Comment by danielrmay
20 hours ago
"It pretended to be the official client" is not a security argument if the mechanism was client-supplied metadata.
That’s not impersonation. That’s Bambu discovering that user agents are not authentication.
20 hours ago
"It pretended to be the official client" is not a security argument if the mechanism was client-supplied metadata.
That’s not impersonation. That’s Bambu discovering that user agents are not authentication.
And by using AGPL they grant you the license to use the code however you wish, they cannot say it's "unauthorized access".
Yes you can use the code however you want but equally they are free to bar anyone they wish from accessing their servers. These are completely orthogonal issues in a legal sense.
They can bar people from accessing their servers if they do so by rewriting the entire slicer to be closed source and then implementing some actual security, instead of literally giving you the means of access AND the permission to use and modify it as you wish.
7 replies →
Any instance anywhere that a court has considered an UA sufficient for access control? Especially one published under a copyleft license?
15 replies →
They're essentially saying "yes, the code is open source, but you're not allowed to modify it or we'll ban you and threaten you with legal action", which is completely antithetical to the whole idea behind open source (especially the GPL which literally says in the license text itself that it was created to protect your right to run modified software). "Violation of the open source social contract" is a good way to describe it.
You're correct of course that this is an entirely distinct argument from what Bambu's legally allowed to do under existing law.
5 replies →
Yes, but not bully the people sharing AGPL code. I would like to see how they do it.
And their freedom to bar people from connecting to their servers is orthogonal to their bullshit legal threats aimed at the developer.
And they report service disruptions as a result of this - so perhaps they are are also learning what gateways are.
Blaming the CLIENT for this is absolutely crazy.
"You can't use any client you want because of security" is bullshit, as if hackers will care what client you'd like them to use or not when they're trying to hack your infrastructure.
This is just Bambu alienating their customer base, again.
“But I checked the evil bit and it was off!!!” (https://www.ietf.org/rfc/rfc3514.txt)
Or it's a really blatant security issue that should be reported https://github.com/bambulab/BambuStudio/issues/10681