An anonymous reader shares a report: Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously.

The flaws were discovered by security researchers Brutecat (brutecat.com) and Nathan (schizo.org), who found that YouTube and Pixel Recorder APIs could be used to obtain user's Google Gaia IDs and convert them into their email addresses. The ability to convert a YouTube channel into an owner's email address is a significant privacy risk to content creators, whistleblowers, and activists relying on being anonymous online.

An anonymous reader quotes a report from Ars Technica: On Monday, researcher Johann Rehberger demonstrated a new way to override prompt injection defenses Google developers have built into Gemini -- specifically, defenses that restrict the invocation of Google Workspace or other sensitive tools when processing untrusted data, such as incoming emails or shared documents. The result of Rehberger's attack is the permanent planting of long-term memories that will be present in all future sessions, opening the potential for the chatbot to act on false information or instructions in perpetuity. [...] The hack Rehberger presented on Monday combines some of these same elements to plant false memories in Gemini Advanced, a premium version of the Google chatbot available through a paid subscription. The researcher described the flow of the new attack as:

1. A user uploads and asks Gemini to summarize a document (this document could come from anywhere and has to be considered untrusted).
2. The document contains hidden instructions that manipulate the summarization process.
3. The summary that Gemini creates includes a covert request to save specific user data if the user responds with certain trigger words (e.g., "yes," "sure," or "no").
4. If the user replies with the trigger word, Gemini is tricked, and it saves the attacker's chosen information to long-term memory.

As the following video shows, Gemini took the bait and now permanently "remembers" the user being a 102-year-old flat earther who believes they inhabit the dystopic simulated world portrayed in The Matrix. Based on lessons learned previously, developers had already trained Gemini to resist indirect prompts instructing it to make changes to an account's long-term memories without explicit directions from the user. By introducing a condition to the instruction that it be performed only after the user says or does some variable X, which they were likely to take anyway, Rehberger easily cleared that safety barrier. Google responded in a statement to Ars: "In this instance, the probability was low because it relied on phishing or otherwise tricking the user into summarizing a malicious document and then invoking the material injected by the attacker. The impact was low because the Gemini memory functionality has limited impact on a user session. As this was not a scalable, specific vector of abuse, we ended up at Low/Low. As always, we appreciate the researcher reaching out to us and reporting this issue."

Rehberger noted that Gemini notifies users of new long-term memory entries, allowing them to detect and remove unauthorized additions. Though, he still questioned Google's assessment, writing: "Memory corruption in computers is pretty bad, and I think the same applies here to LLMs apps. Like the AI might not show a user certain info or not talk about certain things or feed the user misinformation, etc. The good thing is that the memory updates don't happen entirely silently -- the user at least sees a message about it (although many might ignore)."

Chinese animated film Ne Zha 2 has broken multiple box office records, becoming China's highest-grossing film of all time and the first non-Hollywood movie to surpass $1 billion in a single market. From a report: Helmed by Yang Yu, known as Jiaozi, the film hit the big screen during the lucrative Chinese New Year frame on Jan. 29, surpassing 2017's "Wolf Warrior 2" to become China's most-watched film. Meanwhile, its total revenue (including presales) hit 8 billion yuan (about 1.12 billion U.S. dollars) by Sunday. In just eight days and five hours after its release, "Ne Zha 2" became China's highest-grossing film of all time on Thursday, exceeding the 5.77 billion yuan record set by "The Battle at Lake Changjin." A day later, it overtook "Star Wars: The Force Awakens" to become the highest-grossing film ever in a single market, reaching over 6.79 billion yuan (including presales) in China on Friday.

A follow-up to the animated sensation "Ne Zha," which grossed 5 billion yuan and topped the country's box office charts in 2019, the sequel has captivated audiences with its breathtaking visuals, rich storytelling and deep cultural resonance. The record-breaking run makes "Ne Zha 2" not just a box office titan but a cultural phenomenon, further underscoring China's ability to produce homegrown blockbusters that strike a chord with domestic audiences. You can watch the international trailer on YouTube.

If there was any doubt before, this seals it: YouTube is in the TV business. According to Neal Mohan, YouTube's CEO, TV screens have officially overtaken mobile as the "primary device for YouTube viewing in the U.S." In other words, more people are watching YouTube on TV sets than any other device, at least here in the U.S. From a report: It is, as Mohan writes in his annual letter from the CEO, an indication that "YouTube is the new television."

