Re: Does anyone know how to configure a Brother MFC-J5720DW with cups?
Den 08. mars 2016 13:26, skrev deloptes:
Of course if you require high level of security you can not trust such
binaries, but if you are at this level of security I do not think you
will be working at the computer that much or at least use such kind of
hardware. In such case it is best to use analog equipment or PC in
closed network. You still have choice(s). regards
Many years ago, when I was CTO (function, not title) at a small company,
the developers had two PC's, one connected to the Internet, and one
connected only to an internal development network. Binaries was burned
to CD and then given to customers, or copied to our web servers.
Eventually it became too hard to keep the development on a closed
system. More and more of the development tools expected an Internet
connection. At that time we made most of the revenue making software
that ran on Windows.
Today I miss the feeling of security I had back then. It would be very,
very hard for an adversary to penetrate the closed network and
compromise the software we delivered. I assume that a determined
adversary can penetrate my current defenses relatively easy. There are
so many layers of potential vulnerable firmware and software between the
network plug and my file systems and system memory that any other
assumptions would be rather naive. Still, I try to defend my code, my
privacy and my intellectual property as good as I can. Not running
java-script outside disposable virtual machines is one line of defense.
Not running alien shell scripts or drivers from untrusted sources is
another. It does not make my system safe - but it makes it less likely
at least to be penetrated by the most clueless script-kiddies or
automated bots.
And frankly, it makes no sense to me that printers require special
drivers in order to work. The transport protocols are standardized. The
page description protocols are standardized (or at least well known).
Using proprietary transport or page description protocols seems just
like a waste of development resources and support resources. It's very
hard to make good, optimal implementations of anything slightly complex
(it's just weeks ago another dns bug was found in glibc!). Therefore it
should be best for everyone to refine common code to do such things as
safe and efficient as possible. Not reinventing wheels and doing the
same stupid mistakes over and over again. I really don't understand what
the printer industry (this is not only a problem with Brother) is doing.
May be it boils down to something as simple as the egos at incompetent
product managers.
Jarle
Reply to: