- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
You must log in or # to comment.
Jarczak’s fork crossed the line by injecting falsified identity metadata into its network communication. “In simple terms: it pretended to be the official Bambu Studio client when communicating with our servers.”
If it’s easy enough to get access to your cloud infrastructure by just changing some metadata about the connection, then you really should re-think your authentication systems. If I were to publish the exact model and pinning of the lock on my house, it would be silly of me to be mad that someone used that to make their own keys.
The DMCA is literally written in a way that they could write “DO NOT USE” in a text file and include it with firmware and claim that using the firmware Ina way they didn’t like was “breaking a digital lock”
Honestly I’m perfectly fine with the DMCA just being entirely revoked at this point. It has enabled more bad than it has done good, even when things went “right”
There are even supposed to be safe harbor protections, but the reality is that individuals don’t have the legal resources for it to matter.
What, are they claiming the user agent their application uses is copyrightable IP?
They’re claiming that forking their open source code and using the user agent in it unchanged is “impersonation”. And the only reason that might be an issue is because Section 1201 of the DMCA makes it illegal to break any digital lock, even if it’s a shitty one. Whether this even counts as a lock is up for debate in my opinion, but that doesn’t stop people from getting sued and owing lawyers money.
If you share the lock and the key with the public and tell them (via AGPL copyleft open source license) they may use, share, modify it (or not), etc with no penalty, and they even give you the secret knock, i can’t in any way see how that’s breaking a lock.
There is one thing everyone misses in this pissing contest. Bambu is a Chinese company. So any lawsuit will probably need to take place in China. It ain’t happening in the US or the Europe. So, guess who wins…
Josef Prusa wrote a blog post, recently about this. I have to apologize that I can’t seem to find a link to it right now. But the gist of it is.
Bambu forked Prusa Slicer and had to be threatened to publish the code for the fork by Prusa the company, “stealing” ideas and claiming it your own is just good business in China, because the code is all AGPL.
But Bambu has a problem now. The Chinese government requires access to their technology and cloud. Because one way or another, the Chinese government requires access to any industries tech under “National Security”. So Bambu can’t allow access to 3rd party actors in this case because the government can’t control the access of the outside code, which makes it illegal.
So Bambu has screwed themselves by forking an open source project that requires anyone to have access to the code and be able to use that code and make changes to that code. That the Chinese government doesn’t allow. And Bambu didn’t pay attention and let that little snippet of code that is under contention loose under the AGPL. As I have claimed all along, Bambu does not have the smartest coders on payroll.
But Bambu is pretty sure the Chinese courts have their back in this matter. In the past, Prusa has seriously considered going after Bambu in court. But the Prusa’s lawyers know they can’t win no matter how righteous the case because, well China. And Prusa most likely has access to much better lawyers than Rossmann does. So this ain’t going nowhere.
Josef Prusa is very angry because it’s evident the AGPL means nothing if it can’t be enforced and Bambu is worried that it will get screwed over in the market because they could lose a lot of sales over this. Or even get their products banned in some countries. Or not. Many Bambu fans seem to care very little about it. Because just use “Developer Mode” without understanding the deeper implications. And that it’s not really any protection.
Edit to add: When push comes to shove, just who do you think Bambu is going bend the knee to? Some court 1000s of miles away? Or the Chinese government that’s right outside the door? And yes, if you want to sue a Chinese company about patent, you will need to do it in China.
It looks like Rossman is saying that anyone can post this code because it’s an open source, GPL code. Rossman also posted the code: https://www.youtube.com/watch?v=1jhRqgHxEP8&t=2s
Right, there are many forks of the software, which is allowed under the AGPL licence.
Slic3r by Alessandro Ranellucci established the original open-source foundation.
Then PrusaSlicer forked from that -ok.
Then Orcaslicer forked from that -ok.
Then Bambu locked down it’s fork - not ok, violation of the slic3r AGPL.
It’s like…can I borrow your car? puts a bumper sticker on it, changes the locks, my car now.
Slic3r is licensed under the GNU Affero General Public License, version 3.
The GNU Affero General Public License (AGPL) is a strong copyleft, free software license designed to ensure source code remains open, even when software is run over a network. Based on GPLv3, it closes the “ASP loophole” by requiring companies that modify and offer software as a service (SaaS) to make the source code available to users.
not really what the gpl means, but good for him i guess?
The GPL explicitly grants anyone the right to share, distribute, and even modify the source code. So yes, that is exactly what it means. They cannot claim they wrote it, but they can absolutely both share and distribute the source code, and are in fact required to if they do make modifications to it. It’s literally the main thing the license is even about.