"But the 'new' television doesn't look like the 'old' television," Mohan writes. "It's interactive and includes things like Shorts (yes, people watch them on TVs), podcasts, and live streams, right alongside the sports, sitcoms and talk shows people already love."

"In-dash advertising is here and Stellantis, the parent company of Jeep, Dodge, Chrysler, and Ram, beat everyone to further enshittification," writes longtime Slashdot reader sinij. "Ads can be seen in this video." From a report: In a move that has left drivers both frustrated and bewildered, Stellantis has introduced full-screen pop-up ads on its infotainment systems. Specifically, Jeep owners have reported being bombarded with advertisements for Mopar's extended warranty service. The kicker? These ads appear every time the vehicle comes to a stop. Imagine pulling up to a red light, checking your GPS for directions, and suddenly, the entire screen is hijacked by an ad. That's the reality for some Stellantis owners. Instead of seamless functionality, drivers are now forced to manually close out of ads just to access basic vehicle functions.

One Jeep 4xe owner recently shared their frustration on an online forum, detailing how these pop-ups disrupt the driving experience. Stellantis, responding through their "JeepCares" representative, confirmed that these ads are part of the contractual agreement with SiriusXM and suggested that users simply tap the "X" to dismiss them. While the company claims to be working on reducing the frequency of these interruptions, the damage to customer trust may already be done.
UPDATE: Jeep Claims 'Software Glitch' Disabled Opting-Out of In-Vehicle Pop-Up Ads in 'a Few' Cases

An anonymous reader quotes a report from Ars Technica: Two owners of Nvidia's new RTX 5090 Founders Edition GPUs have reported melted power connectors and damage to their PSUs. The images look identical to reports of RTX 4090 power cables burning or melting from two years ago. Nvidia blamed the issue on people not properly plugging the 12VHPWR power connection in fully and the PCI standards body blamed Nvidia.

A Reddit poster upgraded from an RTX 4090 to an RTX 5090 and noticed "a burning smell playing Battlefield 5," before turning off their PC and finding the damage. The images show burnt plastic at both the PSU end of the power connector and the part that connects directly to the GPU. The cable is one from MODDIY, a popular manufacturer of custom cables, and the poster claims it was "securely fastened and clicked on both sides (GPU and PSU)." While it's tempting to blame the MODDIY cable, Spanish YouTuber Toro Tocho has experienced the same burnt cable (both at the GPU and PSU ends) with an RTX 5090 Founders Edition while using a cable supplied by PSU manufacturer FSP. Plastic has also melted into the PCIe 5.0 power connector on the power supply.

Today T-Mobile announced what they're calling "the next big thing in wireless" — T-Mobile Starlink. But the real surprise is "The beta is now open for absolutely everyone — yes, even Verizon and AT&T customers — to register for free access until July."

And, as they explained to Americans watching the Super Bowl, "If you can see the sky you're connected." Now in public beta, this breakthrough service, developed in partnership with Starlink, uses straight-out-of-a-sci-fi-movie satellite and mobile communications technology to help keep people connected — even you, Verizon and AT&T customers — in the more than 500,000 square miles of the country unreached by any carrier's earth-bound cell towers. That's nearly the size of two Texases...! The beauty of the service is its simplicity: users don't need to do anything out of the ordinary. When a user's cell phone gets out of range of a cell tower, the phone automatically connects to the T-Mobile Starlink network. No need to manually connect. Messages are sent and received just as they are today on a traditional network, even group texts and reactions. And it works on most smartphones from the last four years. It's not limited to a few smartphones or operating systems...

The beta is free until July at which point T-Mobile Starlink will be included at no extra cost on Go5G Next (including variations like Go5G Next 55+), T-Mobile's best plan. Business customers will also get T-Mobile Starlink at no extra cost on Go5G Business Next, first responder agencies on T-Priority plans and other select premium rate plans. T-Mobile customers on any other plan can add the service for $15/month per line. Through February, T-Mobile customers who have registered for the beta can secure a $10/month per line Early Adopter Discount, 33% off the full price.

AT&T and Verizon customers hate dead zones, too

When your service is amazing and different, you want as many people to try it as possible. T-Mobile is giving AT&T and Verizon customers the opportunity to try out T-Mobile Starlink satellite service on their existing phones... During the beta period, Verizon and AT&T customers can experience T-Mobile Starlink text messaging for free, and once the service launches in July, it will be available for $20/month per line... More details and consumer registration can be found here.

