There was talk a while back about them silently degrading print jobs that used third party ink. I forget the exact details but it was arguably more heinous than the HP stuff since at least that happens out in the open — this was special code to make third party ink look worse without explanation.
> My Brother printer is not allowed to talk to the internet. Here's hoping a windows machine on my network doesn't accidentally update it.
Same here.
I keep my HP LaserJet isolated from the Internet (both directions), as well as from LAN devices that haven't been allowlisted for it. Only devices that are limited to generic open source drivers can print to it, since you can't trust the battleship-sized HP "driver" packages not to update firmware.
My Brother color laser printer, I don't use very often, so I just carry the Debian laptop over to it, and plug in the USB cable, as needed.
This isn't perfect, and I can still think of sneaky ways to update the firmware of the small fraction of the installed bases that do isolation like this.
But it's the best reasonable compromise I can find right now, without spending hundreds of hours on what I suspect is the next step of protection. (Which would be "data diode"-like filtering that's aware of application layer protocols and file formats, and only passes validated-safe bytes to the printer. I suspect that an even harder approach would be trustworthy open source replacement printer firmware, unless someone finds and pursues a GPL legal attack, like the situation that birthed the wonderful OpenWrt.)
AFAIK, Brother seemed to have pretty universal word-of-mouth goodwill among techies until the last maybe couple years. But even if that goodwill had significant effect on the balance sheet (relative to the primary marketing methods), my layperson impression is that it'd be a rare CEO who didn't cash in goodwill (especially goodwill built up by a predecessor). And with US government being sabotaged right now, maybe regulators like the FTC will also not be barriers to brands doing whatever a CEO wants, even more than in recent decades.
Because the paper and ink handling mechanicals are even less common than say PC grade electronics which are largely commoditized for an ecosystem of multiple designers. Eg Framework or MSI etc can design and build motherboards in the ecosystem. But, print engines afaic aren't design components packaged for multiple design partners.
> They're trying to lock down 3D printers too in NY state.
Good luck with that. Unkess they inspect every single vehicle and delivery entering the state they could only make it a little less convenient and force a few more people to buy a kit instead.
A video by Stuff Made Here covered what is essentially one such machine [0].
That specific machine is meant for generating handwritten notes, but I imagine it could likely work for general purpose documents too with some tweaks.
It seems weird because back in the 1990s there were a bunch of companies combining e.g. Canon print engines with their own RIP. But now everything has vertically integrated?
There's near zero money in printer hardware. Ink is what makes money. So few people are printing nowadays that it's effectively a dead-end industry. It's not new, there's very few innovations in printing lately (other than ink tanks but even then, that's not that new). You've been able to print over wifi for a while now and have had access to some sort of cloud printing service for just as long. I could see some hobbyist wanting to develop their own printer but I doubt any manufacturers would sell them a print engine, there's not enough money to even bother replying to an email. Maybe I could see something where you piggyback onto the controller board and run your own software but that's likely such a niche market. Who cares enough to do so? Firewall your printer off and use printers that support generic drivers and can take generic ink (or can be tricked into doing so), you'll save a lot more time than building your own printer that you'll use twice a year.
I'm surprised that HP hasn't shuttered Instant Ink because of the terrible PR they get from people that don't understand how the service works, subscribe for a month for $3, then are all Surprised Pikachu when they cancel the service and they can't use the ink anymore.
If you can limit yourself to vector graphics, there are inexpensive open-source pen-plotters which use the same Arduino-based grbl program that is used by CNC drilling machines. I don't know how reliable they are, and I don't know of one with an automatic paper-feed, and they probably take long to draw, particularly if there are a lot of solid color areas. Looking on amazon I see a cheap A4-sized self-assemble pen-plotter for $130.
Because as much as we like to complain about consumer hostile printer companies, modern printers are marvels. Reliable, excellent print quality, and fast and all that for very inexpensive prices.
If selling printers was a business with decent margins, you would find a lot of Chinese white label printers doing more for less.
Making a reliable paper feed is surprisingly difficult and requires construction with tiny tolerances.
Not to mention that if you tried to re-invent it yourself, there's a good chance you'd end up violating a patent. Even if you didn't, HP or some other company could allocate a lot of legal funding to convince a judge that you have.
Just here to yet again say that updates are bad and you shouldn't update things that work because the only outcomes are that they either continue working or they stop working. Don't roll the dice.
That’s a terrible article. It includes nothing to backup the claims it makes- that printers have a plethora of vulnerabilities. The reality is your printer probably isn’t a realistic attack vector.
Your average network firewall will keep you safe, but certainly in theory physical access to the printer could serve as a gateway to the rest of the LAN, and certainly physical access in theory facilitates accessing recently-printed documents.
Tsk, don't you know that on Hacker News everybody is assumed to have the same threat model as a 3-letter spy agency, and is required to behave accordingly?
For example, you probably want to keep updating the OS of your computer, if the computer is at all connected to the internet in any way. Which for most of us is the case because we want to browse the web etc.
One day, after an OS update for your computer, the vendor software for using the scanner portion of your multifunction printer stops working because it’s not compatible with the latest version of the computer OS. So you are forced to update that too. And then when you try to use the new version of that software, it refuses to work unless you let it update the firmware of your multifunction printer. So you allow it to do that. And now they successfully locked you out from using 3rd party printer cartridges with your multifunction printer.
If you are lucky / if you did research ahead of time before you bought the multifunction printer in the first place, maybe you bought one that doesn’t require any manually installed vendor provided software to work. And so at least you don’t have the exact situation above.
But even then you’d have to do a lot of digging to know what happens in the background.
If you are on macOS or Windows, does any of the parts of the OS that allows your multifunction printer to work without you manually installing anything extra do any kind of firmware updates for your printer automatically and silently in the background? I have no idea.
Hell, even with Linux there are binary blob things involved in a lot of distros that I couldn’t know if they would eventually end up updating firmware for my printer.
It seems to me that it is near impossible to truly be certain that any multifunction printer does not eventually somehow receive a firmware update even if you never manually install any vendor provided software related to the printer.
it is why i don't update my OS, and selectively only apply security patches (that should, in theory, not affect the compatibility of printer drivers).
I do the same with my mobile phone. Only update when i know the need - aka, an app has a new feature that is worth the risk of an update. And only update that one app.
The security threats from external sources are less than the "real" threat - the very companies trying to sell you the update.
I follow the same policy as you do with all non-open-source software.
(With open source software, it's generally straightforward or at least possible to downgrade if something breaks… and I'm usually very confident that the software isn't being intentionally degraded on purpose.)
But folks like you and me are few and far between, and vendors and IT departments tend to be incredibly hostile to this approach.
No. Changing things increases the chance that working things will break when it comes to computers, the wear and tear on computers in general comes at a much slower rate than the rate of update induced failure.
I have a HIKMICRO mini USB-C thermal camera and out of the box it worked like a normal UVC camera so I could use other standard webcam-compatible apps to view it (thermal apps tend to have choppy video capture). I was reviewing it so I updated the firmware, and then UVC functionality was basically broken, so it only worked with their app afterwards. I contacted them but they didn't seem to grasp the significance or care.
I don't think so, unless you're talking about professional-grade printers for businesses who print a LOT and look at the TCO of printers before buying them. Consumers buy literally the cheapest printer available at the store. Manufacturers have had to start shrinking the amount of ink in starter cartridges just to get consumers to buy any cartridges at all since otherwise people would buy a new printer instead of buying cartridges.
A printer that's actually profitable without any ink sales is going to cost hundreds of dollars more than any consumer would be willing to pay.
I'd love to see it, but realistically that's not the world we're living in. 99% of people will just pick whatever box in the store that looks snazzy and is cheap.
Here's how a printer company could go bankrupt immediately:
- Fixate on open firmware and force all third parties to open source their code (because yes, third party firmware vendors are necessary to develop a working printer system)
- Make a puny profit on durable hardware
- Miss out on the only true recurring revenue you can have
I can confirm this from my own, anecdotal experience. My current brother printer no longer recognizes refilled ink cartridges and some third party cartridges.
Yes but it is expensive and slow, rarely big enough for A4 (or Letter) and would be plastic. Additionally it would be maybe up to 4 colours. Not as in CYMK but as in 4 colours total no mixing.
Unless you do a lithographic print but they need a light source to be seen.
Also you can print pixels. You convert to G code so it is made up of lines.
3D printers don't have anywhere near the resolution of 2D printers. Take something like a $300 Epson photo printer [1]. It has 5760 x 1440 dpi with 6 colours!
A Creality Ender 3 Pro, a common budget 3D printer, has an accuracy of 0.1mm. That's an equivalent of about 254 DPI.
Of course, that's just the positioning. If you're 2D printing on a 3D printer by mounting a pen to the end, you're also limited by the thickness of the pen tip.
In any case, you could certainly draw text, but you'd only want to use a font that relies on thin lines, nothing thick. Filled in spaces would be difficult, and of course, photos are just completely out of the question.
As mentioned in a sibling comment, really you'd have just reinvented plotters which have existed for decades.
In case anybody doesn't get the reference, printer driver trouble is what initially motivated Stallman to come up with the idea of free software and ultimately the GPL and the FSF.
I can't believe the entire FOSS ecosystem essentially stemmed from printer issues, and we _still_ don't have a mainstream FOSS printer firmware that removes DRM and tracking dots (and whatever else they do nowadays) akin to OpenWRT, but for printers.
