has only it's own security issues, one way traffic is a thing - except a poor excuse. Good luck in changing them. I dare say they will refuse all the way. | ||
| Line 5: | Line 10: | ||
==Bambu Lab press release== | ==Bambu Lab press release== | ||
A few things that should be added to the article: | A few things that should be added to the article: | ||
* Bambu Lab published a press release from January 18, 2025 after all the heat they got from [https://blog.bambulab.com/firmware-update-introducing-new-authorization-control-system-2/ the initial blog post] https://drive.google.com/drive/folders/11wl_DqAbSLPVMLZ_8jhlz4lGPLGFQPcp | *Bambu Lab published a press release from January 18, 2025 after all the heat they got from [https://blog.bambulab.com/firmware-update-introducing-new-authorization-control-system-2/ the initial blog post] https://drive.google.com/drive/folders/11wl_DqAbSLPVMLZ_8jhlz4lGPLGFQPcp | ||
* And here's a Mastodon user saying that this auth control system is a "DMCA trap", he also mentions precedents in the 3D printing market of ChiTu and Stratasys https://mas.to/@zzt/113848144602929391 | *And here's a Mastodon user saying that this auth control system is a "DMCA trap", he also mentions precedents in the 3D printing market of ChiTu and Stratasys https://mas.to/@zzt/113848144602929391 | ||
The ChiTu/Chirtubox issue seems to be referring to this https://3dprintingindustry.com/news/chitu-systems-and-chitubox-a-lesson-in-fighting-open-source-3d-printing-194783/ | The ChiTu/Chirtubox issue seems to be referring to this https://3dprintingindustry.com/news/chitu-systems-and-chitubox-a-lesson-in-fighting-open-source-3d-printing-194783/ | ||
| Line 19: | Line 27: | ||
Some of the citations in here seem off, specifically with regard to the claims Bambu is making regarding the cyber attacks which prompted these changes. One article is about an attack on Anycubic printers exclusively , and the other is from 2018, several years before Bambu even released their first printer. I appreciate the desire to highlight bad business practices, but how is this relevant at all to Bambu? {{Unsigned|50.104.180.233|04:25, 20 January 2025 (UTC)}} | Some of the citations in here seem off, specifically with regard to the claims Bambu is making regarding the cyber attacks which prompted these changes. One article is about an attack on Anycubic printers exclusively , and the other is from 2018, several years before Bambu even released their first printer. I appreciate the desire to highlight bad business practices, but how is this relevant at all to Bambu? {{Unsigned|50.104.180.233|04:25, 20 January 2025 (UTC)}} | ||
: These articles were the ones Bambu themselves have linked in their bog post as examples of attacks they aim to prevent with this update. [[User:Kostas|Kostas]] ([[User talk:Kostas|talk]]) 14:08, 20 January 2025 (UTC) | :These articles were the ones Bambu themselves have linked in their bog post as examples of attacks they aim to prevent with this update. [[User:Kostas|Kostas]] ([[User talk:Kostas|talk]]) 14:08, 20 January 2025 (UTC) | ||
==January 20, 2025 statement== | ==January 20, 2025 statement== | ||
| Line 61: | Line 69: | ||
To regain the trust of their customers, Bambu Lab could | To regain the trust of their customers, Bambu Lab could | ||
* Remove the need for the proprietary Bambu Connect application and its questionable "security by obscurity" scheme altogether in LAN mode, and allow any kind of software to directly control the devices as it has been before the changes | *Remove the need for the proprietary Bambu Connect application and its questionable "security by obscurity" scheme altogether in LAN mode, and allow any kind of software to directly control the devices as it has been before the changes | ||
* Commit to Developer Mode a supported feature (as in: if it ceases to work properly, then it is a bug that will get fixed) | *Commit to Developer Mode a supported feature (as in: if it ceases to work properly, then it is a bug that will get fixed) | ||
* Promise that Developer Mode allowing unfettered access to all functions of the devices will be and remain a supported feature for all current and future models and versions | *Promise that Developer Mode allowing unfettered access to all functions of the devices will be and remain a supported feature for all current and future models and versions | ||
* Clarify that they will not try to charge money from companies making third-party aftermarket hardware upgrades nor from software developers developing e.g., print farm software | *Clarify that they will not try to charge money from companies making third-party aftermarket hardware upgrades nor from software developers developing e.g., print farm software | ||
* Give a clear commitment that all features of their current and future devices can be controlled by third-party and open source software without the need for any kind of "agreements" or "partnerships" with Bambu Lab, and especially without any form of NDAs or payments | *Give a clear commitment that all features of their current and future devices can be controlled by third-party and open source software without the need for any kind of "agreements" or "partnerships" with Bambu Lab, and especially without any form of NDAs or payments | ||
* Allow the end user to perform firmware installations, including firmware downgrades and installing third-party firmware, without requiring the manufacturer's signatures or permissions | *Allow the end user to perform firmware installations, including firmware downgrades and installing third-party firmware, without requiring the manufacturer's signatures or permissions | ||
* Provide clear instructions on how to install third-party firmware on all components of the system {{Unsigned|2a02:908:1873:e920:78b9:1f19:9dbc:6ac7|09:47, 20 January 2025 (UTC)}} | *Provide clear instructions on how to install third-party firmware on all components of the system {{Unsigned|2a02:908:1873:e920:78b9:1f19:9dbc:6ac7|09:47, 20 January 2025 (UTC)}} | ||
==Possible hidden reasons== | ==Possible hidden reasons== | ||
| Line 79: | Line 87: | ||
[[Special:Contributions/87.95.124.98|87.95.124.98]] 17:39, 21 January 2025 (UTC) | [[Special:Contributions/87.95.124.98|87.95.124.98]] 17:39, 21 January 2025 (UTC) | ||
=="Who can enforce AGPL against Bambu Lab" section might be incorrect== | |||
SFC vs Vizio was filed from a third party beneficiary perspective -- as in, from that of a user of a non-compliant GPL-based software, and not from a copyright holder's of a prior software that the offending software was built upon. SFC's claim is that the GPL is a contract between Vizio and its users, and by not fulfilling its obligations under the GPL, Vizio is breaching this contract, in which even as a user they have standing to sue. So far, that seems to have stuck in court, so there is a pretty good chance that regular users could in fact be plaintiffs. It would of course be a stronger case with an actual copyright holder, but SFC is showing that copyright ownership may not be required for enforcing GPL compliance. | |||
It seems that all you need is to request the source code. Which is convenient, because I have in fact requested the code, specifically that of the authorisation mechanism, as per the AGPL's terms, over a year ago. You can find the issue here: https://github.com/bambulab/BambuStudio/issues/6037 | |||
By continuing to ignore that request well beyond any reasonable time-frame for such a response, Bambu is clearly harming third party beneficiaries of the AGPL licence of PrusaSlicer. The only lawyer's opinion who I'm aware of commenting on this issue, that of Leonard French, seems to corroborate both that standing, and that Bambu's original authorisation mechanism is also in clear violation of the AGPL, not just its stance against Pawel Jarczak. But even in Jarczak's case, the precedent of SFC vs Vizio would likely mean that he does have standing to sue, because he too is a third party beneficiary of the AGPL. [[User:B3nsn0w|B3nsn0w]] ([[User talk:B3nsn0w|talk]]) 14:57, 13 May 2026 (UTC) | |||
:As the statement "Paweł Jarczak personally cannot bring a direct AGPL enforcement action against Bambu Lab. The right to sue for AGPL violations belongs to the original authors whose code Bambu Lab built on top of: the Slic3r contributors, Prusa Research and the PrusaSlicer contributors, and the SoftFever / OrcaSlicer maintainers. Jarczak's role in any formal complaint is reporter and witness, not plaintiff." is currently uncited (as in there is no legal opinion that supports the assertion), I'm honestly fine to just delete or comment out the section for now if there is any doubt over its accuracy. [[User:Keith|Keith]] ([[User talk:Keith|talk]]) 15:06, 13 May 2026 (UTC) | |||
::I've not seen the leonard french video, but it would certianly be an appropriate thing to cite for any legal commentary on the case [[User:Keith|Keith]] ([[User talk:Keith|talk]]) 15:06, 13 May 2026 (UTC) | |||
:::It's his most recent one, here: https://www.youtube.com/watch?v=0tdZ5Z7nRDY | |||
:::As for the specific wording in the article, I'm no lawyer either so I didn't want to edit it directly or suggest a specific wording, but as a regular user it's quite discouraging, so I can absolutely get behind commenting it out, until it's either established by a proper legal opinion, or definitively refuted by one. But it's your call. I'm not sure if Leonard French specifically said Jarczak has standing, but I think he did imply it, if I remember correctly. [[User:B3nsn0w|B3nsn0w]] ([[User talk:B3nsn0w|talk]]) 15:12, 13 May 2026 (UTC) | |||
== Split the page? == | |||
As it is, this page is rather unwieldy. This could probably be resolved to some extent by restructuring and making things a bit clearer that way, but it might be that it makes sense to separate the Paweł Jarczak stuff into its own incident. [[User:Keith|Keith]] ([[User talk:Keith|talk]]) 15:39, 13 May 2026 (UTC) | |||