Small sidenote: distribution of modified source code of GPLv2/v3 covered projects is only mandatory to those who have access to a binary version of the modified sources.
e.g. if you take a GPLv2 covered project that is a simple HTTP server, and you give the binary nobody, then you’re not required to share the source (if the HTTP server is AGPL covered then you need to provide it to anyone who can access the HTTP service and requests the source).
This is an important distinction, as you can’t demand the source of a GPL project from someone who cloned it and made modifications to their own use without distributing a binary of those changes. If I fork Orca and make some changes, and showcase those as screenshots, you have absolutely no right to demand the source for it. If I were to send you a binary of Orca with my changes, then you’d have the right.
I mean this distinction is obviously not applicable here but I wanted to make sure the GPL summary is fully correct. Which is the best kind of correct.
maybe my thinking is off then, but in my mind it’s mainly for first and second parties? as in, orca and bambu both have to share the source when sharing the binary, not necessarily immediately but on request. anything built on top of gpl code can be closed unless it’s agpl. as a third party to all this, can rossman share the code bambu has made on top of orca?
Your thinking is off, the GPL and derived licenses like the AGPL are viral on purpose. They apply to everybody who uses, downloads, or accesses the software (in the case of the AGPL) and they are explicit about this:
Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License.
what i’m reading from that is that both parties must agree that the work has been conveyed. with the risk of going all sovcit, if the conveyed item is a binary, and the producer does not send the source code to the consumer as instructed by the license, can the consumer really pull the source and distribute it? surely if the license is broken the work falls back on default permissions, e.g. all rights reserved?
AGPL can be closed too, the license bases the right to the source based on the access to the end product:
-
GPLv2/v3 - if you have the binary executable output of the GPLv2/3 covered source, you must be granted access to the exact source used to make the binary. This applies to legitimately sourced binaries only - if you were to hack into a company’s servers and get a binary of a modified GPL product, this wouldn’t apply. But extracting a binary from a device you own IS a legitimate access (so e.g. if your phone uses U-boot, the manufacturer must grant you access to their modified U-Boot sources used to build the bootloader)
-
AGPL - if you have (legitimate) access to a service you can request the source. This is so e.g. web services can be made into GPLed code where modifications must be released (negating the requirement of possession of a binary, since you can’t possess a binary that runs on a remote server). e.g. let’s say I run GTK app via browser using kasmVNC - if the app is GPL, I don’t have to provide the source, if it’s AGPL, I have to provide the source.
are you sure about that first one? yes they have to give you the source, but what happens if they don’t? i’ve genuinely not thought about that before.
That’s where legal actions come into place.
I’ve managed to force multiple Chinese companies to release sources that were adamant they don’t have to, just by threatening to report them to the FSF and SFC - both bodies have been wildly successful in prosecuting licence breaches.
Also both the EU and the US have now precedents and laws in place that allow fast-tracking obvious licence violators’ blocking from the market. For a small Chinese company whose main target market is the west, it’s a major blow if their sales and export are blocked because they won’t release the source.
So they try to play hardball, but it’s like modern lifts - the moment you press the right buttons suddenly they do exactly what you want them to.
-
Great move by Snapmaker. In considering buying a new printer soon I am very annoyed by how difficult it is to know beforehand how much functionality of a printer is locked behind cloud connectivity that can be remotely disabled at any point. I know Bambu is to avoid absolutely thanks to the very public backlash they got but what about the others?
I know Prusa is a shining example of letting their customers own their devices but they are pricy. I didn’t know Snapmaker had the same kind of mentality until now thanks to that move.
Prusa is pricy because they make the de facto standards - including PrusaSlicer which is the base of OrcaSlicer/Bambu Studio.
Bambu can sell cheaper for two reason:
- limited research needed to make their own products - they’re just copying open patents and software, tuning it a little, and selling the package at manufacturing cost + profit margins
- the CCP pouring a shitton of money into companies to subsidise them and allow them to undercut western competition. Bambu makes a printer for $1000, CCP pays $600 of it, Bambu sells for $600 - $200 profit
Knowing what I know now, I’ trade my Bambu P1S for a Prusa. Buy once, cry once.
My Prusa was tucked in between the cushions of my couch for a cross country move, left in storage for one year, and moved again before I just blew the first off and smashed out a perfect print from an SD card. That’s a solid enough performance I don’t think I’d consider any other brand.
The worst thing about Prusa is the knowledge that no matter what you buy, there will be an upgrade available to an even better one WAY too quickly, and then you’ll want that one too. It’s a trap, I tell you!
j/k I still love my Prusa MK3S+, though the relentless upgrade temptation is real.