We have fully open source hardware AND software _3D_ printers capable of printing working guns, but we can't improve the process of squirting ink on paper so it's not universally abhorred?
It does always sound really crazy because in our minds 3D is more complex than 2D, but in reality 3D printing is actually really really simple, it's basically just 3 motors, a heat block, and an extruder, that's pretty much it.
Whereas 2D (inkjet) printing has all of the above (minus one motor), and actually comes with a few non-trivial non-printing related expectations as well, like loading and expelling a print surface (often many in one print), optionally flipping said print surface (and this requires that ink has dried as well) and colour processing to map computer colours to real-world colours.
It's actually even more complicated than that. Modern printers include a raster image processor (RIP) [1]. This specialized software converts vector graphics, text, and pixel-based images into a raster dot pattern that controls the print head. The individual dots that get printed can't be varied in size or brightness, so the variations in image tone are controlled by the density of the dots in the raster pattern. This is called halftone [2].
Firmware is the thing that Framework has failed the most at from day one to today. It's every bit as locked down as everyone else's only without the big guys quality control and updates so you get to live with bugs for the entire life of the hardware.
Their firmware updates are complete clown car. When they actually do one, the update process itself is just stupid fragile. Cross your fingers and clear your schedule for the next day in case you aren't lucky. You have a 10% chance of being left with a machine that probably still runs but works worse than before, and no ability to roll back.
I have a 11th gen intel board that is completely unusable after an update, but might possibly still be recoverable if I reinstall it into the laptop so it can use the laptop display instead of displayport. But I'd have to take my current 12th gen board out and then put it all back again after.
A Framework printer, if it matched a Framework laptop, would still have shit firmware, probably licensed from one of the majors, with all the same bad behavior, except with more bugs.
disagree it's all their fault, I've had 0 problems with my amd board on linux, and anecdotally that appears to be common on the forums, where intel is more painful.
That's one of the reasons I refused to invest prior to their amd board. I can't trust intel not to be toxic.
I'd still take a broken crappy printer from framework (assuming it's hackable, and not doom and gloom like you predict) over the status quo. I mean, I mainline linux because software being non-toxic is more important than polish will ever be to me.
This topic has come up several times and there are apparently a host of issues. Patents in paper handling etc. A replacement, open source control board send potentially more doable.
The entire gnu software movement was started decades ago already because one guy was fed up with printer firmwares and thought they should be replaced with public diy open source firmware to make the printers actually serve their owners.
"it's time" was already forever ago and some serious committed practically religious power devs tried and gave up on it, even while toppling practically all other software ecosystems.
Hell even the current locked down user-hostile printers are actually running linux and gnu software. That must be exceedingly galling.
Enshittification is like metastasized cancer that will spread to everything. Firefox TOS crap, Brother becoming HP. If it's connected to the internet it will wither and die.
We have a large inventory of Brother printers we use onsite at events. We use Samsung for 12+ years until they pulled out of the printer business. We chose Brother mainly because they weren't HP with their toner practices. Now looks like it may not make much of a difference.
My Samsung ML-1910 is 15+ years old and still going. USB only so it's plugged in to a box running CUPS. I used to use a Raspberry Pi for it. I don't print an awful lot, only on my second ever toner cartridge, the initial "starter" one lasted ages. Hope it lasts forever. I didn't realise Samsung pulled out.
I gotta say, switching to an Epson EcoTank printer was one of the best decisions I've ever made.
It has ink reservoirs rather than cartridges, and small, permanently plumbed tubes that go from the reservoirs to the print head.
Not only does that mean there's no way it can tell what kind of ink I'm putting in it, it also means the tanks are fucking massive. It's so nice being able to go O(years) without refilling.
It cost about twice what a comparable, cartridge-based printer cost at the time. To this day I still consider it one of the best purchases I've ever made.
With traditional cartridges the ink can dry out and clog the cartridge if you don't print regularly. My print work loads are very bursty, like I had to print 100 resumes to go to a career fair one time but this was after like 6 months of nothing. For this reason, I prefer laser printers. Furthermore, with permanently plumbed pipes, it sounds like it could ruin the whole printer instead of just a cartridge.
5 year or more year old used HP enterprise workgroup printer only or mopier with low page count are ideal for personal use. In general, the more expensive the initial purchase price of laser printers, the more repairable and durable and lower cost per page they are. (I worked in a large university department in the 00's where they had zillions of network enterprise HP printers of all sizes.)
I have an HP LaserJet Pro M402dw because I don't have a particular need for color.
My workloads are similarly bursty. I've had no problems so far; the worst I've had to deal with is splotchy printing after it's been sitting for O(months), and a quick print head clean fixes that right up.
Laser printers are great if you're doing all or mostly documents though, I can't argue with that. About half of my printing is stickers and high quality photo prints, both of which benefit from inkjet printing.
(My specific model of printer is an Epson EcoTank ET-8550)
I had a really shitty customer support interaction for a $60 Brother scanner: they included the wrong calibration sheet, and proceeded to attempt gas lighting me about user error despite photos showing it didn't fit in the scanner under any orientation. Replacements were $20 shipped, but out of stock anyway. Needless to say, that changed my mind about which manufacturer to make an expensive purchase from.
It was Wikipedia that reminded me Xerox even existed. All my other research led to the usual shitlist: HP, Canon, Brother, etc. No problems on Linux and Mac (printing and scanning), which is seems par these days, but no problems on Windows either: the manufacturer app was completely optional (but was straight to the point, functional, and worth the install).
Xerox color lasers have my glowing recommendation.
When did you buy it? After a cursory search it seems that Xerox engages in the same scammy behavior with 3rd-party consumables: artificially degrading the quality (lower DPI, fake printhead jerks), region-locking, wasting ink so it drains faster, and DRMs that blank out refuse anything that didn't pad their bottom line.
Not if it only happens on 3rd-party cartridges combined with the fact that Xerox claims that they are low-quality and compared to their high quality genuine original cartridges™
Jerking print heads for laser? That's not how laser printers work. Either way, I'm using 3rd party toner in mine (6515) just fine. It looks like people who have issues purchased metered printers.
Laser heads can misalign though (not sure if Xerox does that). Your Xerox® WorkCentre 6515 printer was launched 9 years ago and is not sold anymore. It's very possible that they changed their practices since then and/or that the price point is high enough that they wouldn't do that (it's aimed at professional customers after all).
Either way after a quick Reddit search there seems to be irreplaceable parts on that printer too. For example the fuser which is allegedly not user-replaceable.
Clogged cartridges aren't the major issue. Clogged print heads means your printer is ruined and you can dispose of it.
Except for HP printers where the print head is in the cartridge itself.
Where did you hear that? You can buy replacement print heads for all cartridge-less printers I've ever worked with, including my ET-8550.
The difference is that they're purchased separately from the ink, so as long as the original one works you can continue to use it no matter how much ink you go through.
I've had great successes undoing clogged head on Epson printers with just few drops of isopropyl alcohol on ink drawing port. Weirdly the clogs don't even reproduce thereafter, so it might be silently doing something horrible, but worked for me.
My print workload is very bursty but also low volume at the best of times. When my printer died I decided not to replace it because document printing services cost on the order of 10 cents per page (non-bulk) for basic printing.
I'd have to print hundreds of pages to even match the cost of a very cheap printer. I may never reach that threshold ever.
Best of all I don't have to worry about storing a crappy printer somewhere or have it dry out or clog up or spend time and effort on it and blocking it from accessing the internet and probably end up throwing it out and having to get a new one when I pull it out once every 4 years.
I’ve been pretty happy with my EcoTank, but my favorite is still the HP PageWide I have at work. (I typically have to print ~100 5-10 page exams twice a semester) I’m very sad they discontinued them.
It cost about twice what a comparable, cartridge-based printer cost at the time.
CIS (https://en.wikipedia.org/wiki/Continuous_ink_system ) were around for a long time, and a popular mod amongst high-volume printers, especially Epsons, after the cartridge chip DRM was defeated[1]. They definitely cost less than the printer. I suppose Epson eventually found it profitable to do it themselves and sell with a warranty, that third-party CIS often didn't have.
Are you using wifi? I have the 4850 and the wifi would sporadically drop out after a few hours and I wouldn't be able to reconnect without a full factory reset. It was the most frustrating thing. I was about to return it then moved it to another location and connected it via ethernet. It's been fine since, but a $350 printer that doesn't have a reliable wifi module is terrible. After searching on reddit, it seems it's a common issue.
Something to keep in mind when selecting a printer with refillable
liquid ink tanks is that they all have an internal waste ink
repository, which is a sponge that soaks up unused ink that apparently
accrues slowly through normal use, or quicker any time you do an ink
purge [1]. On very high end photo printers it's replaceable, and might
be described as a maintenance cartridge in the specs. If it fills up
and can't be replaced, the printer is dead. When I was shopping
around, the only brand I could find that had replaceable waste ink
repositories even at the low end was Canon, and being too cheap even
to have a network interface also saved me the trouble of firewalling
it.
It's true that ink tank printers need to be used regularly or else the
print heads dry out like a felt tip pen. Since the ink costs next to
nothing per page, I print a full page family photo once a week and
hang it up somewhere around the house if I haven't used the printer
for anything else, which still works out cheaper than any
alternatives. The walls look like instagram, but being reminded of
loved ones might not be such a bad thing.