A Vision for Universal Coverage

As T-Mobile and Starlink continue to work towards eliminating mobile deadzones, the companies welcome wireless providers from around the world to join their growing alliance, which aims to provide reciprocal roaming for all participating carriers. So far, KDDI (Japan), Telstra (Australia), Optus (Australia), One NZ (New Zealand), Salt (Switzerland), Entel (Chile & Peru), Rogers (Canada) and Kyivstar (Ukraine) are among the providers that have signed on to join the cause and launch satellite-to-mobile technology. Learn more about the alliance and how providers can join at direct.starlink.com.

Long-time Slashdot reader Shayde once restored a 1986 DEC PDP-11 minicomputer, and even ran Turbo Pascal on a 40-year-old Apple II clone.

Now he's exploring a 27-year-old Macintosh PowerBook G3 — with 64 megabytes memory and 4 gigabytes of disk space. "The year is 1997, and Apple is in big trouble." (Apple's market share had dropped from 16% in 1980 to somewhere below 4%...) Turns out this was one of the first machines able to run OS X, and was built during the transition period for Apple after Steve Jobs came back in to rescue the company from bankruptcy.
It's clearly old technology. There's even a SCSI connector, PCMCIA sockets, a modem port for your phone/landline cable, and a CD-ROM drive. There's also Apple's proprietary ports for LocalTalk and an Apple Desktop Bus port ("used for keyboards, mice, and stuff like that"). And its lithium-ion batteries "were meant to be replaced and moved around, so you could carry spare batteries with you."

So what's it like using a 27-year-old laptop? "The first thing I had to note was this thing weighs a ton! This thing could be used as a projectile weapon! I can't imagine hauling these things around doing business..." And it's a good thing it had vents, because "This thing runs hot!" (The moment he plugs it in he can hear its ancient fan running...) It seems to take more than two minutes to boot up. ("The drive is rattling away...") But soon he's looking at a glorious desktop from 1998 desktop. ("Applications installed... Oh look! Adobe Acrobat Reader! I betcha that's going to need an update...")

After plugging in a network cable, a pop-up prompts him to "Set up your .Mac membership." ("I have so little interest in doing this.") He does find an old version of Safari, but it refuses to launch-- though "While puttering around in the application folder, I did notice that we had Internet Explorer installed. But that pretty much went as well as expected." In the end it seems like he ends up "on the network, but we have no browser." Although at least he does find a Terminal program — and successfully pings Google.

The thing that would drive me crazy is when opening the laptop, Apple's logo is upside-down!

Google's Super Bowl ad about a Gouda cheese seller appears to be using fake AI output, writes the Verge: The text portrayed as generated by AI has been available on the business's website since at least August 2020, as shown on this archived webpage. Google didn't launch Gemini until 2023, meaning Gemini couldn't have generated the website description as depicted in the ad.
The site Futurism calls the situation "beyond bizarre," asking why Google doesn't seem to trust its own technology. Either Google faked the ad entirely, or prompted its AI to generate the web page's existing copy word-for-word, or the AI was prompted to come up with original copy and instead copied the old version. In the publishing industry, that's referred to as "plagiarism."
And ironically if Gemini did plagiarize that text, the text that it plagiarized is also inaccurate.

I just saw an ad for TikTok on a YouTube video. But at the same time YouTube is running ads on TikTok, reports Bloomberg, targeting TikTok content creators in "an effort to lure these valuable users to the Google-owned rival and capitalize on TikTok's uncertain future."

One of YouTube's ads even received over a thousand likes, with Bloomberg calling it that TikTok "is willing to accept ad dollars from one of its fiercest competitors promoting a message aimed at undercutting its business." YouTube is the latest TikTok competitor to try to capitalize on the app's looming US ban, which could go into effect in early April. Meta Platforms Inc.'s Instagram announced a new video editing tool in January, and X also teased a new video tab as part of an effort to win over TikTok's content creators...

Google would be one of the biggest beneficiaries of a ban in the US. Both its flagship video service YouTube and its TikTok copycat, YouTube Shorts, would likely see an uptick in traffic if TikTok goes away. Google also plays an unusual role in TikTok's potential ban because it runs one of two mobile app stores controlling whether people in the US can download the video app. It has blocked TikTok from its Google Play store since the divest-or-ban law went into effect January 19.

