The Web is Large, But It Stopped Growing, It's Just Consolidating (Few Giant Companies Control the Chessboard)
Julian Assange on How to Assess the Impact of Publications

Terrible System Design Wherein Servers Are Expected to Have Printers

posted by Roy Schestowitz on Sep 29, 2024

Wait, what???

"The loss of platform-independent zero-trust solutions of the 80s and 90s and their replacement with poorly made, platform specific, vendor-locked boondoggles like VPNs," an associate explains, resulted in poorer security. It's why the press is happy to blame "Linux" for some bugs that let people out there on the Net/Web do things to your server if it's connected to some physical printer connected to the outside world (it's bad practice, a bad idea, and very seldom done).

This topic seems relevant because we found around 25 links about it so far. "You're probably not vulnerable to the CUPS CVE," one blogger pointed out early on. "When I saw news of the upcoming 9.9 CVE, I was thinking it was something significant, like a buffer overflow in the glibc DNS client, a ping of death, or something actually exciting. Nope, it's CUPS, the printing stack. The most vulnerable component is cups-browsed, the component that enables printer discovery. CUPS is not typically installed on server systems, but cloud expert Corey Quinn claims his Ubuntu EC2 box has it without his knowledge. I have checked my Ubuntu systems and have not been able to find CUPS on them."

"Unless your servers can print for some reason," the blogger said, there's nothing to worry about.

On my main machine I hardly install anything new. It very rarely needs anything new. When I wanted to dabble in Sakura last week I just installed it on a "play box". Similarly, only one machine in our home (we have almost 10) is connected to a printer and it's not in any way accessible to the outside world. The printer has a USB port, not an IP address (apparently this became fashionable for mass storage devices), it's connected to a PC on the LAN, and it's definitely not a server.

How did we end up panicking over printing systems (from Apple) on a GNU/Linux server inside a server room? What use case is there for sending a (printing) job from a server to some printer somewhere? Inane? Insane? Theoretic threat blown out of proportion? Has any known system been compromised this way? █

Other Recent Techrights' Posts

Windows Has Fallen to All-Time Lows in Switzerland Since GNU Celebrated 40th Anniversary (GNU’s 40th Birthday in Biel, Switzerland): GNU/Linux has been doing well in Switzerland
One Person's Take on Jef Spaleta, the New Fedora Project Leader: "With a little searching, I wonder what else may be found regarding Microsoft."
LLM Slop Has Virtually Killed unixmen.com and Many Other Sites: There's no longer any incentive to write real articles in there
In Some Countries, Laptops and Desktops Become a Dying Breed (Even Before Tariffs), Windows Has Nowhere to Go: expect more GNU/Linux on new and existing laptops
When the Credibility or 'Quality' of Clients Ceases to Matter, It's About Helping Rich Companies Like Microsoft Censor Critics (No Matter the Risks): Bad ideas typically result in undesirable outcomes
UAE: GNU/Linux and Android at Record Levels, Windows at New Lows and Falling Below Apple: Even iOS is measured as bigger than Windows this month
Links 07/04/2025: Reddit Occupied (Social Control Media Controlled by Oligarchy), Demise of Globalisation Ongoing: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, April 06, 2025: IRC logs for Sunday, April 06, 2025
Links 07/04/2025: Leaving Gemini/smolweb and Mastodon Migrations: Links for the day
In Iraq, Windows 3.1 (Percent): There's also zero
Links 06/04/2025: Flood, Cool Gemini Capsule, and Long Form: Links for the day
Links 06/04/2025: Science, Politics, and Pricier Goods: Links for the day
Sharp Declines for Microsoft Windows in Bangladesh (Pop. ~175,000,000), Big Gains for GNU/Linux: Microsoft Windows has been having a really hard time in poor countries
Links 06/04/2025: Fake Reviews, Privatisation Heists, and "AI" as Smokescreen for Impoverishing Humans: Links for the day
Taking a Moral Stand Against Strategic Lawsuits Against Public Participation (SLAPPs) and the Worst Offenders/Facilitators: Any other stance would sidle with moral depravity or moral hazard
Links 06/04/2025: Many New Acts of Repression and Elements of Financial Depression: Links for the day
In Qatar GNU/Linux Rose From Under 1% to Over 4% in Two Years (or Over 5% If Counting ChromeOS): It's a big improvement compared to what we saw last year
LLM Scrapers Are a Nuisance, But They're Also a Reminder It's Time to Make Your Site Static: Perhaps the best protection is the ability to endure surges
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, April 05, 2025: IRC logs for Saturday, April 05, 2025
Links 06/04/2025: Attacks on Education, Fake Patents, and Fake (Illegal) Patent Courts: Links for the day
France: Apple and Microsoft Down, GNU/Linux Up to New Record Levels: How will tariffs against France impact things in the coming months?
Open Source Initiative (OSI) Privacy Fiasco in Detail: What Was Reported to the California Privacy Protection Agency (CPPA): We hope to finish this whole lot within a week, then move on to election, lobbying etc.
Links 05/04/2025: Tariffs Backfiring, YouTuber Arrested, X/Twitter Set to be Fined: Links for the day
Gemini Links 05/04/2025: Offline is For Everyone, Copyright Colonialism, and More: Links for the day
Links 05/04/2025: TikTok Unsold (Still), Royal Society is Dead: Links for the day
Techrights Will Spend the Next Few Years Writing a Lot About Strategic Lawsuits Against Public Participation (SLAPPs): It's a growing problem
The State of EPO Staff's Health in Rijswijk or The Hague: We're going to cover the EPO some more later in the month
NVIDIA Corp Lost 36% of Its "Value" Since Cheeto Inauguration, But "Gen Hey Hi" (GenAI) is Totally Not a Bubble: Selling loads of unneeded hardware based on hysterical hype; like selling shovels during a Gold Rush
GNU/Linux Growing in East Asia, Windows by Default No More?: GNU/Linux is now on the shelf
Slopwatch: Anti-Linux 'Articles' From Linux-Hostile LLMs: It is almost always negative things and nobody can be held responsible for it except the charlatans prompting the LLMs
Links 05/04/2025: Fentanylware (TikTok) "Sale Looks Highly Imminent" (US), Stock Market Drowning in Panic: Links for the day
Gemini Links 05/04/2025: Moving Plants, No to Smartwatches, RAID Hygiene: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, April 04, 2025: IRC logs for Friday, April 04, 2025