EcoTank printers are particularly hostile with this. Despite that the waste ink pass on most models are user-servicable behind 1-2 screws, and can be purchased on Amazon for $10, the printer displays a message that you must ship the printer to Epson for a full replacement.
In order to bypass the warning, you’ve traditionally needed to use a program like WIC[0], which costs $10 per use(!) - I recommend epson_print_conf[1], which is a little more tailored to the HN crowd, but does not extract a bribe every time you use it.
While this is a good recommendation, inkjet is a poor technology for most people's needs.
You want inkjet if you print a lot, at least a few pages every two weeks.
If you only need to print once every three months, you are going to hate inkjet, even with refillable tanks. Especially with refillable tanks. Disuse clogs up the head, which takes a lot of ink to clear.
Inkjet is only worth it if you use the hell out of it. You should only get a tank printer if you expect to actually use that much ink in less than a year.
If you want a printer that does nothing other than print your resume and tax returns- and you want it to just work every time- you want laser. You can even refill the toner if you really want. You shouldn't but you can.
I had a Canon about 20 years ago. Getting it to work with Linux was incredibly difficult and finicky, and required some piece of proprietary software at some point. So my gut feeling about Canon is "never again", though the situation may have evolved.
Probably some dubiously useful features such as a nicer web UI (I never use it anyway), some utterly useless features like "scanning to Dropbox/GDrive", or most probably now some "AI assistant" that tells you how to switch cartridges.
That tool appears to be getting the firmware from brother servers. They have removed the old firmware as of more than a year ago (this issue is not new)
I want to see this confirmed before we hop into it. I've been using aftermarket toner with Brother all the time and it's working well. All the posts on Louis' wiki (https://wiki.rossmanngroup.com/wiki/Brother_ink_lockout_%26_...) are 2-3 years old and the only primary sources from people on reddit and there are a total of 3 people saying this.
He's long winded video adds nothing new, this tomshardware article just repeats what he says in the video.
Literally these are the only three sources I can find of people claiming this:
Hi. Maybe anecdotal, Brother MDC-J480DW, had it about 3 years, always bought third party ink, two weeks ago I had to replace the color ones and it started saying there was no ink even though ink was clearly visible, it failed on two different colors from two different sources, and the three different black cartridges, then bought legit from Walmart and worked perfectly. I can’t speak for everyone’s experience, but mine was definitely changed recently to always say third party ink was empty, and I’ll junk it once this ink runs out.
I don't know about every Brother model. On ours, there's a key sequence you can press to reset the toner cartridge odometer letting you squeeze out toner until the text is a satisfying light grey.
I use a J480DW and had the EXACT SAME ISSUE last month. Ordered a different brand of aftermarket cartridges and they worked like a charm. Maybe a supplier issue.
I've had the MFC-J480DW for many years and have been happy with the cheap generic ink cartridges I've been able to use. I'm getting worried about what I'm reading here. I have it connected by USB to my PC, and I don't know if it gets any updates from the PC.
Last time we changed ours (recently, maybe a few months) it gave us a message saying we were using untrusted ink and it now prints a black line down one side of the page. First time I’ve had any issues in years. TBH my first reaction was that it was some kind of intentional effort to degrade the experience.
I can confirm this. A Brother HL-L3270CDW color laser worked fine with third-party toner at first, but would not recognize it after a firmware upgrade. I tried three different sets of cartridges, including different brands - none were recognized, and there's no way to revert to a previous firmware version.
That was the last Brother color printer I'll buy, unless they go back to accepting generic toner.
> That was the last Brother color printer I'll buy
What are the alternatives then? Brother is often cited as the brand that is the most tolerant of generic consumables and with the least anti-consumer practices. But now that even Brother plays this game...
I have that printer, and I was about to buy some third party toner for it (first time). What firmware version disabled third-party toner support? Looks like we have 1.35. I just disabled automatic "check for updates" but maybe it's too late.
I can add an anecdote that it ("it" being printer stopped functioning when I replaced the cartridge with as 3rd party I've) happened to me and support confirmed that non OEM toner was the issue when I called about it.
Swapping the drm chip from the oem starter cartridge to my 3rd party cartridge resolved the othe problem
Yes, two different models (both Brother). Can't remember the model numbers right now, but a simple black and white printer, and a black and white + scanner model.
Wow that sucks, I thought that Brother didn't engage in this shady practice. Guess I'll have to stick to older (discontinued) models that were released before that.
The problem with printer recommendations is that many vocal supporters are running older models that work like charm, so when a good company becomes enshittified, there will be some timelag until consensus shifts. I mean I could still praise Samsung printers despite Samsung having left the printer business years ago.
I bought Brother printer HL-3220CW and it doesn't work with 3rd party toners. It didn't even have new firmware.
I also have HL-3230CDW that I bought few years ago and aftermarket toner works fine.
Seems like they must have done it to the newer printers.
The new printer is completely uneconomical. I had to pay around £150 for Brother set of toners, whereas aftermarket for my older printer is just £35. The quality is the same.
At this point, like with many things, you'll have to go model by model and not trust a whole company to do something right. I have several of the Netgear R6220 router running OpenWrt, but Netgear as a whole tends to not have OpenWrt support, so I would never blindly recommend someone buy Netgear. Instead I'd say to look at the Table of Hardware on OpenWrt's site. That being said, a list of "good" printers somewhere would be fantastic. I have an old HP monochrome laser printer (sorry to be part of the problem, don't have the model handy, may edit it in later) I got at a thrift store, it happily accepted some very cheap toner I got from eBay. I understand everyone has hated HP printers for years, though I think it's mostly the inkjet models.
In a recent Louis Rossmann video that covered this Brother printer issue, there were some suggestions in the comments, Minolta if I remember correctly.
There are a lot of similar anecdotes in this thread, but I'm still skeptical. I've had similar issues with my Brother printer randomly not accepting a new toner cartridge and telling me that it's empty. It happened twice. In one case, I had to use some obscure button combination to force it to reset and then everything was fine. In another case, I needed to remove and reseat the cart a dozen times before it suddenly worked.
Anyway, it's definitely possible that these newer issues are Brother doing something nefarious, but I could also see a lot of these issues being with finicky sensors.
So which printers are good to get now? I have a brother printer that I got for $30 off Facebook marketplace, which I'll keep for now, but it'd be good to know which brands are safe should I need to get another one or make a recommendation to less technical people in my circle.
I'd prefer laser printers since they handle bursty workloads better (for example I had to print 100 resumes for a career fair after 6 months of nothing), since the ink can't dry out.
If it's really few months of not printing anything, would it be more economical to use one of those print services instead? You lose the convenience, but you also gain a bit of shelf space for not storing the printer and all related printing supplies.
My time in not going to those places to pick up a job is worth more than the cost of a printer. I use those places for large prints - so far once in my life - but it takes valuable time.
I got an old dell mfp 3115 from a business that was moving for about a hundred bucks. I've never replaced the toner since I got it almost a decade ago and still have a compatible replacements. I've printed hundreds and hundreds of pages. I'll probably use it for the rest of my life or until I can't get the drivers to work. If you have the space something like that is an option.
I'm a brother shill but a while back they experimented with a consumer-hostile firmware update for one of their models.
Since then, I've been edge blocking the rdns of update.brother.co.jp. It usually resolves to 4 IPv4 addys. Depending on the DNS resolver, they should lie in one of these subnets.
3.164.143.0/24 # per asia dns
13.249.98.0/24 # per us dns
18.154.219.0/24 # can't recall
18.155.68.0/24 # per alibaba dns
18.160.225.0/24 # per he.net
edit: It looks like Brother is using cloudfront to provide CDN services. Every region I try I get a diff subnet. Better to query yourself than rely on my IPs.
These are Amazon ranges. You're most likely blocking random aws load balancers including more than just brother servers. Also the brother servers can be redeployed at any point. It's likely better to prevent the dns name resolution instead.
I'd be even more paranoid and connect the printer via USB only. You can then run your own print server if you want to support printing from multiple devices.
Very unlikely. At least not without a fallback. Lots of corps will not allow encrypted dns because they want good traffic monitoring for threat detection. It may be an option, but it almost certainly won't be enforced.
Maybe the "Enterprise-grade" printer that costs twice as much and doesn't do the annoying things. Like how Enterprise versions of Windows let you disable certain stuff.
A plain UDP fallback won't help you if the printer can get to it servers without needing it in your home network. DNS-level filtering is pointless for devices you don't control.
For malicious devices, sure. But a printer will do the basics and just use dns. There's no upside more important than a risk of whole bunch of devices just not being able to work. There's really no clever and sneaky functionality there.
Barring a particularly good reason, I reckon your best bet is to just block internet access from the printer altogether. I can't think of a good reason why it should have internet access.
You could come up with a list of features that are plausible but I can't imagine a world where having my scanner send an email would be more convenient than just having a scanned document directly on a computer or phone.
Brother printers can scan to network shares without Internet access. Local networking is plenty.
> but I can't imagine a world where having my scanner send an email would be more convenient than just having a scanned document directly on a computer or phone.
I have a home office laser combo - it has a touch display on it and is bulky next to - when I need to scan in receipts I just upload it to a share folder where my accountant can pick it up.
