[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Does anyone know how to configure a Brother MFC-J5720DW with cups?



Den 08. mars 2016 13:26, skrev deloptes:
Of course if you require high level of security you can not trust such binaries, but if you are at this level of security I do not think you will be working at the computer that much or at least use such kind of hardware. In such case it is best to use analog equipment or PC in closed network. You still have choice(s). regards
Many years ago, when I was CTO (function, not title) at a small company, the developers had two PC's, one connected to the Internet, and one connected only to an internal development network. Binaries was burned to CD and then given to customers, or copied to our web servers. Eventually it became too hard to keep the development on a closed system. More and more of the development tools expected an Internet connection. At that time we made most of the revenue making software that ran on Windows.
Today I miss the feeling of security I had back then. It would be very, very hard for an adversary to penetrate the closed network and compromise the software we delivered. I assume that a determined adversary can penetrate my current defenses relatively easy. There are so many layers of potential vulnerable firmware and software between the network plug and my file systems and system memory that any other assumptions would be rather naive. Still, I try to defend my code, my privacy and my intellectual property as good as I can. Not running java-script outside disposable virtual machines is one line of defense. Not running alien shell scripts or drivers from untrusted sources is another. It does not make my system safe - but it makes it less likely at least to be penetrated by the most clueless script-kiddies or automated bots.
And frankly, it makes no sense to me that printers require special drivers in order to work. The transport protocols are standardized. The page description protocols are standardized (or at least well known). Using proprietary transport or page description protocols seems just like a waste of development resources and support resources. It's very hard to make good, optimal implementations of anything slightly complex (it's just weeks ago another dns bug was found in glibc!). Therefore it should be best for everyone to refine common code to do such things as safe and efficient as possible. Not reinventing wheels and doing the same stupid mistakes over and over again. I really don't understand what the printer industry (this is not only a problem with Brother) is doing. May be it boils down to something as simple as the egos at incompetent product managers. 

Jarle
Reply to: