Hacker News new | past | comments | ask | show | jobs | submit
bhhaskin | on: Reverse Engineering Bambu Connect
I think people are making a big nothing burger out of this.

Bambu is patching a security issue. Personally I don't want any device or application to send any old G-code to my printer. Like say command the printer to basically destroy itself.

Could this lead to completely locking it down in the future? Yes. But they could do that anyways.

I think this is a way to stop getting their pants sued off.

If they really wanted to lock it down they could just make it so everything has to go through their servers and require files to be signed before being read from SD cards.

But instead we really have a half ass attempt.

myself248 | parent | next
"Security" on behalf of the user is a complete red herring. You can't print to my 2d printer or my 3d printer, but I can, with "any old device or application". Because they're on my network, not public on the internet.
loading story #42765152
ipv6ipv4 | parent | next
> Bambu is patching a security issue.

This isn't a security fix. As a security protocol, it wouldn't pass any kind of security audit. A security fix would be something based on a per user credential, not on obscurity.

> Personally I don't want any device or application to send any old G-code to my printer.

Username/password over TLS would do that better than what Bambu Lab is proposing, as an extremely simplistic example.

loading story #42766846
Mashimo | parent
> Bambu is patching a security issue. Personally I don't want any device or application to send any old G-code to my printer. Like say command the printer to basically destroy itself.

Why not implement some kind of open authentication? One that other slicers can implement.