The Web is Large, But It Stopped Growing, It's Just Consolidating (Few Giant Companies Control the Chessboard)
Julian Assange on How to Assess the Impact of Publications

Terrible System Design Wherein Servers Are Expected to Have Printers

posted by Roy Schestowitz on Sep 29, 2024

Wait, what???

"The loss of platform-independent zero-trust solutions of the 80s and 90s and their replacement with poorly made, platform specific, vendor-locked boondoggles like VPNs," an associate explains, resulted in poorer security. It's why the press is happy to blame "Linux" for some bugs that let people out there on the Net/Web do things to your server if it's connected to some physical printer connected to the outside world (it's bad practice, a bad idea, and very seldom done).

This topic seems relevant because we found around 25 links about it so far. "You're probably not vulnerable to the CUPS CVE," one blogger pointed out early on. "When I saw news of the upcoming 9.9 CVE, I was thinking it was something significant, like a buffer overflow in the glibc DNS client, a ping of death, or something actually exciting. Nope, it's CUPS, the printing stack. The most vulnerable component is cups-browsed, the component that enables printer discovery. CUPS is not typically installed on server systems, but cloud expert Corey Quinn claims his Ubuntu EC2 box has it without his knowledge. I have checked my Ubuntu systems and have not been able to find CUPS on them."

"Unless your servers can print for some reason," the blogger said, there's nothing to worry about.

On my main machine I hardly install anything new. It very rarely needs anything new. When I wanted to dabble in Sakura last week I just installed it on a "play box". Similarly, only one machine in our home (we have almost 10) is connected to a printer and it's not in any way accessible to the outside world. The printer has a USB port, not an IP address (apparently this became fashionable for mass storage devices), it's connected to a PC on the LAN, and it's definitely not a server.

How did we end up panicking over printing systems (from Apple) on a GNU/Linux server inside a server room? What use case is there for sending a (printing) job from a server to some printer somewhere? Inane? Insane? Theoretic threat blown out of proportion? Has any known system been compromised this way? █

Other Recent Techrights' Posts

Rust is Starting to Seem More Like Microsoft-hosted "Digital Maoism", Not a Legitimate Effort to Improve Security: Maybe this is very innocent, but they seem to have taken a solid, stable program from a high-profile Frenchman and looked for ways to marry it with GitHub, i.e. Microsoft/NSA
Finland, Lithuania, and Latvia Fortify Their Digital Border With GNU/Linux: This month's data from statCounter is particularly interesting near the Baltic Sea
Richard Stallman Gives Public Talk at Technical University of Liberec, Czech Republic: "For programs that you could run, and for network services that could do your own computing, under what circumstances is it reasonable to trust them?"
Another Wave of Microsoft Layoffs Comes Shortly. Microsoft Propaganda Sites and Slopforms Powered by Microsoft LLMs Already Spew Out Face-Saving Nonsense.: Based on last month's leak, some very extensive layoffs are now imminent [...] Perhaps we can expect a lot of noise, some of it spewed out by bots, to distract from or belittle the impending mass layoffs
Ubuntu Becomes Microsoft GitHub, Based on Decision Made by British Army Officer: You're hopeless, Canonical
People Used to Talk: If pets can live a measurably happy life without gadgets and "apps", why can't humans?
Outsourcing GNU/Linux to Microsoft GitHub Promoted by Microsoft LLM Slop and Army Officers: Something doesn't seem right
Weaponisation of For-Profit Dockets - Part III: No More Media Lawsuits From Brett Wilson LLP This Year, One Can Only Guess Why: People leak a lot of material to Techrights because they know, based on the track record, that the sources will be protected and whatever gets published will stay online, in full, no matter how stubborn an effort (even lawsuits and blackmail) will be sent its way
Gemini Links 07/05/2025: Adopting GrapheneOS, Further Enshittification of Flickr: Links for the day
Links 07/05/2025: CISA Gutted, Debt-Saddled (Likely Insolvent) 'Open' 'AI' (Proprietary Slop) Faking Its Financial State Again: Links for the day
The European Patent Office (EPO) Has a Very Profound Corruption Issue, Far More Urgent an Issue Than Pronouns: a rather long document
Today We Turn 18.5: The eighteenth "and a half" anniversary
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 06, 2025: IRC logs for Tuesday, May 06, 2025
Microsoft Finally Admits That XBox is ****: In this case, "enshittification" is an understatement
Slopwatch: Microsoft Slop, Anti-Linux Slop, and IBM Marketing Itself as a Slop Company: Microsoft-controlled LLM spewing out garbage about "Linux"
Links 06/05/2025: Microsoft's Assassination of Skype After Years of Failure, Slop Hallucinations Are Getting Worse: Links for the day
Links 06/05/2025: Changing Places and StarGrid for PalmOS: Links for the day
Windows and Microsoft Causing Serious Data Breaches, Media Rushes to Blame That on "Linux" Somehow: While selling us some rusty old propaganda about how moving to Microsoft GitHub (Rust) will improve security
Making Site Archives More Easily Accessible (Approaching 50,000 Blog Posts): Efforts to censor us have always backfired badly
Weaponisation of For-Profit Dockets - Part II: Hiding Behind Lawyers and Barristers Who Lack Standards so as to Engage in Classic Corporate Extortion: They're trying to scare people and they misuse their licence to operate
Links 06/05/2025: LLMs/Chatbots Attract More Scrutiny (Getting Worse Over Time), PwC Has Many Layoffs: Links for the day
Thanks for listening. How can this Morse feed be further improved?: Right now any and all feedback on the audio would be helpful
statCounter: Bing's Market Share Lower Right Now Than It Was When LLM Hype Began (With "Bing Chat"): If anybody gains at Google's expense in search, it is BRICS' alternatives such as Yandex
Gemini Links 06/05/2025: Failure and Proxmox Cluster: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, May 05, 2025: IRC logs for Monday, May 05, 2025
Weaponisation of For-Profit Dockets - Part I: Hiding Behind Lawyers (or Guns for Hire) After Abusing Many People and Even Strangling Women While Microsoft Paid Salaries: This whole thing is very typical of the Microsoft and Bill Gates mindset
From EPO to "MAGA Regime": A Shift Away From Reality to Fake News and False Metrics: Disbelief in itself isn't a bad thing; but the problem is that people are taught to believe rich people in suits more than they believe others
Skype is Officially Dead Today and This is Why People Should Use Free Software Instead (Goodbye, Microsoft): It's also a good reminder of why people should move to GNU/Linux
'Simple Articles' in MyGemini Just One of Many New 'Sites' in Geminispace: Geminispace has grown fast lately; it's turning 6 next month
Links 05/05/2025: TikTok Still a Romanian Woe/Foe, Signal Perils Showing: Links for the day
Gemini Links 05/05/2025: Debian and GNOME and a "Welcome to Simple Articles": Links for the day
Links 05/05/2025: US Economy Shrinks, US Presidency Spreading Deepfakes: Links for the day
Links 05/05/2025: Breaches, Environment, and Conflicts: Links for the day
SUSE the Company Now Uses LLM Slop to 'Write' Its Blog, What Does That Tell Us About SUSE?: There are many giveaways
Richard Stallman is in Alicante Today to Give a Talk, Czech Republic in Two Days (Wednesday): Of course he can deliver the talk in Spanish
Gemini Links 05/05/2025: XL Bullies and Luddites: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, May 04, 2025: IRC logs for Sunday, May 04, 2025