Josef Prusa (@josefprusa): "BambuStudio has been violating PrusaSlicer AGPL license since their fork, with the same networking binary black box in question today. Why are they willing to burn the goodwill over it?<br>There's something most have sensed but never seen it all in one place, the five-law framework China built between 2017 and 2023 ⤵️
So maybe their hand is forced as their "network" is too valuable already? Each law on its own, interesting, okay... Read them together, and add any Chinese company with big reach to the mix you get the complete picture.
1) National Intelligence Law (2017)<br>All organizations and citizens must "support, assist, and cooperate" with intelligence work. The same law makes it illegal to disclose that cooperation happened. Cooperation is mandatory, and silence about it is mandatory too.
2) Cryptography Law (2020)<br>Commercial encryption must be state-approved and state-reviewed. When authorities request it, companies must provide decryption keys or plaintext. The state on both sides of that equation is the same one.
3) Data Security Law (2021)<br>Article 2 gives the state extraterritorial reach over data that touches Chinese national security or public interests. So EU/US data hosting does nothing to make it safe, because jurisdiction follows the company, not the server location.
4) Counter-Espionage Law revision (2023)<br>The general definition of espionage was expanded to cover "documents, data, materials, or items related to national security and interests." Industrial data is one of the intended targets since the revision.
5) Network Product Security Vulnerability regulation (2021)<br>Any company or researcher that discovers a software vulnerability must report it to MIIT within 48 hours. From there it flows to CNNVD (China National Vulnerability Database of Information Security), operated by the 13th Bureau of the Ministry of State Security. Microsoft's threat intelligence team documented Chinese state-hacker zero-day usage rising after this took effect. Shows the willingness to use the “tools” China built.
Together they describe a system with no neutral exits. Cooperation is required, encryption is real but the spare keys live at the ministry, jurisdiction follows the company across borders, industrial data is in scope, and discovered vulnerabilities flow to an intelligence agency 😬
3D printing became strategic for China in 2020 and joined the “Made in China 2025” plan soon after. Why does 3D printing matter so much? 1/x" | XCancel
Josef Prusa
@josefprusa
May 13
BambuStudio has been violating PrusaSlicer AGPL license since their fork, with the same networking binary black box in question today. Why are they willing to burn the goodwill over it?<br>There's something most have sensed but never seen it all in one place, the five-law framework China built between 2017 and 2023 ⤵️
So maybe their hand is forced as their "network" is too valuable already? Each law on its own, interesting, okay... Read them together, and add any Chinese company with big reach to the mix you get the complete picture.
1) National Intelligence Law (2017)<br>All organizations and citizens must "support, assist, and cooperate" with intelligence work. The same law makes it illegal to disclose that cooperation happened. Cooperation is mandatory, and silence about it is mandatory too.
2) Cryptography Law (2020)<br>Commercial encryption must be state-approved and state-reviewed. When authorities request it, companies must provide decryption keys or plaintext. The state on both sides of that equation is the same one.
3) Data Security Law (2021)<br>Article 2 gives the state extraterritorial reach over data that touches Chinese national security or public interests. So EU/US data hosting does nothing to make it safe, because jurisdiction follows the company, not the server location.
4) Counter-Espionage Law revision (2023)<br>The general definition of espionage was expanded to cover "documents, data, materials, or items related to national security and interests." Industrial data is one of the intended targets since the revision.
5) Network Product Security Vulnerability regulation (2021)<br>Any company or researcher that discovers a software vulnerability must report it to MIIT within 48 hours. From there it flows to CNNVD (China National Vulnerability Database of Information Security), operated by the 13th Bureau of the Ministry of State Security. Microsoft's threat intelligence team documented Chinese state-hacker zero-day usage rising after this took effect. Shows the willingness to use the “tools” China built.
Together they describe a system with no neutral exits. Cooperation is required, encryption is real but the spare keys live at the ministry, jurisdiction follows the company across borders, industrial data is in scope, and discovered vulnerabilities flow to an intelligence agency 😬
3D printing became strategic for China in 2020 and joined the “Made in China 2025” plan soon after. Why does 3D printing...