The Web is Large, But It Stopped Growing, It's Just Consolidating (Few Giant Companies Control the Chessboard)
Julian Assange on How to Assess the Impact of Publications

Terrible System Design Wherein Servers Are Expected to Have Printers

posted by Roy Schestowitz on Sep 29, 2024

Wait, what???

"The loss of platform-independent zero-trust solutions of the 80s and 90s and their replacement with poorly made, platform specific, vendor-locked boondoggles like VPNs," an associate explains, resulted in poorer security. It's why the press is happy to blame "Linux" for some bugs that let people out there on the Net/Web do things to your server if it's connected to some physical printer connected to the outside world (it's bad practice, a bad idea, and very seldom done).

This topic seems relevant because we found around 25 links about it so far. "You're probably not vulnerable to the CUPS CVE," one blogger pointed out early on. "When I saw news of the upcoming 9.9 CVE, I was thinking it was something significant, like a buffer overflow in the glibc DNS client, a ping of death, or something actually exciting. Nope, it's CUPS, the printing stack. The most vulnerable component is cups-browsed, the component that enables printer discovery. CUPS is not typically installed on server systems, but cloud expert Corey Quinn claims his Ubuntu EC2 box has it without his knowledge. I have checked my Ubuntu systems and have not been able to find CUPS on them."

"Unless your servers can print for some reason," the blogger said, there's nothing to worry about.

On my main machine I hardly install anything new. It very rarely needs anything new. When I wanted to dabble in Sakura last week I just installed it on a "play box". Similarly, only one machine in our home (we have almost 10) is connected to a printer and it's not in any way accessible to the outside world. The printer has a USB port, not an IP address (apparently this became fashionable for mass storage devices), it's connected to a PC on the LAN, and it's definitely not a server.

How did we end up panicking over printing systems (from Apple) on a GNU/Linux server inside a server room? What use case is there for sending a (printing) job from a server to some printer somewhere? Inane? Insane? Theoretic threat blown out of proportion? Has any known system been compromised this way? █

