I disagree. They’re redistributing software under the AGPL while trying to prevent others from using the same freedoms they’ve been granted by the license.
The fact that Pawel was able to copy their source code and paste it into an Orca fork is direct proof from Pawel himself that they are honoring the AGPL.
The C&D presumably wanted him to remove the ID/version string or at least stop distributing it, i.e., they only want real BambuStudio on their cloud and that was the laziest way to achieve that
If we sign a contract that says you're allowed to park in my driveway in exchange for $10, then I threaten to sue you for parking in my driveway, technically I'm not violating our contract. It's not an issue until I actually sue. But I'm still abusing our contract by threatening you for doing something I explicitly allowed you to do.
Likewise, Bambu was able to benefit by forking and distributing AGPL software in exchange for giving everyone a license to do the same for their fork. Then they turned around and threatened legal action against someone for doing what they previously said was allowed. This may not technically be a violation but it's definitely abuse.
Pawel still has access to the Bambu-modified software, which is what the AGPL covers. There is no violation there.
Bambu's issue is with him taking a fork of Orca and spoofing some data (from THEIR FREELY AVAILABLE SOURCE CODE) to appear as Bambustudio to their servers.
A contract that says you can park in my driveway doesn't give you permission to access my garage and use all my tools.
Absolutely a dick move but not really not abuse of a contract.
The AGPL does not just say he has to have access to the modified software. It also says he has to be granted permission to redistribute it, or derived works, under the same terms.
He redistributed a derived work under the same terms and got hit with the threat of legal action.
I don't know what "access my garage and use all my tools" is supposed to be an analogy for in this situation.
He is free to remove the part where it spoofs itself as BambuStudio and do whatever the hell he wants with it. He can probably distribute it with the spoof and continue without actually getting sued because they are likely fixing this as I type this. If they do sue him it will be for unauthorized use of their cloud services. I do think they'd have to sue individual users.
Accessing my garage and using my tools == using Bambu's cloud infrastructure, which they clearly do not want him (or apparently any non-BambuStudio clients) doing any more.
The "spoof" as you call it is literally just using their unmodified code. You make it sound like he went in and deliberately changed it so that it would connect. He did not. That part of the code was left unchanged from Bambu's own publicly available source code.
I agree that they might possibly have a case to go after individual users. They don't have a case to go after this guy for distributing a fork of their software with their own publicly available user-agent string unmodified. Threatening to do so is very much against the spirit if not the letter of the license that they're using.
Using their cloud infrastructure without authorization is different from distributing a fork of their software. They may have a legitimate gripe with the former, but they threatened legal action against the latter. If they didn't want people distributing a fork that could connect to their cloud infrastructure by just using their code verbatim, maybe they shouldn't have designed it that way.
He copied the code from BambuStudio into an Orca fork to make it connect to Bambu's cloud. That is A) deliberate and B) easily meets the definition of spoofing.
It is embarrassing that copying that one little thing made a third party fork able to connect to their cloud because A) that would be embarrassing for smaller IoT devices and we're talking about thousand-dollar printers and B) it's highly regarded to be saying on the one hand that your cloud needs security while on the other hand a simple copy/paste of a single function bypassed the security of said cloud that needs protecting.
I agree he would win in court. I don't think they ever planned to even file a complaint. I disagree that it is against the spirit of the AGPL. Signal does the same thing (here's our source code but only our official app can officially connect to our servers and we can ban your app at any time) as far as I can tell and no one complains about them and their shit is AGPL 3.0 only.
As I already said, I don't think they would have any beef with him if he removed that single function - the one that enables use of their cloud infrastructure. The exact problem they have with him, is his distribution of that. I agree that he can distribute it, and they would lose any lawsuit about that. I also agree that its on them to fix it. But returning to the original point, by making source code that can be so easily copied available for download, they have not violated the AGPL. They are not saying he can't distribute his own Orca fork or even his own BambuStudio fork. They're saying "Stop making it connect to our servers" which again I agree is actually their problem. The C&D is just a lazy stopgap.
Orca is a fork of Bambu Studio anyway so it's just merging something across forks. It's not like he put it into some unrelated piece of software.
Again, abuse is different from violation. I agree that they're not violating the AGPL merely by threatening legal action. They would be if they actually took legal action. The fact that they're threatening to violate the license in order to get what they want but still take advantage of what the license grants them is IMO abuse of that license.
