‘Fuck you, Bambu’: How one private message could change the face of 3D printing

Bambu Lab makes the best, most accessible 3D printers yet, but that reputation is suddenly under siege. It all started when Paweł Jarczak received a private message from the company on Reddit asking him to delete his code. Now the 3D printing community is lining up behind Jarczak to fund a war against Bambu — and the future of 3D printers could be at stake.Jarczak is a developer who shared a way to let people remote control their Bambu printers without using Bambu software. But Bambu wanted to lock down its system, despite relying on open-source code. That provoked a furious coalition of open-source advocates and YouTubers to respond.“I’ll put up $10,000 to teach bambu labs a lesson,” declared consumer rights advocate Louis Rossmann, pledging to help defend Jarczak in court.“I’m never buying a Bambu Lab 3D printer again,” stated maker Jeff Geerling, adding that he’d gladly chip in too. (He’s changed the YouTube title since.)“Go fuck yourself, Bambu,” wrote GamersNexus, pledging to commit $10,000 as well. (It’s also halting previously unannounced plans to buy $150,000 of Bambu hardware for a 3D printing project, editor-in-chief Steve Burke tells The Verge.)“Go ahead, Bambu: Sue us,” taunts GamersNexus, which has also begun investigating scattered reports of a Bambu printer catching fire.If that wasn’t enough, Rossmann, Burke, and thousands of other open-source advocates are daring Bambu to take legal action — they’re each forking the code Bambu was hoping to suppress. As of Monday, so is the Software Freedom Conservancy, which is now hosting an entire project to reverse engineer Bambu’s code and says it will serve as a Bambu watchdog.“They’re bad actors, straight-up, and the community should do whatever we can,” Bradley Kühn, father of the AGPL open-source license and policy fellow at the Software Freedom Conservancy, tells The Verge.But why is everyone so mad that Bambu’s printers don’t work perfectly with third-party apps? Are Bambu’s actions really that egregious, or is it just trying to protect its ecosystem?

I spoke to Bambu, Jarczak, lawyers, and others to understand. Both Bambu and Jarczak shared copies of their private communications for this story with The Verge, each eager to set the record straight on what actually happened.This is the story of how everything went wrong, and how it could become right again.What is actually going on with Bambu and Paweł Jarczak?On April 22nd, when Bambu first reached out to Jarczak in a Reddit private message, its tone seemed polite. Bambu suggested it was warning Jarczak of upcoming changes that could prevent his code from working. The first DM concludes: “we kindly ask you to consider removing the current connection approach, as it mimics official Bambu Lab software.”Jarczak replied that he was ready to remove his entire project from GitHub and thanked the company for noticing his work. But he wanted to be “properly acknowledged” for possibly revealing “a significant security gap.” He offered further help for a fix while requesting some gear — specifically the flagship H2D printer.But Bambu was not ready to reward or recognize him for promoting ways to use unauthorized third-party software and hardware that competes with its own. (Jarczak’s previous project was supporting a cheaper way to print in multiple colors than buying Bambu’s $279 AMS Lite, a project he’s since suggested Bambu should also recognize him for.)Ominously, Bambu started talking to Jarczak like a mobster: “We wanted to speak with you first and handle this in a constructive way. That said, we can’t allow this approach to continue.”Jarczak bristled. He had publicly voiced some suspicion that what he’d done had crossed a line. But he also knew that Bambu’s code was open-source under AGPL, a license so permissive that Google famously banned its engineers from using it at all.The developer wanted to know: What, specifically, had he done wrong if the code was open-source?Instead of explaining, Bambu ramped up its threat. It told Jarczak that a cease and desist letter had already been prepared, and “invited” him to look at section 1201 of the Digital Millennium Copyright Act, implying it could legally punish him for breaking digital locks.But Bambu didn’t sue. It didn’t send a cease and desist letter.