Other Recent Techrights' Posts

"systemd is essentially a corporate IBM/Redhat project and corporations of course will comply": Microsoft and IBM care about users' freedom like Cheeto Lump cares about the US Constitution
Gemini Links 20/03/2026: Digital Identity Bifurcation and a "Return to Gemini": Links for the day
Even Uganda Understands That Journalists Never Belong in Prison: "Ugandan authorities must respect the spirit of this ruling and abandon any measures that seek to jail Ugandans for the free flow of ideas."
Inaction Helps Your Enemies: Without freedom, there's nothing else left
Windows Down From 99% to ~50% in Republic of Seychelles (République des Seychelles): Windows fell by a lot
Confluent Insiders: IBM Laid Over Over 800 at Confluent, Not Just 800: For the record, the layoffs at Confluent won't be over. After the bluewashing there will be "IBM RAs" impacting Confluent folks, aside from PIPs
The Layoffs at IBM Carry on (Shades of Enron): Is IBM another Enron?
"IBM boss Arvind Krishna... financial package valued at $38 million in calendar 2025 - equivalent to the average collective pay of 765 Big Blue workers.": continues to ruin the company to enrich himself while pretending he has a strategy
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, March 19, 2026: IRC logs for Thursday, March 19, 2026
SLAPP Censorship - Part 16 Out of 200: Detailing the Actors and Explaining Techrights' Own Internet Relay Chat (IRC) Network: For those who have not followed our story
Microsoft "hiding behind bigger news of war, Epstein, other companies' layoffs": They know what's coming, they just don't know when
Joerg Jaspert (Debian Account Manager/DAM) personally approved Raphael Hertzog's wife Sophie Brun: Reprinted with permission from Daniel Pocock
Letter 'A' prohibited by Code of Conduct extremism: Reprinted with permission from Daniel Pocock
Spoiler: Diversity & Debian means different things to different people: Reprinted with permission from Daniel Pocock
Solicitors Regulation Authority (SRA) Admits Failures and Criticism of Inaction on SLAPPs: many if not all solicitors and solicitor firms in the UK are in effect unregulated
Archiving or Preserving Pages About IBM Layoffs: Layoffs at IBM and the media does not talk about these
ABC, the American National Broadcaster, "Now Publishes Slop": If the "big media" absorbs slop, it'll no longer be trusted and therefore not read/watched by the public
Links 19/03/2026: Culling Deepfakes of Artists’ Music and "Age Verification Isn’t the Answer": Links for the day
Gemini Links 19/03/2026: "Aktion GPT-4" and "Kill All Descendants": Links for the day
"AI" 15 Times in Short 'Article' From The Register MS. And The Register MS Got Paid to Publish It.: gets paid to do this
People Who Decided to Boycott Novell Over Its Microsoft Alliance Should Also Boycott Canonical: As an associate put it, "selling out further, due to Microsoft moles inside Canonical"
Links 19/03/2026: "AI Glasses" as Euphemism for Mass Surveillance and ABC (US) Has Begun Publishing Slop as 'News': Links for the day
The European Patent Office, Europe's Second-Largest Institution, is on Strike Today: Lots more to come
What People Impacted by the Bluewashing Layoffs at IBM Confluent Say (While the Media Says Nothing at All, in Effect Burying the News): Worse yet, the mainstream media spreads lies about it right now
IBM Has Turned Red Hat and Fedora Into Slop: This is IBM policy
IBM is Being Robbed, Companies and Jobs Are Destroyed: Companies taken over by IBM will be exploited and destroyed to keep a bubble inflated for a little while longer
In Confluent Layoffs, IBM Vapourises a Quarter of Its Workforce (IBM Buys Something That It Destroys Already): In the past, such things were typically referred to as "media blackout"; now it's just "the norm".
IBM Effect at Confluent: Mass Layoffs and IBM's Business Conduct Guidelines (BCGs) Said to be Violated: For Confluent employees who survived the layoffs there will be "culture chock"
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 18, 2026: IRC logs for Wednesday, March 18, 2026
Links 19/03/2026: LLM Fatigue (It Doesn't Work as Advertised), "Small Web Feeds": Links for the day
SLAPP Censorship - Part 15 Out of 200: Background and Particulars of Truth Regarding Techrights and Tux Machines: the basic facts (this has aged well, except the times/ages/numbers)
A Slopfarms Survey for Today (linuxteck.com, linuxsecurity.com, linuxjournal.com): Not only did Google news link to a slopfarm; it linked to three run by the same team!
Links 18/03/2026: "Venture Capitalist Warns That It’s All About to Come Crashing Down" Due to Slop Bubble, "Birdwatching for Fun and no Profit": Links for the day
IBM Red Hat is Still Promoting Restricted Boot Which Restricts Users' Control Over Their Computers: Red Hat under IBM is a total catastrophe
Arvind Says... Something Something "Hey Hi" (the State of Today's Media): Look for news about IBM and most likely it'll boil down to some sound bites from an executive and nothing else
New Post Has Just Explained How IBM Gets Robbed by the People Who Fail IBM: Their plan for IBM is a personal plan
Slop-Spewing GAFAM LLM That Knows Nothing and Understands Nothing, It's a Stochastic Parrot That Cannot Even Figure Out Tux Machines is a Community That Started in Tennessee 22 Years Ago: RMS rightly calls those things "bullshit generators"
Cusdeb Makes New Presentation About Where GNU Hurd (Still a Possible Linux Replacement) Stands in 2026: coming from a generally RMS-friendly account
Gemini Links 18/03/2026: Librarians, Phone Anxiety, Growing 'Small' Net, and Slop Versus Software Engineering: Links for the day
Estimates That IBM to Lay Off Close to 10,000 Workers in 2026 (Not Counting People Pushed Out): There's still chatter about Confluent mass layoffs
Smug Threat by Garrett to Put My Family and I in Prison Doesn't Prove We Did Anything Wrong, It Only Proves He's Truly Desperate to Stop Further Publications That Embarrass Him: his reputation is poor in the United States
systemd Increasingly Microsoft Project, Controlled by Microsoft and Slopware: Cannot allow choice
What IBM Meant to Red Hat: "Proprietary Bundling, Restricted Source Access": Anyone or anything that joins IBM likely shortens its lifespan
IBM Thrashing Confluent Upon Arrival, Based on Rumours: We deem it a bigger issue that investigative journalism perished, not that one must rely on hearsay online or mere "rumours"
Slop Is Plagiarism, Not (Vibe) Coding, and It's Not Automated, It Doesn't Save Money: Reject misnomers, explain what's actually happening
UPC is Still Illegal and Unconstitutional (Kangaroo Court for Patents, Manned by Corporate Staff), Federal Court of Justice of Germany Receives Belated Complaint About It: What is happening to Europe???
EPO Demonstration Happening Right Now, Later This Week Things Will Only Escalate Further: The SUEPO The Hague Committee wrote to staff this morning
Sophie Brun, Raphael Hertzog & Debian sexual conflicts of interest: Reprinted with permission from Daniel Pocock
Links 18/03/2026: Commodore's Hedley Davis Dies, Apple Not Good Enough, Cheeto "Floats Treason Charges for Iran War Coverage": Links for the day
A Step Close to Shutting Down the European Patent Office (EPO): Not going to work all month long
EPO Staff Demonstration Today: The demonstration will be live-streamed for those thousands of colleagues who don't live in Munich
Gemini Links 18/03/2026: Brazilian SYN Attacks and BGP: Links for the day
LibreLocal Also Coming to Jordan, Kenya, Mexico, New Zealand, and Spain: It helps raise awareness of Software Freedom
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, March 17, 2026: IRC logs for Tuesday, March 17, 2026