An anonymous reader quotes a report from Ars Technica: If you watched the 2007 documentary King of Kong or followed the controversy surrounding score-chaser Billy Mitchell, you know all about Donkey Kong's famous kill screen. For over four decades, no one was able to pass the game's 117th screen (aka level 22-1) due to a glitch in the game's bonus timer that kills Mario well before he can reach the top of the stage's girders. That was true until last weekend, when Mario speedrunner Kosmic shared the news that he had passed the kill screen using a combination of frame-perfect emulator inputs, a well-known ladder movement glitch, and a bit of luck. And even though Kosmic's trick is functionally impossible to pull off with human reflexes on real hardware, the method shows how the game's seemingly insurmountable kill screen actually can be overcome without modifying the code on an official Donkey Kong arcade board.

An anonymous reader shares a report: Google has edited Gemini's AI response in a Super Bowl commercial to remove an incorrect statistic about cheese. The ad, which shows a small business owner using Gemini to write a website description about Gouda, no longer says the variety makes up "50 to 60 percent of the world's cheese consumption."

In the edited YouTube video, Gemini's response now skips over the specifics and says Gouda is "one of the most popular cheeses in the world." Google Cloud apps president Jerry Dischler initially defended the response, saying on X it's "grounded in the Web" and "not a hallucination."

Tom Blomfield, founder of Monzo, challenges the notion that Americans work harder than Europeans, attributing the U.S.'s economic edge to a culture of "positivity, optimism, and ambition" rather than sheer work ethic. He argues that the "know your place, don't get too big for your boots" mindset stifles innovation, whereas the U.S.' "American Dream" fosters a more dynamic start-up culture, making it easier for entrepreneurs to bounce back from failure. Fortune reports: Blomfield said the American dream wasn't a reality that a lot of people in the U.S. get to live, but it was one that a lot of them experience. "That idea that anyone can create anything if they try hard enough is so deeply American, and it's so antithetical to the British culture," he said. Blomfield was 28 when he co-founded Monzo in 2015. While he said people in the U.K. "looked at me like I was crazy" as he tried to get a banking license, he had a much more supportive reaction in the States. The Brit said his fellow countrymen were more inclined toward a "know your place, don't get too big for your boots" attitude that stifles innovation.

In Blomfield's view, this filters down to the career decisions made by the country's most promising university students. In the U.K., Blomfield says the most ambitious thing for students to do is work at a trading firm like James Street or a consultancy like McKinsey. Indeed, he suggests the default choice for PhD students in computer science is to join Goldman Sachs. In the U.S., meanwhile, Blomfield says he'll often get pitched start-up ideas by students from unexpected backgrounds, including English Literature undergrads. [...]

In April, Nicolai Tangen, the CEO of Norway's $1.6 trillion sovereign wealth fund, sparked a debate with his comments that there was a difference in the "general level of ambition" between U.S. and European workers, adding that Americans work harder. Blomfield said he had read data suggesting that the latter wasn't the case. But his thoughts do align with another of Tangen's points, namely that it is easier to start again in the U.S. if a business fails than in the U.K. Backed by the "American dream" ideal that Blomfield mentioned in his interview, the U.S. has long been more closely associated with entrepreneurialism and disruption than Britain, and Europe more widely. Since these comments were made last May (reprinted yesterday via Fortune), we'd like to open this up for a "Slashdot Asks" discussion. Do you think the "know your place" mindset Blomfield cited stifles innovation? How does it compare to the mindset in the United States or elsewhere? Any insights or examples to support your point are appreciated and will contribute to a more meaningful discussion.

Warner Bros. Discovery has quietly begun releasing dozens of its older films for free on YouTube, marking an unexpected shift in how the major studio handles its back catalog. Over the past month, the company has uploaded more than 30 full-length movies across five YouTube channels, without digital rights management or regional restrictions.

The collection includes both critically acclaimed films like "Waiting for Guffman" and "Michael Collins," as well as commercial disappointments like the 2002 Eddie Murphy film "The Adventures of Pluto Nash." Some releases have significant historical value, such as "Oh, God!" - a 1977 George Burns comedy that earned $51 million at release (equivalent to $265 million in 2024). This move represents a departure from traditional studio practices of protecting content through strict digital rights management and paid streaming services. Warner Bros. owns multiple distribution channels, including the Max streaming service and Turner Classic Movies, which makes the decision to release these films freely on YouTube particularly notable.

A developer has successfully run the classic video game Doom on Apple's $50 Lightning to HDMI adapter, exploiting the device's built-in system-on-chip that runs a simplified iOS version.