Given the capabilites of the average HN user, it would be trivial to send to a local share that is monitored and auto uploads, effectively firewalling the printer off. I do this with my "smart TV", it only has access to my web proxy and a DNS sever I control, whitelist only.
I have never found a reason to do that personally. It seems like an extra step I don't need. I also don't want the printer going near a shared folder and I definitely don't want the printer's true owner (the vendor) to be handling my documents over email!
Both HP and Brother offer this - it goes to a server that then sends to an email you have configured. I’d guess the vast majority of people who use the scanner do this rather than setting up a share on a home network.
I never let my printer near the Internet. It goes on the "fucking trash" subnet which has no route out. Mine's an HP but it complains occasionally that it can't get new firmware which makes me feel warm inside.
And why should we? It should all be "allow" and not "block". Machine should be serving _us_ the buyers/users.
I could never understand why my Windows Explorer (back in the ZoneAlarm days) were speaking to Microsoft when I was searching for my FileName.doc inside my C: Drive.
I could understand the Word or Excel accessing when I need "Help" (I assume online help file was more frequently updated).
No! Naughty developers and naughty businesses. My machines should leave my 127.0.01 when I want for MY uses and MY needs and MY convenience.
For vast majority of home users the only app that needs to 'get out' is their browser and their "windows udpate". Everything else is just tracking.
> Machine should be serving _us_ the buyers/users.
Yes.
But every now and then consumers get a tempting offer and trade a bit of their freedom for lower price, more comfort, more prestige, or something else. I.e. in practice buyers don’t mind that much and likely also don’t understand the difference and the consequences that well.
> … and likely also don’t understand the difference and the consequences that well.
this could be a very good argument to explain why so many have become skeptical of companies.
we have example after example where companies take advantage of people.
hearing my grandfathers generation go on about “the days when you could trust a company to be fair” i used to think they were seeing with rose-tinted glasses, but more and more im convinced we’re dealing something much more nefarious than that generation.
Companies used to hire Pinkerton detectives to put down strikes and make employees use company stores.
Behaviour has improved for various reasons.
All we’re seeing now is that people’s technological surface area is expanding from zero to infinity so there are lots of new little cracks and edge cases society still has to sort out.
> the days when you could trust a company to be fair
Those days never really existed. It was simply that their misbehavior affected groups of people who didnt have access to the media and power structures. For the US, e.g.: central Americans (banana company inspired coups), native tribes (water pollution, deforestation), poor whites (coal ash pollution), etc.
I can see that companies treated their employees better, but that might also be correlated with strong unions, less regulatory capture, more competition, or some other factor, rather than intrinsic goodness.
of course there is. it just takes a lot of people to make the good choices, and when money is tight, that is very hard for people to do en masse.
this is part of the trend lately that has money flowing upwards and not back down again. if the end-user/customer is at the bottom, wages they're paid are what go into the economy and do the work that money does all the way up the chain of commerce until it reaches some rich guy shaped like a sphere who smokes cigars and laughs maniacally all the time. but because he's been tightening budgets on all the companies he's on the boards of, the employees of those companies get less money every year to spend on things. so more of the money stays in his hands. so customers have necessarily less choice on things they can buy and choices they can make in the marketplace.
eventually people get laid off or fired and now they have no money to do anything with and in the end take any job they can, if they aren't found by some employer before then. so they have less and less agency while the people selling things have more and more and more.
the end result of this is that we will become pets of the bourgeois which is exactly what they want. they not only have a need to win (which is fine by itself) but a need for all others to lose (which is not ok in any way) and they can never ever be happy with what they have.
I truly wish I had not had children. Life is going to be hard for them.
This is not what the vast majority of people want.
People want security issues patched, preferrably without them having to do any work or even know about it (because they won't do the work and get annoyed at popups they don't feel like they need). People want bugs fixed (and crash reports do actually help with that, despite what some say). People want companies to prioritize the features that they're using and fix places where users get "stuck", and that's much easier with telemetry. People will almost always choose free shit over products they have to pay for, and for many products, free only works if you know what ads the user should see.
there's thin line between 'autoupdates consisting of security patches and bugfixes' and 'we will extract every piece of data we can and possibly remove features with no way to rollback'.
most apps fall into the latter, into the network blackhole they go. You give them an inch, they take everything.
You cant even get away from this by paying (and i'm willing to to so!) because people who actually are willing to pay are the most valuable ones to advertisers - so the incentives are there to extract even more value in such case.
In case of products from outside of software domain there's this consumer assumption that product does the thing and just the thing - food doesn't try to poison you, toys are just toys and so on.
they are aware of tradeoffs - something's cheaper, it might be less safe, less featured or maybe made a bit worse.
99% of modern software is user hostile first - data extraction and maximizing value for adverts and then it might do a bad job of actually fulfilling its purpose, with updates usually making it worse over time, or jacking up prices in form of monthly subscription instead of license sale.
> And the vast majority of people hate ads like me.
I don't mind respectful¹ ads, and refrain from using sponsorblock & similar. What I object to, and actively block, is the stalking that is endemic in the ad industry and is in no way respectful.
----
[1] i.e. not the pop-ups/-unders of yore, not those that autoplay video or, worse, audio, not those that otherwise interfere with the normal use of the page I'm trying to look at, stalking etc.
Internet advertising is a race to the bottom. If you're not using scummy tactics then your competitors will, and you lose money -- or your entire business.
I can't remember the last time I was exposed to respectful ads. My home PiHole deny-lists keep growing in size and this will continue unless the internet at large changes. Which I don't believe it will, barring any civilization-wide disaster.
> I can't remember the last time I was exposed to respectful ads.
There are still some out there, or at least some that aren't actively disrespectful. At least sponsor spots in podcasts don't stalk me online, etc, at least when they are honest about what is happening¹. They are very much in the minority though.
----
[1] The 3D printing “community” on youtube is rife with “personal” recommendations that are obviously paid for but try to look more organic. “Today I'll test if you _really_ need to dry your PLA filament rolls, in a video sponsored by the company that makes one of the dryers I'll be testing…”
That's up to you. I block everything and I'll never go back. I just want the whole advertising industry to go away. They've betrayed my trust so often that I'm never going to let them back in. In any form. I don't care about the collateral damage in the services and sites they 'support'.
When I ask around me people don't really have a very nuanced view either, though they're not as hostile as me, most of them just believe it is unavoidable. They don't have the skills I have in ad avoidance. But they don't have any kind of ethical concerns.
The only way it could have security issues is if it's connected directly to the internet (not behind NAT) or a device on my LAN is actively attacking it. The former case is difficult to accomplish without enough expertise to know better; the latter is plausible, but mitigated by a printer too simple to easily harbor a persistent threat.
Sure, and that could break the printer, cause it to print things I don't want it to, or cause it to serve malware to other devices. I would like the printer to be too simple for the third case to be realistic, but that may be harder to build today than something with a more complex embedded OS.
I have doubled my battery life on Moto Edge with Rethink DNS, blocking everything per app. There's so much junk I don't want to phone home that tries 50 times a day.
This sort of solution appeals to me but I wonder what the trade-off is. I am now sending data about domains I visit and when to a different entity not my ISP, how do I trust them more?
You don't have to use any DNS features, Rethink will happily let you set your DNS resolvers to whatever you like, you can just use it as an on-device VPN that allows you to block or isolate everything per app or per connection.
My reply is low value for HN but your comment is the literal embodiment of an older meme:
- Tech Enthusiasts:
Everything in my house is wired to the Internet of Things! I control it all from my smartphone! My smart-house is bluetooth enabled and I can give it voice commands via Alexa! I love the future!
- Programmers / Engineers:
The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise.
P.S. More seriously I agree, we witnessed multiple times over the enshitification that inevitably follows.
I think the midwit meme captures this best, where at both ends of the IQ bell curve the characters say "I hate technology", and the guy in the middle loves it.
You jest but my first experience with this were Compuserve CD's in the 90's. I saw my hard drive light blinking when I did not ask the computer to do anything so I killed the power then powered on, ejected the CD and threw it into the trash. Ever since that experience I've been highly skeptical of any program and vindicated hundreds of times since.
That was a result of launching their program think early web client app to talk to their network. I did not install anything yet it started enumerating the hard drive. I had a LED for the CD and a LED for the hard drive. This was a 386-DX40 (40Mhz) with a 144MB RLL hard drive. There was enough flickering to indicate they were reading a lot of data.
We have this saying in Spanish "en casa del herrero, cuchillo de palo" (the blacksmith rather uses wooden-made knifes at home), meaning that when you're an insider to some of the nasty things that are part of certain products, you'll end up wanting to avoid it altogether. And in a sector as unregulated and wild regarding user protections as is the technology and software world, no surprise lots of engineers know that things look grim when you know the secrets of how they're done.
I had an ARM win11 tablet that constantly cycled my ancient printer with the $11 2000 page toner. A firewall between the tablet and the printer was the answer.
I went even more radical, personally: got a DCP-L2510D that simply doesn't have WiFi/Ethernet, only USB. Both scanning and printing work perfectly via CUPS and I'm happy as one can be.
Check out Amazon Sidewalk—if any of your neighbors connect a device supporting it to the internet, your devices will find them and use their internet connection if you don’t provide one! Apparently their network covers like 90% of the US population (at a low data rate), and they’ve made it possible for non-Amazon devices to implement it.
