- Are there alternatives as true Open Source drivers?
I know that high end laser printers can be accessed via PCL or PS
protocol, but not so with HP Fax Lasers.
Any ideas highly appreciated!
I am wondering why so many people running Linux for higher security, are nevertheless agreeing on having non-OpenSource components like this on
their machines.
Dear all,
during the last days I tried to install a Printer / Fax from HP (M127fn)
on several different platforms.
- Are there alternatives as true Open Source drivers?
I know that high end laser printers can be accessed via PCL or PS
protocol, but not so with HP Fax Lasers.
Dear all,
during the last days I tried to install a Printer / Fax from HP (M127fn)
on several different platforms.
On every OS it seems the same: You can only get these printers to work
when installing a mandatory proprietary "plugin". This plugin originally comes from HP and you will never see the sources. It's just a binary
"run" file which you may trust and invoke, or not.
As if this was not bad enough, the run file seems to have moved to a different location some days ago, and, hence, on e.g. Mageia 6
installation failed completely, and on Raspbian Stretch I had to do an "apt-get update" prior to being able to proceed.
But even after that I got complaints about not fitting pgp checks and had
to continue even though the plugin potentially was manipulated.
So, at least, this has nothing to do with OpenSource philosophy.
I am wondering why so many people running Linux for higher security, are nevertheless agreeing on having non-OpenSource components like this on
their machines.
- Has anyone found out, what this "plugin" exactly does? And, to which locations the installer ("run file") writes or modifies files?
- Are there alternatives as true Open Source drivers?
I know that high end laser printers can be accessed via PCL or PS
protocol, but not so with HP Fax Lasers.
Any ideas highly appreciated!
Best regards,
Cartridges would always dry out every year.
Laser printers may cost a bit more to buy, but they are ideal for those
of us who have low print volumes because their toner cartridges can't dry out. I average around 2 pages a week at the outside.
Dear all,
during the last days I tried to install a Printer / Fax from HP (M127fn)
on several different platforms.
On every OS it seems the same: You can only get these printers to work
when installing a mandatory proprietary "plugin". This plugin originally comes from HP and you will never see the sources. It's just a binary
"run" file which you may trust and invoke, or not.
As if this was not bad enough, the run file seems to have moved to a different location some days ago, and, hence, on e.g. Mageia 6
installation failed completely, and on Raspbian Stretch I had to do an "apt-get update" prior to being able to proceed.
But even after that I got complaints about not fitting pgp checks and
had to continue even though the plugin potentially was manipulated.
So, at least, this has nothing to do with OpenSource philosophy.
I am wondering why so many people running Linux for higher security, are nevertheless agreeing on having non-OpenSource components like this on
their machines.
- Has anyone found out, what this "plugin" exactly does? And, to which locations the installer ("run file") writes or modifies files?
- Are there alternatives as true Open Source drivers?
I know that high end laser printers can be accessed via PCL or PS
protocol, but not so with HP Fax Lasers.
Any ideas highly appreciated!
Best regards,
Markus
thinking logically about the security issue honest if the printer is a network attached device then the printer firmware itself is a much better place for the manufacturer to install any nefarious software & hide this
data in its phone home status reports.
in which case a binary only driver is the least of you worries
On Wed, 08 May 2019 19:47:37 +0000, Markus Robert Kessler wrote:
Dear all,
during the last days I tried to install a Printer / Fax from HP (M127fn)
on several different platforms.
On every OS it seems the same: You can only get these printers to work
when installing a mandatory proprietary "plugin". This plugin originally
comes from HP and you will never see the sources. It's just a binary
"run" file which you may trust and invoke, or not.
As if this was not bad enough, the run file seems to have moved to a
different location some days ago, and, hence, on e.g. Mageia 6
installation failed completely, and on Raspbian Stretch I had to do an
"apt-get update" prior to being able to proceed.
But even after that I got complaints about not fitting pgp checks and
had to continue even though the plugin potentially was manipulated.
So, at least, this has nothing to do with OpenSource philosophy.
I am wondering why so many people running Linux for higher security, are
nevertheless agreeing on having non-OpenSource components like this on
their machines.
- Has anyone found out, what this "plugin" exactly does? And, to which
locations the installer ("run file") writes or modifies files?
- Are there alternatives as true Open Source drivers?
I know that high end laser printers can be accessed via PCL or PS
protocol, but not so with HP Fax Lasers.
Any ideas highly appreciated!
Best regards,
Markus
thinking logically about the security issue honest if the printer is a network attached device then the printer firmware itself is a much better place for the manufacturer to install any nefarious software & hide this
data in its phone home status reports.
in which case a binary only driver is the least of you worries
Am Wed, 08 May 2019 17:27:45 -0400 schrieb Jonathan N. Little:
Markus Robert Kessler wrote:
Dear all,
during the last days I tried to install a Printer / Fax from HP
(M127fn) on several different platforms.
On every OS it seems the same: You can only get these printers to work
when installing a mandatory proprietary "plugin". This plugin
originally comes from HP and you will never see the sources. It's just
a binary "run" file which you may trust and invoke, or not.
As if this was not bad enough, the run file seems to have moved to a
different location some days ago, and, hence, on e.g. Mageia 6
installation failed completely, and on Raspbian Stretch I had to do an
"apt-get update" prior to being able to proceed.
But even after that I got complaints about not fitting pgp checks and
had to continue even though the plugin potentially was manipulated.
So, at least, this has nothing to do with OpenSource philosophy.
I am wondering why so many people running Linux for higher security,
are nevertheless agreeing on having non-OpenSource components like this
on their machines.
- Has anyone found out, what this "plugin" exactly does? And, to which
locations the installer ("run file") writes or modifies files?
- Are there alternatives as true Open Source drivers?
I know that high end laser printers can be accessed via PCL or PS
protocol, but not so with HP Fax Lasers.
Any ideas highly appreciated!
Best regards,
They are a compressed archives and inside is associated PPDs and some
shared object libraries. The plugin adds support for "Windows" printers
and other functions like fax and scanner on MFP. If you buy some
spankin' new model from the store the in repo version of hplip may not
support that model, but grabbing the latest from
<https://developers.hp.com/hp-linux-imaging-and-printing/gethplip>
will get you up and running.
Hi,
I try to figure out how to trace what such a "run file" is doing exactly.
At least this one has to be run as root (and terminates if not). So,
spying on it is not so easy. Especially if such closed-source binaries
are using "stealth" techniques or try to manipulate the tracing process itself.
Well, one could use a fresh install, as slim as possible, do an md5sum
for every file on disk, before and after installaion. And then compare
the md5 lists. Alas, that would mean that you also find tons of files
that are changed or newly created by the OS anyway.
Same, when using a (VirtualBox) VM.
Any better way?
Thanks,
best regards,
Markus Robert Kessler wrote:
Dear all,
during the last days I tried to install a Printer / Fax from HP
(M127fn) on several different platforms.
On every OS it seems the same: You can only get these printers to work
when installing a mandatory proprietary "plugin". This plugin
originally comes from HP and you will never see the sources. It's just
a binary "run" file which you may trust and invoke, or not.
As if this was not bad enough, the run file seems to have moved to a
different location some days ago, and, hence, on e.g. Mageia 6
installation failed completely, and on Raspbian Stretch I had to do an
"apt-get update" prior to being able to proceed.
But even after that I got complaints about not fitting pgp checks and
had to continue even though the plugin potentially was manipulated.
So, at least, this has nothing to do with OpenSource philosophy.
I am wondering why so many people running Linux for higher security,
are nevertheless agreeing on having non-OpenSource components like this
on their machines.
- Has anyone found out, what this "plugin" exactly does? And, to which
locations the installer ("run file") writes or modifies files?
- Are there alternatives as true Open Source drivers?
I know that high end laser printers can be accessed via PCL or PS
protocol, but not so with HP Fax Lasers.
Any ideas highly appreciated!
Best regards,
They are a compressed archives and inside is associated PPDs and some
shared object libraries. The plugin adds support for "Windows" printers
and other functions like fax and scanner on MFP. If you buy some
spankin' new model from the store the in repo version of hplip may not support that model, but grabbing the latest from
<https://developers.hp.com/hp-linux-imaging-and-printing/gethplip>
will get you up and running.
Hi,
I try to figure out how to trace what such a "run file" is doing exactly.
At least this one has to be run as root (and terminates if not). So,
spying on it is not so easy. Especially if such closed-source binaries
are using "stealth" techniques or try to manipulate the tracing process itself.
Well, one could use a fresh install, as slim as possible, do an md5sum
for every file on disk, before and after installaion. And then compare
the md5 lists. Alas, that would mean that you also find tons of files
that are changed or newly created by the OS anyway.
Same, when using a (VirtualBox) VM.
Any better way?
Thanks,
best regards,
Markus
Markus Robert Kessler wrote:
Hi,Try the following.
I try to figure out how to trace what such a "run file" is doing
exactly.
At least this one has to be run as root (and terminates if not). So,
spying on it is not so easy. Especially if such closed-source binaries
are using "stealth" techniques or try to manipulate the tracing process
itself.
Well, one could use a fresh install, as slim as possible, do an md5sum
for every file on disk, before and after installaion. And then compare
the md5 lists. Alas, that would mean that you also find tons of files
that are changed or newly created by the OS anyway.
