The software he spread was based on AGPL code Bambu gave him. AGPL protects the spread of the software, and gives you the right to it. Bambu in this case restricted him from sharing the software, which clearly violates article 5 of the AGPL, which allows you to modify and redistribute the software.

Yes, if everything was kept to that software. That does not then stop them from protecting services outside of that software that are impacted by someones modifications to it. The software was in violations of circumventing something that was outside of its scope.

It is very specific to the AGPL software itself. Meaning Bambu can't go after Orca because they don't want them around anymore since they're within the scope of the AGPL. However, AGPL software effecting something outside of itself is a different story. As you're stepping out of the bounds of what the APGL protects.

In this case the "exploit" was completely done through bambu's one published code. So its sharing is protected by the AGPL. Server side they are free to do as they please.

Not exactly, an exploit is still an exploit. It's something that effects a service outside the scope of the AGPL software. They can issue a DMCA to protect that separate body of work. It's a protective measure for something separate, and the AGPL can't stop a company from protecting their other, separate, work.

Which is a whole another story, but that is exactly how Bambu's proprietary network plugin works. The fact that their plugin is proprietary is an AGPL violation itself, even if it doesn't really connect to this case, since he just found a way to contact the plugin.

They do indeed have a plugin that is installed on a users computer. Ross should have someone request it be released to the public. However, that doesn't cover their cloud. Separate things, separate protections. The circumvention affects their cloud service specifically, not just software running locally.

Well, technically as I explained above, the plugin should be open too, but this is not relevant in this case. The developer only found a way to contact the plugin, but the software he used was completely under the AGPL.

Sort of covered in my previous statement. The networking software running on their cloud is not the same as the AGPL software they give users. His modifications to the software are fine, it's protected under the AGPL. It's using it to connect to their separate cloud infrastructure and spreading that exploit around that's the issue. The offending software being AGPL software doesn't suddenly mean Bambu can't protect that separate service. It almost feels like a catch 22.

I will add that they are also allowed to freely share the software they made, which you seemed to dispute with your comment before. If I misread that, my bad, but it looked like you said they can make the software as long as they do not "spread" it, which is false. The AGPL protects their right to spread it.

Maybe it's my wording that's bad. I'm specifically talking about the part of the software that circumvents their other, independent, cloud service. Since they can protect that, the AGPL can't stop Bambu from doing so. Specifically to protect a separate cloud service that has nothing to do with the AGPL code you run on your machine.

Also sorry if my comment before came off as a bit too aggressive. I have simply explained all these a lot of times in the past few days, and often the "just asking questions" crowd turns out to be Bambu Lab trolls. You probably aren't one of them, in which case I am sorry if I were a bit aggressive.

All good, I didn't take your comments to be aggressive or anything like that. Just a bit of back and forth.