this post was submitted on 24 May 2026
530 points (97.7% liked)

Technology

84920 readers
3306 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
530
'Fuck you, Bambu': How one private message could change the face of 3D printing (www.theverge.com)
submitted 1 day ago by floofloof@lemmy.ca to c/technology@lemmy.world
105 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.bestiver.se/post/1124610

Comments

you are viewing a single comment's thread
view the rest of the comments
[–] thenewred@lemmy.world 129 points 1 day ago (2 children)

I'm surprised this isn't a bigger part of the story.

Bambu's authentication is just the client saying "I am Bambu Studio". The server completely trusts that with no additional authentication.

It's like setting up a website with a user login, and if someone puts in "admin" in the username field without a password, the system says "sounds good" and lets you in. And then the website owners getting mad that someone hacked their system.

Blatant incompetence. I can't believe they're using their stupidity as an argument.

[–] starman2112@sh.itjust.works 37 points 1 day ago

Important to note that the license they release their software under explicitly allows users to do exactly that

[–] gian@lemmy.grys.it 2 points 20 hours ago (2 children)

It’s like setting up a website with a user login, and if someone puts in “admin” in the username field without a password, the system says “sounds good” and lets you in. And then the website owners getting mad that someone hacked their system.

Blatant incompetence. I can’t believe they’re using their stupidity as an argument.

You are right, but technically speaking it would be a crime anyway. It is not that if you leave your door open then entering without permissione is not a crime.
While Bambu Labs obviously is trying to implement some sort of subscribtion model, and they are doing it in a bad faith way, for shitty as the authentication model is it is not an authorization to enter freely.

[–] SirQuack@feddit.nl 6 points 19 hours ago

You are right, but technically speaking it would be a crime anyway. It is not that if you leave your door open then entering without permissione is not a crime.

Leaving the door open and people walking in isn't a crime, unless explicitly mentioned otherwise (may vary on jurisdiction), but faking a login is a lot less denyable than using the same User-Agent as some software (famously a bad marker for authentication).

[–] spicehoarder@lemmy.zip 2 points 19 hours ago

I don't know where you live, but leaving a door wide open is literally an invitation to "come in" And as far as I understand things correctly, it's been like that for a few thousand years.