Hacker News new | ask | show | jobs
by amluto 921 days ago
This is a step in the right direction, but IMO not far enough. Printers can (IIUC) cause the client machines to automatically install “printer support apps”, which are like somewhat limited drivers. They do this stuff:

https://learn.microsoft.com/en-us/windows-hardware/drivers/d...

This includes intercepting the raw XPS data being sent to the printer and modifying it.

It looks like these things are lightly sandboxed, but that’s not enough. These apps get access to extremely sensitive data, and they should be very sandboxed. IMO it should have input access to the document and printer settings, output access to what gets printed, and that’s it. No network, no storage, no Windows API, etc. Think wasm-style sandboxing.

But I don’t think MS thinks like this.
2 comments
isilofi 921 days ago
You very often also need some backchannel from the printer, e.g. for toner levels, available paper sizes, installed options. But there is a more important point:

Printer manufacturers also don't think like this. They desperately want to know what you are printing, order overpriced ink for you, sell additional services like print-by-mail, etc. All that won't work without lots of permissions for the printer support apps.

If it just were about the conversion path (print job, settings) -> (printer data stream), a PDL, filter program and a sandbox would be totally sufficient and nobody would ever need a "printer support app". If a printer needs such an app, it is already using too many privileges anyways, printer support apps should never be needed actually.

Edit: typo.

link
rigid 921 days ago
> Printer manufacturers also don't thing like this

at this point, what are they gonna do? Not provide windows drivers?

link
vulcan01 921 days ago
My family has an HP printer. My father uses Windows, and has had to install an HP app to scan documents. My Mac, on the other hand, can connect, print, and through the built-in "Printers & Scanners" panel in System Settings, or through the Print Center app.

I think this is probably a solved problem. Windows would have to support whatever API Macs use.

link
monocasa 921 days ago
CUPS runs fine on windows as it is.

The problem isn't a technical one.

link
isilofi 921 days ago
Provide drivers using the old model and a set of instructions to enable that.

Edit: I guess instructions won't even be necessary, as far as I've understood, there will just be a warning. And users are already trained to just ignore those.

link
amluto 921 days ago
> You very often also need some backchannel from the printer, e.g. for toner levels

Fine. That runs in a separate sandbox with access to the printer and the ability to display a UI. No other privileges.

> Printer manufacturers also don't think like this.

This is irrelevant. The whole article is about MS forcing a certain model on printer manufacturers.

link
wslh 921 days ago
Yes, we played with printing hooking [1] with the XPS Print API. Capturing and modifying the original document.

Source code available.

[1] https://blog.nektra.com/2015/10/20/instrumenting-the-windows...

link