This is one of the cooler features of Apple Vision Pro, it does such good beamforming for the wearer's mouth that someone could be screaming next to you or blasting music, and other parties on Zoom or FaceTime will not hear them.
Are they blocking the global tailscale IP addresses / host names for their DERP relays? Tailscale will tunnel over HTTPS if it can’t establish a UDP relay.
Tailscale isn’t really a VPN, it’s an OSI layer 5 for the TCP/IP world. It makes connectivity as easy as 90s LAN parties were.
I use Tailscale
- so I can do remote tech support on my 81 year old mother’s computer
- So I can remote in to my desktop from anywhere with my mobile phone or iPad or Vision Pro or Steam Deck if I need a file or need to print something
- watching streaming media from my home network when I’m travelling (and avoiding VPN blocks because my home computer isn’t on a known VPN network)
And the best part is none of this required almost any configuration beyond (a) installing the software, (b) checking the “allow exit node” box on my home computer, (c) sharing my mom’s computer onto my tailnet.
The Magic DNS feature is super cool as well. I'm not sure exactly what the mainstream killer app would be. But I feel like Tailscale is poised to execute if/when it arises.
Perhaps the AI age makes everyone more data privacy conscious.
I've also long thought that eventually every household will eventually have a mini server for home automation and storing personal information. The rise of the cloud kinda slowed this down, but I don't think cloud and home server are mutually exclusive.
> Is it because lot of people are just using a VPN as a proxy replacement, watering down the original meaning of the word?
Yes. The question was about a “mainstream consumer”. While “mainstream” is always a moving target, today (in March 2025) that mainstream consumer believes that a VPN == NordVPN == ExpressVPN == what we call/know as a proxy.
NordVPN added some mesh features and you can CTRL-F this thread to find a confused person asking “how is tailscale different than Nord?”
I used to host an Arma 3 server using Kubernetes, I had a scalable set of headless clients to distribute the AI load. My friends called said it was the smoothest server they ever played on despite using hundreds of AI groups. With Tailscale I wouldn't have needed host networking enabled on the Pods, come to think of it.
The CPU controlled squads of enemy soldiers and vehicles the players shoot. Arma is a first-person shooter game. The game engine it uses is not heavily multi-threaded, but the multiplayer system has some weird quirks that you can exploit to distribute AI processing across multiple networked instances, either in a multi-core or multi-machine topology.
This is, to put it mildly, a minority opinion. I don't hate Teams as much as most people do but my old (big and small) companies had both Slack and Teams and about 40% of employees had Teams statuses of "ping me on Slack I refuse to use Teams".
It's the opposite in my experience, it's the best parts of IRC and the history is gold. Storing things in Slack is one of the most useful bits of it. I've seen several multi-billion dollar companies built most of their collaboration across offices around Slack.
Generally speaking, no. Prusa comes close - they're dedicated to community and OSS, and are quality parts... but are almost 2x the price and tend to be missing comparable features.
The other competition doesn't quite have the UX and quality of Bambu Lab. That's changing slowly, but it's reality today IMO.
The challenge is that the 3d Printing community is maturing from a hobbyist/tinker phase into a consumer phase with Bambu Lab leading the way. Bambu Lab has mostly threaded the needle by balancing proprietary UX with practical ability to tinker, swap parts, etc.
But as with most hobby communities, if someone doesn't understand a motivation of a change, they immediately ascribe it to a conspiracy.
Bambu Lab wanting to improve printer security is an obvious thing to anyone who has dealt with corporate network security in the past... today it is effectively an insecure toy that would only be deployed on black holed lab networks. They're trying to make it more modern via Mutual TLS authenticated file transfer rather than a cobbled together mix of FTP and MQTT.
How do normal paper printers work on such networks? From what I gather there is some standardised solution to that, wherein here bambu requires their own "connect" software, correct?
I think that big enterprises are full of old systems that are put on vans, vpns, conditional access rules etc., so it's weird to me that ftp is such a problem?
There is also a point in their tos: 7.4 - boils down to "your printer will block printing until you accept critical security patches" that directly contradicts the linked blog post
Normal paper printers concentrate print services to a Windows or Linux print server that authenticates users before they submit a job. All the direct ports on the printer are firewalled and restricted to the print server.
The main issue is that paper printers are a terrible legacy technology that didn't evolve much and are grandfathered into corporate security, whereas any new technology or new vendors have a much higher bar to pass before they're let on networks. Yes, there are many workarounds like VLANs, firewalls and black hole routes etc but they're usually treated as exceptions these days.
The TOS is meant to cover worst case scenarios, such as, the x509 certificates on the printer expire, or a major vulnerability is found. The printer is a hybrid cloud connected or LAN connected service and thus it's reasonable to warn users they need to update periodically because Bambu doesn't want to be exposed by for unpatched backdoor attacks etc. This is a similar issue with MacOS or Windows where you cant use your web browser securely after a few years of missing updates, or other connected devices where you must consent to automatic updates to use the device (Google Nest or Amazon Ring devices come to mind). Bambu is actually being better than most device companies in that they are just requiring this for crucial security updates and they don't require an internet connection: you can patch it via SD Card.
If this were about security, it wouldn't matter what piece of software was implementing the well documented security protocol. BambuSlicer, or OrcaSlicer, it would be all the same because the underlying protocol would be the security guarantee. This is rudimentary security tradecraft.
Bambu Lab is introducing something else. Most charitably, it could be described as security through obscurity, which is never secure. More realistically, Bambu Lab is introducing vendor lock-in under the pretext of security. Vendor lock-in is what this change actually achieves.
Controlling the software lifecycle of a client library or executable, to be able to update its x509 certs as part of an upgrade cycle, is ... not security through obscurity. It's pretty standard practice, especially if your customer base knows very little about maintianing certs/keys.
It's about a vendor trying to control an experience for its users balancing its UX and maintenance costs.
There's no real vendor lock-in here beyond the usual conspiracy "Bambu Lab is better therefore they're evil unless they give it all away for free to their competition", that's a pile of nonsense. Orca Slicer and 3rd party slicers will continue to work with the new approach if they can work out the details of the PR that uses Bambu Connect.
Somehow you can securely access your bank account with any browser of your choosing, and not a bank provided browser, but 3D printers need obscure proprietary security protocols to be secure. That doesn't make sense.
That's because the bank isn't generally using mutual TLS client authentication to verify your account details through your browser. You login with a password and other authentication factors .
Interestingly some banks do use x509 client authentication for corporate accounts or high net worth accounts but they expect you to know how to import the key to your browser. And almost all banking mobile apps use this to call their server APIs to ensure only the Bank's mobile apps (or partners) can call their APIs.
In Bambu Labs' case, they've had many DDOS attacks and other issues with their security and so they're forcing a constraint on the approved software clients that can access their printers and/or cloud service via client authentication. BambuConnect being the catch all proxy software for most.
Bambu is forcing its customers to use its cloud offerings when many users want to use the machine on their LAN without the cloud guff. Many for security reasons. Bambu essentially tells its customers to pound sand, they are forced to use cloud. Now Bambu is claiming it has a cloud DDOS problem and therefore it is going to lock down what users can do further. I'm sorry, that's just silly. Let me connect to the printer locally, and your cloud DDOS problems go away.
The DDOS problem itself doesn't sound particularly compelling as a justification for this action, either. If every user action is authenticated, you know which users are abusing the system - throttle them or kick them out. Adding a TLS certificate for mutual authentication is going to reduce the DDOS overhead by a negligible amount.
> forcing a constraint on the approved software clients
Which will do nothing against a determined DDOSer since they will always be able to extract the certificates from Bambu Connect, or BambuSlicer.
Finally, if the issue is airtight security for the on-prem printer and preventing a hacker external or internal to the LAN from exploiting them. Maybe Bambu can take a page from the Matter smart home specs. if they are out of ideas. These are solved problems. Cloud not necessary. Software lockdown not necessary.
ppl always get caught up on the x509. They're actually a good thing and are absolutely necessary to prevent mitm since they use self-signed certs.
BambuStudio also works that way.
The issue is introducing further measures which don't provide any security benefit to the user (can be spoofed): only allowing critical commands from BambuConnect.
Um no? First, Bambu is the best, by far. Secondly, Orca Slicer is a fork of Bambu Studio and the vast majority of its users are Bambu customers that want extra features.
Nah, this is influencer-generated bro science sentiment. They do nothing special, and hardly never come out on top in any serious independent print quality tests.
Their primary competitive advantage right now the AMS bundle being very competitively priced.
