I’m surprised this isn’t a bigger part of the story.
Bambu’s authentication is just the client saying “I am Bambu Studio”. The server completely trusts that with no additional authentication.
It’s like setting up a website with a user login, and if someone puts in “admin” in the username field without a password, the system says “sounds good” and lets you in. And then the website owners getting mad that someone hacked their system.
Blatant incompetence. I can’t believe they’re using their stupidity as an argument.
It’s like setting up a website with a user login, and if someone puts in “admin” in the username field without a password, the system says “sounds good” and lets you in. And then the website owners getting mad that someone hacked their system.
Blatant incompetence. I can’t believe they’re using their stupidity as an argument.
You are right, but technically speaking it would be a crime anyway. It is not that if you leave your door open then entering without permissione is not a crime.
While Bambu Labs obviously is trying to implement some sort of subscribtion model, and they are doing it in a bad faith way, for shitty as the authentication model is it is not an authorization to enter freely.
I’m surprised this isn’t a bigger part of the story.
Bambu’s authentication is just the client saying “I am Bambu Studio”. The server completely trusts that with no additional authentication.
It’s like setting up a website with a user login, and if someone puts in “admin” in the username field without a password, the system says “sounds good” and lets you in. And then the website owners getting mad that someone hacked their system.
Blatant incompetence. I can’t believe they’re using their stupidity as an argument.
You are right, but technically speaking it would be a crime anyway. It is not that if you leave your door open then entering without permissione is not a crime.
While Bambu Labs obviously is trying to implement some sort of subscribtion model, and they are doing it in a bad faith way, for shitty as the authentication model is it is not an authorization to enter freely.
Important to note that the license they release their software under explicitly allows users to do exactly that