Notices by muesli (fribbledom@mastodon.social)

@maphew

You can get one of the machines I just mentioned for $50 or less. All you now need is a cheap Raspberry Pi (3 or up), install Klipper on it and its firmware on your printer.

All the heavy lifting (input shaping, pressure advance etc.) will be handled on the Pi and you'll have a machine that's capable of producing the same quality prints at pretty much the same speed as current generation printers that go for $500 and beyond.

If you have an old 3D printer kicking around at home, do yourself a favor and install Klipper on it.

It's pretty ridiculous what you can still get out of an eight year old machine like the Anycubic Mega S or an Artillery Sidewinder X1 with the help of a bit of input shaping.

The hardware hasn't changed all that much in the last ten years or so. We still use pretty much the same steppers, drivers and kinematics. It's all in the software.

#3dprinting

If you start investing at age 25, you may be able to afford your own funeral one day!

@nonexistent

Yeah, I'm the muesli that worked on tea in recent years.

@nonexistent

In other words:

There's no standard because we have standards.

@Marcus

I would wait for the Kobra S1. The previous Kobras are workable but a bit meh from today's perspective. Too much has changed in the past two years.

@Profpatsch

Ah, man, congrats! You seem to have just made it to the third stage of every developer's life!

@kitsune_yasu

I apologize if my comment was too offensive, but I'm indeed not sure I have anything meaningful to add.

You claimed their change improves security, I refuted that by pointing out that it's insecure by design.

You asked for sources, I provided sources.

I suggested a bunch of methods to really increase their security, and you basically agreed with me.

Quoting completely unrelated Bambu marketing material isn't gonna help further this discussion.

@kitsune_yasu

Is the copium really hitting that hard?

@kitsune_yasu

"Some randoms in forums". This is the author & maintainer of OrcaSlicer 🙈

@kitsune_yasu

I'm getting the feeling you're really not quite understanding the situation.

You're supposed to run this software on your desktop. There's no technical way to release this and also keep the key private.

@kitsune_yasu

Please, try to catch up on the news first, so we can have a more informed discussion.

https://github.com/SoftFever/OrcaSlicer/issues/8063#issuecomment-2599741800

@kitsune_yasu

... and then they'll release a new BambuConnect version with a new key? Which then is immediately leaked again?

I'm not sure what you're trying to suggest, this solution simply doesn't work.

@kitsune_yasu

I'll give you some time to read up on the news. I'm sure you'll eventually reach the same conclusions.

They also already made it very clear that they're not interested in working with OrcaSlicer or others to find a solution.

@kitsune_yasu

When the entire architecture and design of their security mechanism is flawed an update won't help them.

The only thing they can reasonably do is to move the signing process to their cloud service.

Which, again, would be hilariously stupid.

@kitsune_yasu

Which breaks the new auth layer they're trying to introduce.

Context is everything: what you quoted is a response to people suggesting they may have used the same private key for other parts of the system, which would be ridiculous.

@kitsune_yasu

Yes, but that's a solution that slicers can simply adopt and implement. Like they do for dozens of other protocols and auth mechanisms.

@kitsune_yasu

Well, yes, but also: if they really wanted security, they would have developed a secure solution, not handed out the key on a golden plate.

@kitsune_yasu

https://mastodon.social/@fribbledom/113851687163524158

@kitsune_yasu

There would have been a multitude of ways to actually improve their security:

an Oauth API, API tokens, token/PIN exchange on the printer's display and/or a QR-code, an actual LAN-only mode, manual certificate exchange, ... I'll stop here.

All of these solutions would be absolutely feasible, actually secure, and would not lock you out from using a third-party slicer. Their solution isn't about security at all, it's only about controlling their ecosystem.