Still have to be careful, they have another method where an update is delivered as a print job (that doesn't print anything). So also don't let any windows or mac (or android or ios or chromebook I guess) clients reach the printer by any means, even usb, with drivers you aren't 100% sure about.
That's devious and evil. Do you have further details about the mechanics? e.g. if it's delivered by JavaScript embedded in a PDF then maybe one could introduce a proxy that strips that out.
Unless they got specific consent that sounds like unauthorised access and unauthorised alteration of a computer system (which I gather to be judged criminal in UK & USA at least).
> unauthorised access and unauthorised alteration of a computer system (which I gather to be judged criminal in UK & USA at least).
I doubt it would ever be prosecuted. It is important to remember that the law doesn’t mean what you think it means, it means what the average prosecutor and/or judge thinks it means. Those laws were invented for use against scary “hackers”, not printer manufacturers updating their own products
Crimes in the US are only for individuals (and even then only for poors). If you are a registered corporation you may defraud, steal, or manslaughter without consequence.
I would call it that, but no one in the government will. Printer manufacturers lawyers will just equate it with the same automatic updates that the printer will do by itself if it could. And they will have a dozen words buried somewhere in the middle of a bible sized tos that you "agreed to".
Having the method exist is reasonable - you want to have as many fallbacks as possible to avoid bricking the device if you manage to break the main update flow.
Applying updates without user consent is the evil part.
I don't know if I'd be surprised or not to find out that you actually can't print from ios. It seems crazy to me, especially considering ipads, but the entire Apple ecosystem seems crazy to me and yet it exists despite my incredulity.
I could even print from webos and palm but I guess that doesn't matter now. 50/50 toss up if the current webos on lg tvs still has any printer drivers. But if there was still any webos printer drivers, they will not be open source and so you can not trust them not to do unwanted things to your printer some day.
Being able to print doesn't mean you have drivers for your printer - both the phone and printer support a semi-standardized protocol (probably bastardized postscript).
Yes but so what? I said don't let an ios client reach the machine. I didn't say it was Apple who wrote the software that will commit the act you don't want.
The same danger on Windows doesn't come from Microsoft. You download and install software from HP and it does the deed.
You could in theory write an open source driver that runs on windows and is safe. There are also old closed source drivers which just happen to be well behaved. Which is why I said "drivers you aren't 100% sure about".
On Android, depending on the version and distribution, there have been both pre-installed and user-installable printer drivers from hp and samsung and everyone else, pretty much just like on Windows. Even the pre-installed whichbare "part of the os" are written by the manufacturer not Google or AOSP. And just like Windows it is technically possible to write an open source driver that you can safely use and trust. Which again is why I said "drivers you aren't 100% sure about"
So what is the scenario you fear? An iOS or Android user goes to brother.com and prints brick_my_printer.pdf? With that level of paranoia you might as well trash the printer because an update could theoretically be steganographically hidden in a way no filter or intermediate print servers can catch without unacceptably degrading the print quality.
I don't "fear" anything. It is simply a fact that printers have an update mechanism that doesn't require the printer to have access to the internet, which is merely a print job.
And so if one wants, as the gggp comment did, to ensure that ones printer cannot be updated without ones deliberate instigation, one must also be aware of all possible sources of print jobs.
I don't know why you seem to have a problem with this. What scenario do you fear? In what way does this knowledge hurt you?
"goes to brother.com and prints brick_my_printer.pdf" is really quite a silly place to arrive, starting from "printers can be updated via print job".
An update print job is just a blob of data that anything can squirt at the printer. A person doesn't need to press "print" anywhere, or do anything at all, or even know that it happened.
Any driver or application software that was written by the same people as the printers own firmware can do it all by itself any time it wants, for the same reasons that the printers own firmware does in fact already do it all by itself any time it wants.
"HP printing devices have the ability to accept firmware upgrades, solutions software and custom color table “bundles
sent as a print job. The “Allow firmware updates sent as print jobs (Port 9100)” setting controls the ability for the
printing device to accept firmware over the standard printing port, and also applies to firmware sent over all print-path
methods including FTP, LDP, IPP(s), EWS Print page or Copy command."
(meaning that although the label on the setting in this particular printer's ui mentions "port 9100", it's not actually limited to jetdirect, the special print job is recognized no matter what path or protocol it took to arrive at the printer)
That means ios is not safe. Software that you don't control and was not written by end-users for end-users benefit, but was instead written by the same people who wrote the printer's firmware can send a print job from ios to the printer.
The printer doesn't care what physical connection or network protocol is used, including airprint, and in the case of ios, while you might be able to print some documents without using any software from HP, HP does still have a an "HP Smart" app (and probably others) for ios. Meaning that blocking the printer from the internet does not prevent the printer from receiving updates, and all of the closed-source platforms are the primary dangers as sources of update print jobs.
Technicall linux/bsd are not garanteed safe either.
It's possible for a native linux app to send the same kind of update, but just far less likely without the users knowledge or intent.
You have to go pretty far out of your way to install non-repo software from a printer manufacturers web site, and actively grant it permission to install and activate services that run on their own... And even if you did that, if such software even existed that was not well-behaved, the first time it did that to a linux user that didn't expect it, we would all find out about it and every google search on the topic of linux drivers for that printer would warn about the bad software.
Or just no one would ever actually bother even looking to try to install it in the first place simply because the normal open source drivers and apps work well and the manufacturers software is a crazy mess.
I had a Samsung color laser printer that actually had linux software provided by Samsung that I actually installed just to check it out. HOLY SHITBALLS it was terrible both outwardly just using it as a user and behind the scenes how it was written. Just crazy utter garbage all around. That software, since it wasn't open source, might do anything on it's own just like a Windows driver, including sending a printer update, but it was such junk, and so not-needed, that no linux user ever installs it, so it does no harm even though it exists and could.
> method where an update is delivered as a print job
I wonder if this is a way to install custom firmware. Probably not. I would guess that the code that decodes the firmware from the print job probably passes it through the same signature check code as the regular firmware update process.
Still it's an interesting route for exploit exploration.
Generally a modern printer has a shitty embedded Linux install in it. There's more than likely an exploitable vulnerability in the network services; even more so if it serves a web admin interface.
The complexity is really in constructing the replacement firmware to drive the hardware correctly; developing that is probably easier if you dismantle the printer and find debug leads on the motherboard. Getting the common chips like networking going sounds doable, but for the actual printing there's lots of trade secrets around driving the actual printing hardware.
A more likely route: a Chinese factory should be able to make a smallish batch of cheap monochrome laser printers with good-enough print quality, publish badly-written but usable specs for it, and make it easy to replace the firmware.
another option you could use is something like routedns[0], this allows you to filter DNS requests (or get them to resolve to 127.0.0.1) and it won't affect other services that might be on the same IP.
I went to my home router (a Fritzbox) and just blocked the printer from accessing the internet (it's under Internet -> Filter, and the printer is named BRW90....). Fairly straightforward - that should be a good enough fix, no?
It's probably enough a truly malicous printer could change the MAC address and device name to get around any such blacklist. Even a MAC-based whitelist is vulnerable to spoofing. To be truly safe you'd need to put the printer on its own lan without an internet connection or not connect it via ethernet/wifi at all.
I have a Brother inkjet/all-in-one. Of course it never connected to the internet, thanks to a router firewall rule. Actually I only use Brother cartridges for black. They are quite economical and I bought a bunch of them at some point when they were cheap on Amazon.
Now the color cartridges keep draining although we never print in color. So of course I do not fit Brother color cartridges! For that reason and others (very average quality when printing from Linux, takes only high quality 90g paper, heads regularly clogged even with Brother ink, color prints ugly even with Brother ink), I am not satisfied with this product. Unfortunately I still have a few years of black ink to consume before getting rid of it.
I have a bunch of annoying spammers from India that keep coming to my webapp and try to annoy users about buying their Brother printer cartridges. I've always wondered how the economics of that work.
I have one of the popular cheap Brother BW laser printers and it was my first laser printer after years of crappy ink printers.
Everything is great about it apart from using 3rd party generic toner cartridges. It senses they are not original, does warning messages etc. and forces me to open/close the toner door every time i switch on the printer to get it to function again.
This ball breaking forced me to buy a legit brother toner cartridge at 3x price.
Now, I’m not to pissed off because laser printing is pretty cheap and as long as you are ok with BW prints its pretty good quality and convenient. Never going back to inkjet printers.
> forces me to open/close the toner door every time i switch on the printer to get it to function again
My first HP printer forced me to spam the Stop button for 10 seconds every time I turned it on as it would always try to print a colored test page with generous amounts of ink.
When I do the kind of work that involves technical spec sheets and papers etc I print them out. It's so much nicer having a copy on the desk instead of trying to view it in your monitor. It's basically an extra screen.
The last semi-regular thing I'd print were postage labels for when I sell stuff on eBay. But in the last few years it's changed, now I can just go to the post office with a QR code and it's all done.
If they'll accept a PDF at all, just using a digital signature annotation in Mac Preview is sufficient for every use case I've found. The ones that won't accept this generally require physical hard-copy, not a scan.
Last time I did this, I printed, signed and sent only the last page, which had the signature on it. They rejected it because I didn't print and scan the entire document.