It didn’t even send a DMCA takedown to remove his files from GitHub. Jarczak voluntarily took his code down. But in that code’s place, Jarczak left a note suggesting that Bambu treated him like a criminal.That’s when the internet pounced.Why is the open-source 3D printing community so upset?Because Bambu’s software is not just Bambu’s software. “Bambu Studio is based on PrusaSlicer by Prusa Research, which is from Slic3r by Alessandro Ranellucci and the RepRap community,” Bambu freely admits on its websites.“Based on” doesn’t just mean Bambu took inspiration from those programs. Bambu Studio is similar to PrusaSlicer because it’s a fork of PrusaSlicer. It’s built atop the same code.Every modern 3D printer uses a piece of software called a slicer, which “slices” 3D objects into layers, then turns those layers into instructions that a 3D printer can follow. Over time, they’ve become the way to remote control every other part of a 3D printer as well.Almost every slicer is built atop the slicers that came before, going back nearly 15 years to when Alessandro Ranellucci first released Slic3r to the world under the AGPL license. That license guarantees no one has to reinvent the wheel so long as they contribute their own improvements. Bambu gets enormous value from this license, but it’s beginning to crack down on users enjoying the same benefits.Bambu freely forked PrusaSlicer, and it doesn’t contest that anyone else can fork Bambu Studio as well. But Bambu cut off the ability for forks — including the most popular fork, OrcaSlicer — to send prints, remote control the print head, monitor the printer’s camera, change filament colors, and more, until or unless their developers integrated a new proprietary authentication mechanism. (The lead developer of OrcaSlicer declined.)Jarczak had created his own fork of OrcaSlicer to work around Bambu’s proprietary requirement, and that’s the code Bambu wanted taken down.Last January, Bambu said its motive was security.

But many suspected a profit motive too: that Bambu might use its software to lock its printers to its own filament and accessories and start charging for subscription services, the way today’s inkjet printer companies do. Bambu did not deny those possibilities when we asked, and the open-source community has been preparing to fight possible enshittification ever since.All Jarczak was originally trying to do was keep Bambu’s software from breaking compatibility with the Biqu BCMU third-party multicolor system (that undercuts Bambu’s own $279 accessory), after some users noticed the BCMU stopped working following a Bambu firmware update.But when he built a copy of OrcaSlicer using code from the Linux version of Bambu Studio instead of the Windows or Mac versions, Bambu’s cloud services no longer stopped him from remote controlling his own printer at all. He’d inadvertently found a way to pick Bambu’s lock using Bambu’s own open-source code. When Bambu threatened him into submission for undoing its lock, he became an unwitting martyr for a bigger cause.“People are trying to make me into some kind of hero here, but I am not that,” Jarczak tells The Verge. Here’s where it gets really messy. A lot of this will come down to how the open-source license used by Bambu is interpreted both by the public and potentially by courts. Bradley Kühn, who helped put the “A” into AGPL, says it’s a slam dunk: Bambu has violated its AGPL license.In a blog post for the Software Freedom Conservancy, he identifies two specific violations. First, Bambu’s proprietary networking plug-in itself.The actual text of the AGPL states that anyone who copies a program must license the source code for the entire program — including any “Corresponding Source” for other bits that are needed to generate, install, run, or modify the work.It also has explicit examples of what should count as Corresponding Source, including “shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work.”Guess what Bambu’s proprietary networking plug-in is made of?

Shared libraries and dynamically linked libraries, ones that Bambu’s open-source portions automatically try to install when you first run the application, and ones that — Kühn and Jarczak both say — have intimate communication with Bambu’s open-source code.Jarczak has now published a 30-point analysis at his GitHub page that runs down just how intimate that communication could be:The second violation, Kühn writes, is how Bambu allegedly pressured Jarczak to remove his code from GitHub while falsely claiming its terms of service trump his rights under the AGPL license.But neither Kühn nor Jarczak is a lawyer. Bambu has lawyers, and two lawyers who specialize in open-source tech tell The Verge that the AGPL is difficult to rely on.What do Bambu and the lawyers say?Bambu answered almost every question we sent over the course of a full week. Head of PR Nadia Yaakoubi told us that the company isn’t concerned about “open-source development or legitimate code forks.” (Bambu is implying Jarczak’s fork is illegitimate.)The company argues that some of its code is “separately delivered” and therefore isn’t covered by the AGPLv3 license where “Corresponding Sources” are concerned. Here’s what it told us:We do not agree that the networking plugin is properly characterized as part of Bambu Studio’s “Corresponding Source” for purposes of AGPLv3, such that AGPLv3 source-availability obligations would be triggered. It is a separately delivered, optional networking component that provides additional functionality. The fact that software may load a separate component at runtime does not establish that the component is part of the covered work or that it is source code; the work is “specifically designed to require” under Section 1, which defines the scope of “Corresponding Source.” And as you mentioned, AGPL also does not authorize any access violating the rules and protocols for communication across the network.Kyle Mitchell, an independent tech lawyer who’s studied the AGPL, tells The Verge it’s quite possible that Bambu doesn’t need to share everything that touches its open-source code, particularly when we’re talking about cloud services.