Same, when using a (VirtualBox) VM.
Any better way?
Thanks,
best regards,
Markus
1) Download a .run or .sh file intended for install.
It consists of text at the start of the file and binary soon after.
2) Open the file in a hex editor. Scroll down
until the text ends and seemingly binary appears.
The binary is part of a "here is" structure and is being passed to a
command very near to the end of the text section.
3) Where the text ends, the last line ends in 0x0A.
Remove all the text including the 0x0A, save the file to a temporary
file name, such as <thing>.bin
The start of the resulting .bin file is 0x1F 0x8B 0x08 0x00
4) Use the "file" command which should be present in
your distro.
file thing.bin
In the case of the HPLIP run file it says
"gzip compressed data"
This is the first level of containment.
5) Open thing.bin in "Archive Manager". It
will display the folder in the gzip file that is thing.bin. This
will allow easy viewing of the content.
5a) Or, you can do it the old fashioned way.
file thing.bin
(GZIP compressed)
mv thing.bin thing.gz # purely for entertainment value, to make
the following
# easier to understand
gzip -lv thing.gz # list the contents, a single file
"hplip-3.19.3"
gzip -d thing.gz # convert and erase thing.gz, leaving
"hplip-3.19.3"
file hplip-3.19.3 # tells you it's a "tar" file
mv hplip-3.19.3 hplip-3.19.3.tar # purely for entertainment value
mkdir tar_out
mv hplip-3.19.3.tar tar_out/
cd tar_out # work in a clean place so folders don't
spill all over.
# Never trust a tar file to be neat and
tidy!
tar tf hplip-3.19.3.tar # list the files
tar xf hplip-3.19.3.tar # extract the folders and files to tar_out/
Now, examine the files, see how many binary blobs,
how many text files, and so on.
You can see how Archive Manager has saved you from much hand-crafted commands.
If you are on a headless server, you might not have a lot of fancy
tools, and have to do it as in (5a).
Paul
Doug Laidlaw wrote:
On 9/5/19 5:47 am, Markus Robert Kessler wrote:
Dear all,You probably know about the Linux Printer Driver Web site. It is so
during the last days I tried to install a Printer / Fax from HP (M127fn) >>> on several different platforms.
On every OS it seems the same: You can only get these printers to work
when installing a mandatory proprietary "plugin". This plugin originally >>> comes from HP and you will never see the sources. It's just a binary
"run" file which you may trust and invoke, or not.
As if this was not bad enough, the run file seems to have moved to a
different location some days ago, and, hence, on e.g. Mageia 6
installation failed completely, and on Raspbian Stretch I had to do an
"apt-get update" prior to being able to proceed.
But even after that I got complaints about not fitting pgp checks and had >>> to continue even though the plugin potentially was manipulated.
So, at least, this has nothing to do with OpenSource philosophy.
I am wondering why so many people running Linux for higher security, are >>> nevertheless agreeing on having non-OpenSource components like this on
their machines.
- Has anyone found out, what this "plugin" exactly does? And, to which
locations the installer ("run file") writes or modifies files?
- Are there alternatives as true Open Source drivers?
I know that high end laser printers can be accessed via PCL or PS
protocol, but not so with HP Fax Lasers.
Any ideas highly appreciated!
Best regards,
Markus
long since I looked at it, that I can't quote the URL.
It used to be linuxprinting.org, but that got absorbed by the Linux Foundation, and is now http://www.openprinting.org.
Linux "Printer Drivers" (that is, "Postscript Printer Definition" (PPD) files) can be found at http://www.openprinting.org/drivers
My wife has an HP laptop, and I used to have one. It takes ages to
start up. It is too big to be portable, but I can't imagine customers
being happy with the delay. I initially chose Brother printers, because
they support Linux.
I own a Raspberry Pi, but haven't used it as a normal computer.
But PPD files are about as far from closed source as you can find.
So I have no idea what the OP is talking about with hplip being closed source. It isn't.
Dear all,
during the last days I tried to install a Printer / Fax from HP (M127fn)
on several different platforms.
On every OS it seems the same: You can only get these printers to work
when installing a mandatory proprietary "plugin". This plugin originally comes from HP and you will never see the sources. It's just a binary
"run" file which you may trust and invoke, or not.
As if this was not bad enough, the run file seems to have moved to a different location some days ago, and, hence, on e.g. Mageia 6
installation failed completely, and on Raspbian Stretch I had to do an "apt-get update" prior to being able to proceed.
But even after that I got complaints about not fitting pgp checks and had
to continue even though the plugin potentially was manipulated.