I usually have to print at minimum 4 to 5 documents per year. They are almost universally the same things, and they're many many pages, but infrequent:
1. Tax return to mail
2. Other government forms to mail
3. Contracts
Unfortunately, while the majority of the things I do in my life are purely digital, this fails as soon as you interact with the government in any meaningful way off the happy path or interact with the legal system, in those cases hard-copy only with original signatures is required to get anywhere.
Paperwork for the kid's daycare. Sick kid needs a prescription? Get them mostly better at home, then print and fill a form authorizing daycare to administer prescription meds and deliver it (along with the eyedrops or whatever) when dropping off the kid. None of that has been digitized yet.
Shipping labels. Returning something you bought online? The merchant often will send you a shipping label to print and tape to the package. My wife chooses to buy a lot of clothes online and return the ones that don't fit.
Signs for when we host a large gathering of people. Sometimes it's to label garbage vs recycling (for the large number of aluminum cans, mostly). Usually it's to warn people that one of the cats likes to try and sneak outside, and please watch out and don't let him outside.
Certain government paperwork. While many things can be filled and submitted online, other stuff (passport renewals come to mind) need to be printed and physically mailed. This tends to be very infrequent, but the forms contain personal information. How much do you trust a print shop?
> Shipping labels. Returning something you bought online? The merchant often will send you a shipping label to print and tape to the package. My wife chooses to buy a lot of clothes online and return the ones that don't fit.
These can usually be printed by the clerk when you drop off the package here if you show the barcode on your phone. Means you need to drop off at a manned location though.
343 comments
[ 3.2 ms ] story [ 308 ms ] thread(I know pulp trees are farmed, but I too have a Brother printer ...)
It really is circumstance based, rather than always good.
I forget what, but this isn't the first shady move from Brother. They seem to be well on in the enshittification phase of their business.
Same here.
I keep my HP LaserJet isolated from the Internet (both directions), as well as from LAN devices that haven't been allowlisted for it. Only devices that are limited to generic open source drivers can print to it, since you can't trust the battleship-sized HP "driver" packages not to update firmware.
My Brother color laser printer, I don't use very often, so I just carry the Debian laptop over to it, and plug in the USB cable, as needed.
This isn't perfect, and I can still think of sneaky ways to update the firmware of the small fraction of the installed bases that do isolation like this.
But it's the best reasonable compromise I can find right now, without spending hundreds of hours on what I suspect is the next step of protection. (Which would be "data diode"-like filtering that's aware of application layer protocols and file formats, and only passes validated-safe bytes to the printer. I suspect that an even harder approach would be trustworthy open source replacement printer firmware, unless someone finds and pursues a GPL legal attack, like the situation that birthed the wonderful OpenWrt.)
AFAIK, Brother seemed to have pretty universal word-of-mouth goodwill among techies until the last maybe couple years. But even if that goodwill had significant effect on the balance sheet (relative to the primary marketing methods), my layperson impression is that it'd be a rare CEO who didn't cash in goodwill (especially goodwill built up by a predecessor). And with US government being sabotaged right now, maybe regulators like the FTC will also not be barriers to brands doing whatever a CEO wants, even more than in recent decades.
Surely Eric from Pebble should focus his energy on that.
Good luck with that. Unkess they inspect every single vehicle and delivery entering the state they could only make it a little less convenient and force a few more people to buy a kit instead.
A video by Stuff Made Here covered what is essentially one such machine [0].
That specific machine is meant for generating handwritten notes, but I imagine it could likely work for general purpose documents too with some tweaks.
[0] https://youtube.com/watch?v=cQO2XTP7QDw
IaaS (Ink as a service). /s
If selling printers was a business with decent margins, you would find a lot of Chinese white label printers doing more for less.
Not to mention that if you tried to re-invent it yourself, there's a good chance you'd end up violating a patent. Even if you didn't, HP or some other company could allocate a lot of legal funding to convince a judge that you have.
Your average network firewall will keep you safe, but certainly in theory physical access to the printer could serve as a gateway to the rest of the LAN, and certainly physical access in theory facilitates accessing recently-printed documents.
For example, you probably want to keep updating the OS of your computer, if the computer is at all connected to the internet in any way. Which for most of us is the case because we want to browse the web etc.
One day, after an OS update for your computer, the vendor software for using the scanner portion of your multifunction printer stops working because it’s not compatible with the latest version of the computer OS. So you are forced to update that too. And then when you try to use the new version of that software, it refuses to work unless you let it update the firmware of your multifunction printer. So you allow it to do that. And now they successfully locked you out from using 3rd party printer cartridges with your multifunction printer.
If you are lucky / if you did research ahead of time before you bought the multifunction printer in the first place, maybe you bought one that doesn’t require any manually installed vendor provided software to work. And so at least you don’t have the exact situation above.
But even then you’d have to do a lot of digging to know what happens in the background.
If you are on macOS or Windows, does any of the parts of the OS that allows your multifunction printer to work without you manually installing anything extra do any kind of firmware updates for your printer automatically and silently in the background? I have no idea.
Hell, even with Linux there are binary blob things involved in a lot of distros that I couldn’t know if they would eventually end up updating firmware for my printer.
It seems to me that it is near impossible to truly be certain that any multifunction printer does not eventually somehow receive a firmware update even if you never manually install any vendor provided software related to the printer.
I do the same with my mobile phone. Only update when i know the need - aka, an app has a new feature that is worth the risk of an update. And only update that one app.
The security threats from external sources are less than the "real" threat - the very companies trying to sell you the update.
(With open source software, it's generally straightforward or at least possible to downgrade if something breaks… and I'm usually very confident that the software isn't being intentionally degraded on purpose.)
But folks like you and me are few and far between, and vendors and IT departments tend to be incredibly hostile to this approach.
- Open firmware and interfaces to the hardware
- Make a profit on the sale of the printer hardware
- Open spec for any ink manufacturer to create cartridges
A printer that's actually profitable without any ink sales is going to cost hundreds of dollars more than any consumer would be willing to pay.
- Fixate on open firmware and force all third parties to open source their code (because yes, third party firmware vendors are necessary to develop a working printer system)
- Make a puny profit on durable hardware
- Miss out on the only true recurring revenue you can have
But at least as of now, it doesn't seem like that's the case.
Unless you do a lithographic print but they need a light source to be seen.
Also you can print pixels. You convert to G code so it is made up of lines.
[1] https://epson.ca/For-Home/Printers/Photo/Expression-Photo-XP...
Of course, that's just the positioning. If you're 2D printing on a 3D printer by mounting a pen to the end, you're also limited by the thickness of the pen tip.
In any case, you could certainly draw text, but you'd only want to use a font that relies on thin lines, nothing thick. Filled in spaces would be difficult, and of course, photos are just completely out of the question.
As mentioned in a sibling comment, really you'd have just reinvented plotters which have existed for decades.
We have fully open source hardware AND software _3D_ printers capable of printing working guns, but we can't improve the process of squirting ink on paper so it's not universally abhorred?
Whereas 2D (inkjet) printing has all of the above (minus one motor), and actually comes with a few non-trivial non-printing related expectations as well, like loading and expelling a print surface (often many in one print), optionally flipping said print surface (and this requires that ink has dried as well) and colour processing to map computer colours to real-world colours.
[1] https://en.wikipedia.org/wiki/Raster_image_processor
[2] https://en.wikipedia.org/wiki/Halftone
Their firmware updates are complete clown car. When they actually do one, the update process itself is just stupid fragile. Cross your fingers and clear your schedule for the next day in case you aren't lucky. You have a 10% chance of being left with a machine that probably still runs but works worse than before, and no ability to roll back.
I have a 11th gen intel board that is completely unusable after an update, but might possibly still be recoverable if I reinstall it into the laptop so it can use the laptop display instead of displayport. But I'd have to take my current 12th gen board out and then put it all back again after.
A Framework printer, if it matched a Framework laptop, would still have shit firmware, probably licensed from one of the majors, with all the same bad behavior, except with more bugs.
disagree it's all their fault, I've had 0 problems with my amd board on linux, and anecdotally that appears to be common on the forums, where intel is more painful.
That's one of the reasons I refused to invest prior to their amd board. I can't trust intel not to be toxic.
I'd still take a broken crappy printer from framework (assuming it's hackable, and not doom and gloom like you predict) over the status quo. I mean, I mainline linux because software being non-toxic is more important than polish will ever be to me.
"it's time" was already forever ago and some serious committed practically religious power devs tried and gave up on it, even while toppling practically all other software ecosystems.
Hell even the current locked down user-hostile printers are actually running linux and gnu software. That must be exceedingly galling.
It has ink reservoirs rather than cartridges, and small, permanently plumbed tubes that go from the reservoirs to the print head.
Not only does that mean there's no way it can tell what kind of ink I'm putting in it, it also means the tanks are fucking massive. It's so nice being able to go O(years) without refilling.
It cost about twice what a comparable, cartridge-based printer cost at the time. To this day I still consider it one of the best purchases I've ever made.
They also make one that can only print 8.5x11 but that has a document feeder on the scanner. It's otherwise the same printer.
I'd recommend either one, depending on how useful a document feeder would be for you and whether you need the larger print size of the one I have.
Also possible to schedule/automate a test print every so often with the low cost of printing on the large tank printers to keep the print heads happy.
I have an HP LaserJet Pro M402dw because I don't have a particular need for color.
