Bambu Lockdown Pt3: BTT Response and FUD

So... BTT/BIQU has added some details.

As far as I read it, BL knew they were going to break the interface BTT was using for the Panda Touch for quite some time and let them know, but then never worked with them on a solution. BTT even offered to pay royalties/licensing fees. Never heard anything back.

My best interpretation? Either BL has no concept of how to work with external partners or is actively hostile to the idea. My gut says the former. So far it has proven prudent to assume BL is not malicious. Rather, they are just a little dense.

The Connect app for example. I put out the theory that there was either some malicious or at the least additional reason for the app to exist. This was because, as a software developer, I understand fully that it would make no sense for this app to exist and work with their LAN Mode. 

The thinking being; clearly this would require shipping the keys with the Connect app and no one would ever be dumb enough to do that. In which case the Connect app would still need to talk to BL servers to sign the requests, which would defeat the purpose of LAN Mode. But nope! They actually shipped the keys and they were extracted almost immediately. In short, it would still allow for a true LAN Mode.

And this is what leads me to the conclusion that there is no reason (at present) to believe that BLs intention are anything other than stated. I would LOVE to hear the rationale for their approach to securing their software and hardware. Though, I doubt we will ever get that.

Which leads me back to the BL/BTT debacle. Clearly, BL is capable of some level of communication with BTT. It just isn't clear what that level is. My best guess would be; someone who is essentially a PM or in another similar non-technical role was responsible for all prior communications. They know the roadmap and understand the implications but they don't have the authority or a process to follow to hook BTT devs up with BL devs. So, while they are able to say "hey, we're probably going to break that fancy touch screen of yours" they likely have no way to help them make an officially supported version or put them in touch someone who could. Then they just let the communication die.

To be fair, this isn't uncommon in tech. Unless the company has dedicated SDK and/or team for this sort of thing, you will rarely have access to the people who make the decisions and even less likely to have access to the people who understand your requests sufficiently to convey them to the decision makers. And this likely wouldn't be a huge priority for the company itself anyway. 

Right now, there are probably a bunch of BL devs reading the BTT response, scratching their heads and thinking "that's the first I've heard that they wanted our help". 

The last thing I want to address is a lot of the FUD. A lot of people are floating (frankly insane) conspiracies. Things like claiming that BL is using as a first step toward perhaps locking down the AMS to only work with BL filaments.

There are OHHHH so many problems it is brutally hard to know where to begin and exposes the lack of depth of thought that these people have put into it. So let me help. Here are my top 3 issues:

• BambuLab is NOT a filament company
• AMS is not a required purchase
• Not all BL filaments are supported on AMS

The first may be the most controversial. Yes, they sell filament. However, here in Canada at least, the selection of filaments isn't exactly overwhelming and they are regularly sold out of many of them. Some projects REQUIRE certain filament types and possibly even colors. Lack of availability, either because they don't sell it or it is sold out would be a deal breaker for some and would be a hard reason for them to bring their business elsewhere.

BL may sell filament but it is CLEARLY not a core part of their business. I look at the recent Black Friday. Demand was insane, but printers and parts were always available to be ordered even if shipping was delayed. And that tells me one thing; BambuLab is a hardware company first. And they have a decent grip over the wear and tear parts. Some people may used 3rd party hot ends or get replacement parts off AliExpress. But most people I've seen are just buying parts straight from BL.

The next problem with the crazy theory is that the AMS is not a required part for printing nor even for purchase and this is the bit which contains the brains that reads the BL RFID chips. How can you enforce the use of BL spools if you cannot enforce the use of AMS? Well, maybe you just refuse to let the printer work without the AMS?

OK, except for the 3rd point. There are some BL filaments which they explicitly say cannot work with the AMS.

And all of this bypasses the fact that people could just clone BL RFID tags and ship them with their spools. Color hex codes may not match perfectly, if at all, and filament profiles may need to be tweaked. In short, it likely wouldn't stop people and it definitely wouldn't be worth the loss of business. 

Not to mention... there is a theoretical solution to all of this. Someone like BTT simply creates an open control board for the printer. Which, it seems like they are investigating and is certainly something which they have experience with. The more BL makes missteps like this, the more inevitable this sort of solution becomes. And this is clearly NOT in BLs best interest.

And I'll toss in one bit of FUD for free. A lot of people are pointing to contradictions between BLs statement and their TOU/TOS. It is always funny to me when this happens. The TOS is largely boiler-plate legal mumbo-jumbo. Should you ignore it? No. Should you assume the worst possible interpretation? Typically no. I'm sure if you look at other companies and scrutinize their TOS this deeply you'll find some worrying things as well. Take Prusa for example. I'm sure 17.1 would raise a lot of eyebrows in certain communities.

In short, these legal agreements exist to protect the company. A lot of times they include provisions that the company does not actually actively engage in taking advantage of. You should judge a company more buy their actions than their legal agreements. In that respect, BL has been sloppy than malicious.

To sum up. I don't find the outrage to be well founded. I understand (and accept) that changing terms or operating practices will be a (legitimate) reason for some people to exit the ecosystem. I also feel like BambuLab did a poor job communicating both with the public and their potential partners. And that this security patch is VERY poorly devised and not well thought through. Beyond that, most reactions appear to be over-reactions and I don't buy into the FUD.