[wpm]

I think the really important part of this is that Pawel modified OrcaSlicer to look like BambuStudio by looking at the AGPL licensed source code of BambuStudio and copying it over.

And the function he copied over just set the UserAgent string to some hard coded values also available in the AGPL source code of BambuStudio. He didn't reverse engineer anything. Just went and looked at public code that's free to use for any purpose.

BambuLabs is probably just big mad that their "security" argument for their walled garden, weak as it was, just got publicly pantsed. I've never heard of a fucking dumber way of "securing" a service than a plaintext client-side assertion "I'm allowed to send you print jobs uwu :3"

The entire debacle is incredibly embarrassing for Bambu.

[tootie]

Yeah they're argument is based on saying that sniffing a user agent string is illegal reverse engineering. If they get the right 100 year old judge they might even succeed but it feels like a thoroughly lame argument to me.

[observationist]

Not even sniffing - no special action need be taken, simply looking at the code which they are legally obligated to provide is sufficient.

It's like putting up a sign that says "No trespassing, unless you know the secret code word, which is 'Stegosaurus'".

[ixwt]

According to the video about this by Louis Rossman, there wasn't even string sniffing. No changes were made in the code, the client ID was hard coded in, and was untouched by the author.

[SV_BubbleTime]

> never heard of a fucking dumber way of "securing" a service than a plaintext client-side assertion "I'm allowed to send you print jobs uwu :3"

Love it; but just wait, I bet Claude surprises you this year.

[basilikum]

I mean, client side secrets and user agent white listings aren't exactly uncommon.