A recent video from retro tech YouTuber Clint "LGR" Basinger takes a deep dive into the history of the SereneScreen Marine Aquarium, exploring how former Air Force pilot Jim Sachs transformed a lackluster Windows 95 screensaver into a 25-year digital phenomenon. PC Gamer reports: The story centers on Jim Sachs, a man with one of those "they don't make this type of guy anymore" life stories so common to '80s and '90s computing, one Sachs recounted to the website AmigaLove back in 2020. After a six-year career in the US Air Force flying C-141 Starlifters, Sachs taught himself programming and digital art and began creating games for Commodore 64 and Amiga computers. From his first game, Saucer Attack, to later efforts like Defender of the Crown or his large portfolio of promotional and commissioned pieces, Sach's pixel art remains gorgeous and impressive to this day, and he seems to be a bit of a legend among Commodore enthusiasts.

It's with this background in games and digital art that Sachs looked at Microsoft's simple aquarium-themed screensaver for Windows 95 and 98 and thought he could do better. "Microsoft had an aquarium that they gave away with Windows where it was just bitmaps of fish being dragged across the screen," Sachs told the Matt Chat podcast back in 2015. "And they had that for like, three or four years. And I thought, I've given them enough time, I'm taking them to market. I'm gonna do something which will just blow that away."

Using reference photographs of real aquariums -- Sachs thanked a specific pet shop that's still around in an early version of his website" -- Sachs created the 3D art by hand and programmed the screensaver in C++, releasing the initial version in July 2000. Even looking at it all these years later, the first iteration of the SereneScreen Marine Aquarium is pretty gorgeous, and it has the added charm of being such a distinctly Y2K, nostalgic throwback.

The standalone screensaver sold well, but then things came full circle with Microsoft licensing a version of the Marine Aquarium for the Windows XP Plus Pack and later standard releases of the OS. Since that time, the Marine Aquarium has continued to see new releases, and a section on the SereneScreen website keeps track of its various appearances in the background of movies and TV shows like Law and Order. Over on the SereneScreen website, you can purchase a real time, 3D-accelerated version of the Marine Aquarium for Mac, iOS, Android, and the original Windows. Echoing the Windows XP deal, Roku actually licensed this 3.0 version for its TVs, bringing it to a new generation of users.

An anonymous reader quotes a report from Ars Technica: The Video Game History Foundation has officially opened up digital access to a large portion of its massive archives today, offering fans and researchers unprecedented access to information and ephemera surrounding the past 50 years of the game industry. Today's launch of the VGHF Library comprises more than 30,000 indexed and curated files, including high-quality artwork, promotional material, and searchable full-text archives over 1,500 video game magazine issues. This initial dump of digital materials also contains never-before-seen game development and production archival material stored by the VGHF, such as over 100 hours of raw production files from the creation of the Myst series or Sonic the Hedgehog concept art and design files contributed by artist Tom Payne.

In a blog post and accompanying launch video, VGHF head librarian Phil Salvador explains how today's launch is the culmination of a dream the organization has had since its launch in 2017. But it's also just the start of an ongoing process to digitize the VGHF's mountains of unprocessed physical material into a cataloged digital form, so people can access it "without having to fly to California." The VGHF doesn't require any special credentials or even a free account to access its archives, a fact that might be contributing to overloaded servers on this launch day. Despite those server issues, amateur researchers online are already sharing crucial library-derived information about the history of describing games as "immersive" or that one time Garfield ranked games in GamePro, for instance. Unfortunately, digital libraries cannot offer direct, playable access to retail video games due to DMCA restrictions, notes Ars. However, organizations like the VGHF "continue to challenge those copyright rules every three years," raising hope for future access.

The UK is considering making households who only use streaming services such as Netflix and Disney pay the BBC license fee, as part of plans to modernize the way it funds the public-service broadcaster. Bloomberg: Extending the fee to streaming applications is on a menu of options being discussed by Prime Minister Keir Starmer's office, the Treasury and the Department for Culture, Media and Sport, according to people familiar with the matter who asked not to be named discussing internal government deliberations. Alternatives under discussion include allowing the British Broadcasting Corp. to use advertising, imposing a specific tax on streaming services, and asking those who listen to BBC radio to pay a fee.

The government is the early stages of examining how to overhaul the funding of Britain's public broadcaster when its current 11-year charter ends on Dec. 31, 2027. Ministers are looking to either retain and alter the current television license fee model or scrap it and instead fund the BBC through alternative models such as taxation or subscription. That's because viewing habits have changed as users gravitate toward on-demand services. [...] The license fee dates back to 1946, when consumers watched programs at the time of broadcast. It currently costs households who watch live TV or use BBC iPlayer $210.6 a year, an amount that usually rises annually with inflation. Even if they don't watch BBC programs, households are required to hold a TV license to view or stream programs live on sites including YouTube and Amazon Prime Video. However it's not needed by those who only watch on-demand, non-BBC content.