My workloads are similarly bursty. I've had no problems so far; the worst I've had to deal with is splotchy printing after it's been sitting for O(months), and a quick print head clean fixes that right up.
Laser printers are great if you're doing all or mostly documents though, I can't argue with that. About half of my printing is stickers and high quality photo prints, both of which benefit from inkjet printing.
(My specific model of printer is an Epson EcoTank ET-8550)
https://epson.com/For-Work/Printers/Inkjet/EcoTank-Photo-ET-...
I quit buying inkjets 20 years ago in southwest Florida.
It was Wikipedia that reminded me Xerox even existed. All my other research led to the usual shitlist: HP, Canon, Brother, etc. No problems on Linux and Mac (printing and scanning), which is seems par these days, but no problems on Windows either: the manufacturer app was completely optional (but was straight to the point, functional, and worth the install).
Xerox color lasers have my glowing recommendation.
Huh, won't users just blame the printer for that?
Either way after a quick Reddit search there seems to be irreplaceable parts on that printer too. For example the fuser which is allegedly not user-replaceable.
Came with replacement toner cartridges but I'm still on the set that was installed when I got it!!
Prints are crisp, fast, and it doesn't use very much power when idle. Love it!
The difference is that they're purchased separately from the ink, so as long as the original one works you can continue to use it no matter how much ink you go through.
I'd have to print hundreds of pages to even match the cost of a very cheap printer. I may never reach that threshold ever.
Best of all I don't have to worry about storing a crappy printer somewhere or have it dry out or clog up or spend time and effort on it and blocking it from accessing the internet and probably end up throwing it out and having to get a new one when I pull it out once every 4 years.
CIS (https://en.wikipedia.org/wiki/Continuous_ink_system ) were around for a long time, and a popular mod amongst high-volume printers, especially Epsons, after the cartridge chip DRM was defeated[1]. They definitely cost less than the printer. I suppose Epson eventually found it profitable to do it themselves and sell with a warranty, that third-party CIS often didn't have.
[1] https://news.ycombinator.com/item?id=25054177
It's true that ink tank printers need to be used regularly or else the print heads dry out like a felt tip pen. Since the ink costs next to nothing per page, I print a full page family photo once a week and hang it up somewhere around the house if I haven't used the printer for anything else, which still works out cheaper than any alternatives. The walls look like instagram, but being reminded of loved ones might not be such a bad thing.
[1] https://youtu.be/6HUazpXWRYo
In order to bypass the warning, you’ve traditionally needed to use a program like WIC[0], which costs $10 per use(!) - I recommend epson_print_conf[1], which is a little more tailored to the HN crowd, but does not extract a bribe every time you use it.
[0] https://inkchip.net/wic/
[1] https://github.com/Ircama/epson_print_conf
You want inkjet if you print a lot, at least a few pages every two weeks.
If you only need to print once every three months, you are going to hate inkjet, even with refillable tanks. Especially with refillable tanks. Disuse clogs up the head, which takes a lot of ink to clear.
Inkjet is only worth it if you use the hell out of it. You should only get a tank printer if you expect to actually use that much ink in less than a year.
If you want a printer that does nothing other than print your resume and tax returns- and you want it to just work every time- you want laser. You can even refill the toner if you really want. You shouldn't but you can.
It took about 5 minutes to see that I would not be replacing it with another.
Canon for now.
(I've contributed to it. Very useful tool.)
There might be some fixes to bugs
Literally these are the only three sources I can find of people claiming this:
1. https://www.reddit.com/r/printers/comments/s9b2eg/brother_mf...
2. https://github.com/sedrubal/brother_printer_fwupd/issues/9
3. https://news.ycombinator.com/item?id=31860131
That was the last Brother color printer I'll buy, unless they go back to accepting generic toner.
https://www.reddit.com/r/printers/comments/qcstzv/downgrade_... (in German)
https://github.com/CauldronDevelopmentLLC/oh-brother/issues/...
https://www.reddit.com/r/printers/comments/w60687/comment/ih...
https://www.reddit.com/r/printers/comments/w9bc3g/downdgradi...
What are the alternatives then? Brother is often cited as the brand that is the most tolerant of generic consumables and with the least anti-consumer practices. But now that even Brother plays this game...
Swapping the drm chip from the oem starter cartridge to my 3rd party cartridge resolved the othe problem
I also have HL-3230CDW that I bought few years ago and aftermarket toner works fine.
Seems like they must have done it to the newer printers.
The new printer is completely uneconomical. I had to pay around £150 for Brother set of toners, whereas aftermarket for my older printer is just £35. The quality is the same.
So ... not HP, not Brother ... anyone left that sells reasonable printers with honest firmware?
https://youtu.be/bpHX_9fHNqE?si=pxf2eQW0cMRbds0m
Anyway, it's definitely possible that these newer issues are Brother doing something nefarious, but I could also see a lot of these issues being with finicky sensors.
I'd prefer laser printers since they handle bursty workloads better (for example I had to print 100 resumes for a career fair after 6 months of nothing), since the ink can't dry out.
Since then, I've been edge blocking the rdns of update.brother.co.jp. It usually resolves to 4 IPv4 addys. Depending on the DNS resolver, they should lie in one of these subnets.
edit: It looks like Brother is using cloudfront to provide CDN services. Every region I try I get a diff subnet. Better to query yourself than rely on my IPs.Brother printers can scan to network shares without Internet access. Local networking is plenty.
I have a home office laser combo - it has a touch display on it and is bulky next to - when I need to scan in receipts I just upload it to a share folder where my accountant can pick it up.
Who's going to be sender of that email?
I could never understand why my Windows Explorer (back in the ZoneAlarm days) were speaking to Microsoft when I was searching for my FileName.doc inside my C: Drive.
I could understand the Word or Excel accessing when I need "Help" (I assume online help file was more frequently updated).
No! Naughty developers and naughty businesses. My machines should leave my 127.0.01 when I want for MY uses and MY needs and MY convenience.
For vast majority of home users the only app that needs to 'get out' is their browser and their "windows udpate". Everything else is just tracking.
Yes.
But every now and then consumers get a tempting offer and trade a bit of their freedom for lower price, more comfort, more prestige, or something else. I.e. in practice buyers don’t mind that much and likely also don’t understand the difference and the consequences that well.
this could be a very good argument to explain why so many have become skeptical of companies.
we have example after example where companies take advantage of people.
hearing my grandfathers generation go on about “the days when you could trust a company to be fair” i used to think they were seeing with rose-tinted glasses, but more and more im convinced we’re dealing something much more nefarious than that generation.
Behaviour has improved for various reasons.
All we’re seeing now is that people’s technological surface area is expanding from zero to infinity so there are lots of new little cracks and edge cases society still has to sort out.
Those days never really existed. It was simply that their misbehavior affected groups of people who didnt have access to the media and power structures. For the US, e.g.: central Americans (banana company inspired coups), native tribes (water pollution, deforestation), poor whites (coal ash pollution), etc.
I can see that companies treated their employees better, but that might also be correlated with strong unions, less regulatory capture, more competition, or some other factor, rather than intrinsic goodness.
this is part of the trend lately that has money flowing upwards and not back down again. if the end-user/customer is at the bottom, wages they're paid are what go into the economy and do the work that money does all the way up the chain of commerce until it reaches some rich guy shaped like a sphere who smokes cigars and laughs maniacally all the time. but because he's been tightening budgets on all the companies he's on the boards of, the employees of those companies get less money every year to spend on things. so more of the money stays in his hands. so customers have necessarily less choice on things they can buy and choices they can make in the marketplace.
eventually people get laid off or fired and now they have no money to do anything with and in the end take any job they can, if they aren't found by some employer before then. so they have less and less agency while the people selling things have more and more and more.
the end result of this is that we will become pets of the bourgeois which is exactly what they want. they not only have a need to win (which is fine by itself) but a need for all others to lose (which is not ok in any way) and they can never ever be happy with what they have.
I truly wish I had not had children. Life is going to be hard for them.
People want security issues patched, preferrably without them having to do any work or even know about it (because they won't do the work and get annoyed at popups they don't feel like they need). People want bugs fixed (and crash reports do actually help with that, despite what some say). People want companies to prioritize the features that they're using and fix places where users get "stuck", and that's much easier with telemetry. People will almost always choose free shit over products they have to pay for, and for many products, free only works if you know what ads the user should see.
most apps fall into the latter, into the network blackhole they go. You give them an inch, they take everything.
You cant even get away from this by paying (and i'm willing to to so!) because people who actually are willing to pay are the most valuable ones to advertisers - so the incentives are there to extract even more value in such case.
In case of products from outside of software domain there's this consumer assumption that product does the thing and just the thing - food doesn't try to poison you, toys are just toys and so on.
they are aware of tradeoffs - something's cheaper, it might be less safe, less featured or maybe made a bit worse.
99% of modern software is user hostile first - data extraction and maximizing value for adverts and then it might do a bad job of actually fulfilling its purpose, with updates usually making it worse over time, or jacking up prices in form of monthly subscription instead of license sale.
And the vast majority of people hate ads like me.
I don't mind respectful¹ ads, and refrain from using sponsorblock & similar. What I object to, and actively block, is the stalking that is endemic in the ad industry and is in no way respectful.
----
[1] i.e. not the pop-ups/-unders of yore, not those that autoplay video or, worse, audio, not those that otherwise interfere with the normal use of the page I'm trying to look at, stalking etc.
