Comment by CarVac
1 day ago
And by using AGPL they grant you the license to use the code however you wish, they cannot say it's "unauthorized access".
1 day ago
And by using AGPL they grant you the license to use the code however you wish, they cannot say it's "unauthorized access".
Yes you can use the code however you want but equally they are free to bar anyone they wish from accessing their servers. These are completely orthogonal issues in a legal sense.
They can bar people from accessing their servers if they do so by rewriting the entire slicer to be closed source and then implementing some actual security, instead of literally giving you the means of access AND the permission to use and modify it as you wish.
If I give you a template for a postcard, it doesn’t give you the right to send it with “signed, ricardobeat” at the end. These are orthogonal concerns.
They could very well enforce login for the entire app, that doesn’t require any closed source code and everyone would be worse off.
3 replies →
The part of the slicer connecting to their cloud IS closed source.
2 replies →
Any instance anywhere that a court has considered an UA sufficient for access control? Especially one published under a copyleft license?
Techies like us get caught up in mechanism all the time in discussions like this.
But, though there are some explicit laws where that’s how it works, that’s not generally how the legal system works. If I have a private server, and I don’t give you permission to access it - or, even better, tell you not to, it doesn’t really matter how I secure it. If you access it, you’re in the wrong.
To give a physical analogy, it doesn’t matter how I’ve secured my house. Even if the door is open, you’re not allowed to just waltz in (or, to take it a bit further, come in and start using my stuff).
8 replies →
Spoofing a User-Agent by itself is not illegal. Browsers, curl, bots, monitoring tools, and privacy tools do this constantly for legitimate reasons.
The legal risk comes from why you are doing it and what protections you are bypassing.
If you are doing it specifically to bypass Bambu's authorized access, then it is very likely to fall afoul of the Computer Fraud and Abuse Act. The mechanism (spoofing the UA) is entirely incidental to the motivation (bypass authorized access), which is what the law cares about.
I don't think courts basically ever settle narrow technical questions like that. Any court decision would carry with it particular baggage based on the rest of the specifics, so I don't think it would have established a clear precedent either way.
The funny part here is it seems Bambu is more exposed to a libel suit than the developer is for... checks notes clicking 'Fork' on Bambu's github. Since the moment he did that, his software was supposedly in breach of Bambu's...expectations.
1 reply →
weev got convicted for something pretty similar to this. His conviction was vacated, but he did spend time in prison for unauthorized access to an AT&T server that only required a specific user agent and a guessable numeric device ID number.
At least in the US, the law against unauthorized access to a computer system has no requirements for how good the security has to be. If you should reasonably know you're not supposed to be using it, that's potentially enough to make it illegal.
2 replies →
They're essentially saying "yes, the code is open source, but you're not allowed to modify it or we'll ban you and threaten you with legal action", which is completely antithetical to the whole idea behind open source (especially the GPL which literally says in the license text itself that it was created to protect your right to run modified software). "Violation of the open source social contract" is a good way to describe it.
You're correct of course that this is an entirely distinct argument from what Bambu's legally allowed to do under existing law.
You can run modified software per the GPL but that does not include the right to connect to Bambu's servers with your modified software. That is entirely reasonable (especially since this is not some social/messaging application). If I release a client as open source, that doesn't mean it's OK for modified clients to connect to my server. I expect you to use it offline or set up your own server to connect to.
I don't know if that is what is happening here because the article is talking about a fork that is bypassing Bambu's servers entirely (which is permitted under the AGPL) and Bambu is not happy.
Edit: On re-reading, it seems to me the fork is still calling Bambu's servers. It's just bypassing some things.
5 replies →
Yes, but not bully the people sharing AGPL code. I would like to see how they do it.
And their freedom to bar people from connecting to their servers is orthogonal to their bullshit legal threats aimed at the developer.