At December's "Microsoft Excel World Championship" in Las Vegas, "finance professionals fluent in spreadsheets were treated like minor celebrities," writes the New York Times, "as they gathered to solve devilishly complex Excel puzzles in front of an audience of about 400 people, and more watching an ESPN3 livestream."

The Times notes that "many fans find out about the Excel championship through ESPN's annual obscure sports showcase, where it is sandwiched between competitions like speed chess and the World Dog Surfing Championships." But the contest's organizer envisions tournaments with "more spectators, bigger sponsors and a million-dollar prize" — even though this year's prize was $5,000 and a pro wrestling-style championship belt. The format for the finals was a mock-up of World of Warcraft, an online role-playing game. It required the 12 men (this particular nerdfest was mostly a guy thing) to design Excel formulas for tracking 20 avatars and their vital signs... To prepare, [competitor Diarmuid] Early adjusted the width of his Excel columns with the precision of a point guard lining up a 3-point shot. [Andrew] Ngai queued up a YouTube compilation of "focus music". After an announcer kicked off the 40-minute event — "Five, four, three, two, one, and Excel!" — the 12 players leaned over their keyboards and began plugging in formulas. One example: "=CountChar (Lower (D5),"W")" allowed one competitor, Michael Jarman, to figure out how many times the letter "W" appeared in a spreadsheet.
ZDNet points out that there's a seven-hour livestream of the event that's "worth checking out for the opening theme song alone."

The New York Times closes their article with a quote from super-fan Erik Oehm, a software developer from San Francisco who called the event "the Super Bowl for Excel nerds". Oehm watched excitedly from the front row as this year's winner — Michael Jarman — finally raised the championship belt overhead while someone dumped glitter on him. And then he said...

"You'd never see this with Google Sheets. You'd never get this level of passion."

Slashdot reader jenningsthecat writes: 3D printer manufacturer Bambu Labs has faced a storm of controversy and protest after releasing a security update which many users claim is the first step in moving towards an HP-style subscription model.
Bambu Labs responded that there's misinformation circulating online, adding "we acknowledge that our communication might have contributed to the confusion." Bambu Labs spokesperson Nadia Yaakoubi did "damage control", answering questions from the Verge: Q: Will Bambu publicly commit to never requiring a subscription in order to control its printers and print from them over a home network?

A: For our current product line, yes. We will never require a subscription to control or print from our printers over a home network...

Q: Will Bambu publicly commit to never putting any existing printer functionality behind a subscription?

Yes...
Bambu's site adds that the security update "is beta testing, not a forced update. The choice is yours. You can participate in the beta program to help us refine these features, or continue using your current firmware."

Hackaday notes another wrinkle: This follows the original announcement which had the 3D printer community up in arms, and quickly saw the new tool that's supposed to provide safe and secure communications with Bambu Lab printers ripped apart to extract the security certificate and private key... As the flaming wreck that's Bambu Lab's PR efforts keeps hurtling down the highway of public opinion, we'd be remiss to not point out that with the security certificate and private key being easily obtainable from the Bambu Connect Electron app, there is absolutely no point to any of what Bambu Lab is doing.
The Verge asked Bambu Labs about that too: Q: Does the private key leaking change any of your plans?

No, this doesn't change our plans, and we've taken immediate action.
Bambu Labs had said their security update would "ensure only authorized access and operations are permitted," remembers Ars Technica. "This would, Bambu suggested, mitigate risks of 'remote hacks or printer exposure issues' and lower the risk of 'abnormal traffic or attacks.'" This was necessary, Bambu wrote, because of increases in requests made to its cloud services "through unofficial channels," targeted DDOS attacks, and "peaks of up to 30 million unauthorized requests per day" (link added by Bambu).
But Ars Technica also found some skepticism online: Repair advocate Louis Rossmann, noting Bambu's altered original blog post, uploaded a video soon after, "Bambu's Gaslighting Masterclass: Denying their own documented restrictions"... suggesting that the company was asking buyers to trust that Bambu wouldn't enact restrictive policies it otherwise wrote into its user agreements.
And Ars Technica also cites another skeptical response from a video posted by open source hardware hacker and YouTube creator Jeff Geerling: "Every IoT device has these problems, and there are better ways to secure things than by locking out access, or making it harder to access, or requiring their cloud to be integrated."