So, at least, this has nothing to do with OpenSource philosophy.
I am wondering why so many people running Linux for higher security, are nevertheless agreeing on having non-OpenSource components like this on
their machines.
- Has anyone found out, what this "plugin" exactly does? And, to which locations the installer ("run file") writes or modifies files?
- Are there alternatives as true Open Source drivers?
I know that high end laser printers can be accessed via PCL or PS
protocol, but not so with HP Fax Lasers.
Any ideas highly appreciated!
Best regards,
Markus
On 9/5/19 5:47 am, Markus Robert Kessler wrote:
Dear all,You probably know about the Linux Printer Driver Web site. It is so
during the last days I tried to install a Printer / Fax from HP (M127fn)
on several different platforms.
On every OS it seems the same: You can only get these printers to work
when installing a mandatory proprietary "plugin". This plugin originally
comes from HP and you will never see the sources. It's just a binary
"run" file which you may trust and invoke, or not.
As if this was not bad enough, the run file seems to have moved to a
different location some days ago, and, hence, on e.g. Mageia 6
installation failed completely, and on Raspbian Stretch I had to do an
"apt-get update" prior to being able to proceed.
But even after that I got complaints about not fitting pgp checks and had
to continue even though the plugin potentially was manipulated.
So, at least, this has nothing to do with OpenSource philosophy.
I am wondering why so many people running Linux for higher security, are
nevertheless agreeing on having non-OpenSource components like this on
their machines.
- Has anyone found out, what this "plugin" exactly does? And, to which
locations the installer ("run file") writes or modifies files?
- Are there alternatives as true Open Source drivers?
I know that high end laser printers can be accessed via PCL or PS
protocol, but not so with HP Fax Lasers.
Any ideas highly appreciated!
Best regards,
Markus
long since I looked at it, that I can't quote the URL.
My wife has an HP laptop, and I used to have one. It takes ages to
start up. It is too big to be portable, but I can't imagine customers
being happy with the delay. I initially chose Brother printers, because
they support Linux.
I own a Raspberry Pi, but haven't used it as a normal computer.
On Sat, 11 May 2019 20:02:09 +0000, William Unruh wrote:
But PPD files are about as far from closed source as you can find.I think the OP hasn't yet shed his Windows mental manacles: if something
So I have no idea what the OP is talking about with hplip being closed
source. It isn't.
is downloaded from the manufacturer's site, then it *must* be closed
source and proprietary.
[...]
"closed source" when you include the *source* code?
Am Sat, 11 May 2019 20:29:27 +0000 schrieb Martin Gregorie:
On Sat, 11 May 2019 20:02:09 +0000, William Unruh wrote:
But PPD files are about as far from closed source as you can find.I think the OP hasn't yet shed his Windows mental manacles: if something
So I have no idea what the OP is talking about with hplip being closed
source. It isn't.
is downloaded from the manufacturer's site, then it *must* be closed
source and proprietary.
The "OP" has nothing against Windows, as long as others have to use it :-)
And, if you have a closer look to what is being installed, then you find
out that not only PPD files are installed to your machine -- which are plaintext indeed -- but also several executable shared objects (Windows- slang: "DLLs"). They live in
/usr/share/hplip/{fax,prnt,scan}/plugins/*.so
These files are downloaded when invoking "hp-setup" ==> download, and
they ARE closed source.
B.t.w. I also own a Brother Laser printer and this one is accessed via
PCL protocol. PS can also be used. But this is a professional machine for office use. What we are talking about here is lowcost segment
"Multifunction Fax Printers". Obviously the manufacturers behave
differently in differents price sectors.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Jonathan N. Little wrote:
[...]
"closed source" when you include the *source* code?
Something about the *run file for hplip containing a tarball / archive
of some sort made the OP think it was just running some hidden binary.
I believe in another sub-thread, he has modified that statement.
Might've only been sent to alt.os.linux.ubuntu though -- will try to
find the MID if you like?
My wife has an HP laptop, and I used to have one.  It takes ages to
start up.  It is too big to be portable, but I can't imagine customers
being happy with the delay.  I initially chose Brother printers, because they support Linux.
Dear all,
during the last days I tried to install a Printer / Fax from HP (M127fn)
on several different platforms.
On every OS it seems the same: You can only get these printers to work
when installing a mandatory proprietary "plugin". This plugin originally comes from HP and you will never see the sources. It's just a binary
"run" file which you may trust and invoke, or not.
Sysop: | echicken |
---|---|
Location: | Toronto, Ontario |
Users: | 2,224 |
Nodes: | 6 (0 / 6) |
Uptime: | 09:00:52 |
Calls: | 14,143 |
Files: | 295 |
Messages: | 551,261 |