I’m surprised this isn’t a bigger part of the story.
Bambu’s authentication is just the client saying “I am Bambu Studio”. The server completely trusts that with no additional authentication.
It’s like setting up a website with a user login, and if someone puts in “admin” in the username field without a password, the system says “sounds good” and lets you in. And then the website owners getting mad that someone hacked their system.
Blatant incompetence. I can’t believe they’re using their stupidity as an argument.
It’s like setting up a website with a user login, and if someone puts in “admin” in the username field without a password, the system says “sounds good” and lets you in. And then the website owners getting mad that someone hacked their system.
Blatant incompetence. I can’t believe they’re using their stupidity as an argument.
You are right, but technically speaking it would be a crime anyway. It is not that if you leave your door open then entering without permissione is not a crime.
While Bambu Labs obviously is trying to implement some sort of subscribtion model, and they are doing it in a bad faith way, for shitty as the authentication model is it is not an authorization to enter freely.
You are right, but technically speaking it would be a crime anyway. It is not that if you leave your door open then entering without permissione is not a crime.
Leaving the door open and people walking in isn’t a crime, unless explicitly mentioned otherwise (may vary on jurisdiction), but faking a login is a lot less denyable than using the same User-Agent as some software (famously a bad marker for authentication).
I don’t know where you live, but leaving a door wide open is literally an invitation to “come in” And as far as I understand things correctly, it’s been like that for a few thousand years.
I’m surprised this isn’t a bigger part of the story.
Bambu’s authentication is just the client saying “I am Bambu Studio”. The server completely trusts that with no additional authentication.
It’s like setting up a website with a user login, and if someone puts in “admin” in the username field without a password, the system says “sounds good” and lets you in. And then the website owners getting mad that someone hacked their system.
Blatant incompetence. I can’t believe they’re using their stupidity as an argument.
Important to note that the license they release their software under explicitly allows users to do exactly that
You are right, but technically speaking it would be a crime anyway. It is not that if you leave your door open then entering without permissione is not a crime.
While Bambu Labs obviously is trying to implement some sort of subscribtion model, and they are doing it in a bad faith way, for shitty as the authentication model is it is not an authorization to enter freely.
Leaving the door open and people walking in isn’t a crime, unless explicitly mentioned otherwise (may vary on jurisdiction), but faking a login is a lot less denyable than using the same User-Agent as some software (famously a bad marker for authentication).
I don’t know where you live, but leaving a door wide open is literally an invitation to “come in” And as far as I understand things correctly, it’s been like that for a few thousand years.