alt Hacker NewsThe "spoof" as you call it is literally just using their unmodified code. You make it sound like he went in and deliberately changed it so that it would connect. He did not. That part of the code was left unchanged from Bambu's own publicly available source code.
I agree that they might possibly have a case to go after individual users. They don't have a case to go after this guy for distributing a fork of their software with their own publicly available user-agent string unmodified. Threatening to do so is very much against the spirit if not the letter of the license that they're using.
Using their cloud infrastructure without authorization is different from distributing a fork of their software. They may have a legitimate gripe with the former, but they threatened legal action against the latter. If they didn't want people distributing a fork that could connect to their cloud infrastructure by just using their code verbatim, maybe they shouldn't have designed it that way.
He copied the code from BambuStudio into an Orca fork to make it connect to Bambu's cloud. That is A) deliberate and B) easily meets the definition of spoofing.
It is embarrassing that copying that one little thing made a third party fork able to connect to their cloud because A) that would be embarrassing for smaller IoT devices and we're talking about thousand-dollar printers and B) it's highly regarded to be saying on the one hand that your cloud needs security while on the other hand a simple copy/paste of a single function bypassed the security of said cloud that needs protecting.
I agree he would win in court. I don't think they ever planned to even file a complaint. I disagree that it is against the spirit of the AGPL. Signal does the same thing (here's our source code but only our official app can officially connect to our servers and we can ban your app at any time) as far as I can tell and no one complains about them and their shit is AGPL 3.0 only.
As I already said, I don't think they would have any beef with him if he removed that single function - the one that enables use of their cloud infrastructure. The exact problem they have with him, is his distribution of that. I agree that he can distribute it, and they would lose any lawsuit about that. I also agree that its on them to fix it. But returning to the original point, by making source code that can be so easily copied available for download, they have not violated the AGPL. They are not saying he can't distribute his own Orca fork or even his own BambuStudio fork. They're saying "Stop making it connect to our servers" which again I agree is actually their problem. The C&D is just a lazy stopgap.