I thought tge worst part about Prusa was them partnering with an Israeli company.
I pulled mine out of storage after four years. Same thing, blew the dust off, plugged it in, expecting the worst. Nope, it just lit up and ran through the setup procedure. Set the z and printed perfectly, just like I had it set up when I put it in storage. I didn’t expect such a sensitive machine with such tight tolerances to just work.
any printer will do that.
Some require retentioning belts, readjusting the bed level, or other maintainance items before you can get a perfect print again.
Not in my experience. They are tools like any other tool.
You might check out the Consumer Rights Wiki, also started by Rossman. It’s crowd sourced, and lists anti-consumer BS like forced cloud subscriptions for a lot of companies.
Just find a printer, look up the company there, and see how legit they are. There’s even a browser plugin that pops up on any website that has an entry on the wiki.
Wish they had the opposite. I feel like most people want to know who to go to, less so on who to avoid. I can see the usefulness in the list, but it’s backwards when people want to find someone
Nnowing who’s bad is cool. Knowing who’s right is better.
I’m happy with my slightly modded Ender 3 Pro, but if I ever upgrade the Snapmaker U1 looks nice. I’ll only buy from a company that supports open source firmware. Bambu is trash, unfortunately every 3D printing related YouTuber seems to have happily taken a sponsorship from them so they are everywhere now. I hate it.
The problem with Bambu is they are not trash at all. Their printers are high-quality, and the way they integrate with their proprietary slicer (that they totally stole from the community before locking it down) and MakerWorld is genuinely excellent.
I have 3 Bambu printers. I don’t buy their products anymore (my newest printer is an SV-08 max), but I still use the ones I have and they’re excellent, easy machines. And if someone new comes to me wanting a starter “just click print and it works” solution, I’m still likely to point them towards an A1 mini. They’re cheap and work great out of the box with zero handholding from me required.
And that’s why I kinda hate them. They don’t have to be dickheads, but choose to be. Their products are fantastic, and I’d honestly be using Bambu Studio for them instead of Orca anyway.
their proprietary slicer
That’s the problem, it cannot be proprietary when based off slic3R. It’s not their property to lock down.
(Premise: I don’t have a 3D Printer, have next to zero experience using one and never heard of this controversy before. I’m just asking out of curiosity)
I’m in favor of people using open-source software to use better the stuff they bought, but putting aside my bias that seems pretty clearly an illegal thing, can someone ELI5 how could they not lose if they’re sued?
What I understood is that Bambu Lab sold those printers advertising cloud access to their proprietary servers through their “official means”, but a lot of people used unofficial open-source software to access it, because it worked better. Then at a certain point, the company disabled access to apps that weren’t their proprietary one, but people kept using them. Which prompted the company to sue.
It’s an ass move to do, but the open-source software wasn’t officially supported even before, right? And now it’s still used to access their company cloud, not a separate one, right?
From my understanding they didn’t remove any functionality that was officially advertised, and people are now using unauthorized software to access the company’s proprietary cloud, did I misunderstand something?
Bambu Lab’s software is forked from software that used the AGPL license. Then they made their code closed source, which is expressly forbidden by AGPL.
Bambu Labs are the ones who have been in the wrong this entire time, it’s just that nobody has seriously called them out on it before
I see. Then wouldn’t suing them over this have worked better than “daring” them to sue for this? Or can they use the AGPL argument to win in court even if the case is related to cloud access?
EDIT: actually, is the case over cloud access? Another commenter said it’s DMCA takedowns, is that what they’re using?
Then wouldn’t suing them
You gonna pay the lawyers?
“daring” them to sue
So you can sue for lawyer fees, etc.
I don’t agree with everything he does, but he’s right more than he’s wrong and I also have no idea how he walks around with balls the size of watermelons. You GO Louis.
Everyone with a strong sense of justice is a little annoying, they have to be, and we should be grateful for them.
Somewhere along the way our neoliberal overlords figured out that they needed to teach people to hate annoyance more than evil, and it’s been crazy effective.
*Dicks fuck Assholes, chuck."
🥀🥀🥀
The “fuck ai” crowd sounds so much like the “fuck cloud” crowd from 10-15 years ago.
And in which direction are we going?
Back from
everything into the the cloud
to
Everything back on-premise or a hybrid modelI mean… The “fuck cloud” crowd were right, unless you actually enjoy house appliances that cease functioning without an Internet connection.
For companies, the cloud has been amazing. Almost every company has their infra in the cloud now. Its expensive but gives them one click access to hundreds of services.
I think Ai will also be amazing for companies.
For people? Probably not great. Ai will track and monitor every human. I cant see any other future as long as big tech is driving.