I can't remember the last time I was exposed to respectful ads. My home PiHole deny-lists keep growing in size and this will continue unless the internet at large changes. Which I don't believe it will, barring any civilization-wide disaster.
There are still some out there, or at least some that aren't actively disrespectful. At least sponsor spots in podcasts don't stalk me online, etc, at least when they are honest about what is happening¹. They are very much in the minority though.
----
[1] The 3D printing “community” on youtube is rife with “personal” recommendations that are obviously paid for but try to look more organic. “Today I'll test if you _really_ need to dry your PLA filament rolls, in a video sponsored by the company that makes one of the dryers I'll be testing…”
When I ask around me people don't really have a very nuanced view either, though they're not as hostile as me, most of them just believe it is unavoidable. They don't have the skills I have in ad avoidance. But they don't have any kind of ethical concerns.
The only way it could have security issues is if it's connected directly to the internet (not behind NAT) or a device on my LAN is actively attacking it. The former case is difficult to accomplish without enough expertise to know better; the latter is plausible, but mitigated by a printer too simple to easily harbor a persistent threat.
> don't include any independent rogue networking capability
Everybody and their broligarch mom wants to make these two qualities incompatible.
- Tech Enthusiasts: Everything in my house is wired to the Internet of Things! I control it all from my smartphone! My smart-house is bluetooth enabled and I can give it voice commands via Alexa! I love the future!
- Programmers / Engineers: The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise.
P.S. More seriously I agree, we witnessed multiple times over the enshitification that inevitably follows.
Could some rogue javascript establish a connection from your browser to your printer?
I'm actually worried that some newer smart devices might be set up to use well known public wifi services that are available from consumer routers.
Just sitting here I have public "EE Wifi X" and "BT Internet" which it could connect to if configured at the factory to do that.
Then I am boned.
If it can, it's a vulnerability that has to be fixed.
I doubt it would ever be prosecuted. It is important to remember that the law doesn’t mean what you think it means, it means what the average prosecutor and/or judge thinks it means. Those laws were invented for use against scary “hackers”, not printer manufacturers updating their own products
Applying updates without user consent is the evil part.
The only problem is the closed source drivers that could use it at any time.
I don't know if I'd be surprised or not to find out that you actually can't print from ios. It seems crazy to me, especially considering ipads, but the entire Apple ecosystem seems crazy to me and yet it exists despite my incredulity.
I could even print from webos and palm but I guess that doesn't matter now. 50/50 toss up if the current webos on lg tvs still has any printer drivers. But if there was still any webos printer drivers, they will not be open source and so you can not trust them not to do unwanted things to your printer some day.
If the blob is delivered in a ps package over https, or bluetooth, or via lpr or jetdirect makes no difference.
The point is that software you don't control generated the data and delivered it to the printer.
The same danger on Windows doesn't come from Microsoft. You download and install software from HP and it does the deed.
You could in theory write an open source driver that runs on windows and is safe. There are also old closed source drivers which just happen to be well behaved. Which is why I said "drivers you aren't 100% sure about".
On Android, depending on the version and distribution, there have been both pre-installed and user-installable printer drivers from hp and samsung and everyone else, pretty much just like on Windows. Even the pre-installed whichbare "part of the os" are written by the manufacturer not Google or AOSP. And just like Windows it is technically possible to write an open source driver that you can safely use and trust. Which again is why I said "drivers you aren't 100% sure about"
I don't "fear" anything. It is simply a fact that printers have an update mechanism that doesn't require the printer to have access to the internet, which is merely a print job.
And so if one wants, as the gggp comment did, to ensure that ones printer cannot be updated without ones deliberate instigation, one must also be aware of all possible sources of print jobs.
I don't know why you seem to have a problem with this. What scenario do you fear? In what way does this knowledge hurt you?
An update print job is just a blob of data that anything can squirt at the printer. A person doesn't need to press "print" anywhere, or do anything at all, or even know that it happened.
Any driver or application software that was written by the same people as the printers own firmware can do it all by itself any time it wants, for the same reasons that the printers own firmware does in fact already do it all by itself any time it wants.
I don't know why you find this so unbelievable.
Two seconds on kagi yields http://h10032.www1.hp.com/ctg/Manual/c06530233.pdf
"HP printing devices have the ability to accept firmware upgrades, solutions software and custom color table “bundles sent as a print job. The “Allow firmware updates sent as print jobs (Port 9100)” setting controls the ability for the printing device to accept firmware over the standard printing port, and also applies to firmware sent over all print-path methods including FTP, LDP, IPP(s), EWS Print page or Copy command."
(meaning that although the label on the setting in this particular printer's ui mentions "port 9100", it's not actually limited to jetdirect, the special print job is recognized no matter what path or protocol it took to arrive at the printer)
The printer doesn't care what physical connection or network protocol is used, including airprint, and in the case of ios, while you might be able to print some documents without using any software from HP, HP does still have a an "HP Smart" app (and probably others) for ios. Meaning that blocking the printer from the internet does not prevent the printer from receiving updates, and all of the closed-source platforms are the primary dangers as sources of update print jobs.
Technicall linux/bsd are not garanteed safe either. It's possible for a native linux app to send the same kind of update, but just far less likely without the users knowledge or intent.
You have to go pretty far out of your way to install non-repo software from a printer manufacturers web site, and actively grant it permission to install and activate services that run on their own... And even if you did that, if such software even existed that was not well-behaved, the first time it did that to a linux user that didn't expect it, we would all find out about it and every google search on the topic of linux drivers for that printer would warn about the bad software.
Or just no one would ever actually bother even looking to try to install it in the first place simply because the normal open source drivers and apps work well and the manufacturers software is a crazy mess.
I had a Samsung color laser printer that actually had linux software provided by Samsung that I actually installed just to check it out. HOLY SHITBALLS it was terrible both outwardly just using it as a user and behind the scenes how it was written. Just crazy utter garbage all around. That software, since it wasn't open source, might do anything on it's own just like a Windows driver, including sending a printer update, but it was such junk, and so not-needed, that no linux user ever installs it, so it does no harm even though it exists and could.
I wonder if this is a way to install custom firmware. Probably not. I would guess that the code that decodes the firmware from the print job probably passes it through the same signature check code as the regular firmware update process.
Still it's an interesting route for exploit exploration.
The complexity is really in constructing the replacement firmware to drive the hardware correctly; developing that is probably easier if you dismantle the printer and find debug leads on the motherboard. Getting the common chips like networking going sounds doable, but for the actual printing there's lots of trade secrets around driving the actual printing hardware.
A more likely route: a Chinese factory should be able to make a smallish batch of cheap monochrome laser printers with good-enough print quality, publish badly-written but usable specs for it, and make it easy to replace the firmware.
[0] https://github.com/folbricht/routedns
I went to my home router (a Fritzbox) and just blocked the printer from accessing the internet (it's under Internet -> Filter, and the printer is named BRW90....). Fairly straightforward - that should be a good enough fix, no?
Now the color cartridges keep draining although we never print in color. So of course I do not fit Brother color cartridges! For that reason and others (very average quality when printing from Linux, takes only high quality 90g paper, heads regularly clogged even with Brother ink, color prints ugly even with Brother ink), I am not satisfied with this product. Unfortunately I still have a few years of black ink to consume before getting rid of it.
Which model?
My memory is that it was a trial for 2 or 3 similar models. There was backlash and they never pursued it further.
I saw some mentions that indicated the current uproar is old issue being revisited.
Nevertheless, isn't Brother still the cheapest per page even with official cartridges? I would like to get some recommendations.
Everything is great about it apart from using 3rd party generic toner cartridges. It senses they are not original, does warning messages etc. and forces me to open/close the toner door every time i switch on the printer to get it to function again.
This ball breaking forced me to buy a legit brother toner cartridge at 3x price.
Now, I’m not to pissed off because laser printing is pretty cheap and as long as you are ok with BW prints its pretty good quality and convenient. Never going back to inkjet printers.
My first HP printer forced me to spam the Stop button for 10 seconds every time I turned it on as it would always try to print a colored test page with generous amounts of ink.
The last semi-regular thing I'd print were postage labels for when I sell stuff on eBay. But in the last few years it's changed, now I can just go to the post office with a QR code and it's all done.
Maybe I'm an exception, but I'm surprised other people aren't constantly finding things they need printed.
1. Tax return to mail
2. Other government forms to mail
3. Contracts
Unfortunately, while the majority of the things I do in my life are purely digital, this fails as soon as you interact with the government in any meaningful way off the happy path or interact with the legal system, in those cases hard-copy only with original signatures is required to get anywhere.
Shipping labels. Returning something you bought online? The merchant often will send you a shipping label to print and tape to the package. My wife chooses to buy a lot of clothes online and return the ones that don't fit.
Signs for when we host a large gathering of people. Sometimes it's to label garbage vs recycling (for the large number of aluminum cans, mostly). Usually it's to warn people that one of the cats likes to try and sneak outside, and please watch out and don't let him outside.
Certain government paperwork. While many things can be filled and submitted online, other stuff (passport renewals come to mind) need to be printed and physically mailed. This tends to be very infrequent, but the forms contain personal information. How much do you trust a print shop?
These can usually be printed by the clerk when you drop off the package here if you show the barcode on your phone. Means you need to drop off at a manned location though.