Michael Eriksson's Blog

A Swede in Germany

Posts Tagged ‘hardware

The plights of printing / Canon MG5650

leave a comment »

My printer for the last three (?) years, a Canon MG5650, has been a great source of problems.

Today, this included the idiocy that the color-cartridges are allegedly empty and that it tried to refuse me the right to print in black-and-white until I had them exchanged! Indeed, the printer locked up to the degree that it was not even possible to e.g. access the main menu of the printer… (Fortunately, there is a work-around that allows this check to be disabled on a per-cartridge basis—a prolonged simultaneous press of the “down-arrow” and “encircled triangle” buttons. On the down-side, this could endanger the printer, should I ever do try to print in color, because apparently printing with low ink can damage it—specifically, IIRC, the print-heads.)

This is extremely annoying on two counts: Firstly, the contents of the color-cartridges have no bearing whatsoever on a black-and-white print. Still, people are put in a situation where they might have to forego an urgent print and/or incur unnecessary extra costs.* Secondly, the only use of the color-cartridges that I have ever made is printing a few test pages, including for alignment of the print-heads, and a single call of the routine to clean the print-heads—they simply should not be empty at this juncture. (Unless, cf. a below footnote, Canon wastes my ink.)

*I note that the above-mentioned work-around is not suggested by the printer and that most users will likely not even know that a work-around exists. I found it on the Internet.

Of course, Canon has a corresponding opportunity of an unethical gain, well in line with common tricks of the industry, including attempts to prevent re-filling of cartridges or purchases of cartridges from independent suppliers at a considerably lower cost. (This through means like patents, design changes, and, perfidiously, chips that try keep track of previous printing, rather than the actual ink level. The latter might be the explanation for the allegedly empty cartridges in my case.)

A few weeks ago, while the printer was already complaining about the color-cartridges being almost empty, I found myself unable to print for another reason—the black* cartridge suddenly was empty. This with not one word of preceding warning, while the printer had kept harping about the color-cartridges for weeks. This forced me to forego a few printouts that I needed for a meeting, because I did not have anywhere near the time to buy a new cartridge. Had I had an advance warning, I could have bought one in time and been up-and-running in the thirty seconds it takes to change a cartridge…

*The main black one—not the little black one intended for photos or whatnots.

Ever since my move to Wuppertal, the printer had ever-and-ever-again complained that it was out of paper—while the tray was full. Indeed, often a mere press of “OK”,* without even touching the paper tray, was enough to cause printing, proving how flawed the complaint was. Worse, this complaint comes at the end of an endless-feeling period where the printer just makes noises (presumably, trying to load or detect paper), which causes the overall printing time to explode. About a month ago, I took a screw-driver, removed** and re-attached the tray, having made good experiences with the disassemble–reassemble approach on other items. Since then, the number of complaints have dropped from an average of one or two per printed page to a single complaint for a-dozen-or-so*** pages.

*The request by the printer is to fill the (allegedly empty) paper tray and then to press “OK”.

**There are a few screws and plastic attachments on the bottom of the printer.

***Which by my standards is a print-heavy month. (Otherwise, I would have attempted a correction a lot earlier.)

A great idiocy is a recommendation that the user print at least several pages in both color and black-and-white every week to avoid that the print-heads clog (or whatnot).* If I were to do that, almost all my color-printing (and a sizable portion of my black-and-white printing) would amount to printing-for-the-sake-of-preserving-the-print-heads. This would run up unnecessary costs and, obviously, lead me to the point where empty color-cartridges prevent black-and-white printing that much sooner (cf. above; note that the color-cartridges are a lot smaller than the black cartridge). Of course, Canon has little incentive to make the printer less sensitive, because the sooner new cartridges are sold, the more money it makes.

*I apologize for being vague on the details. I read this somewhere in official recommendations when the first warnings concerning the color-cartridges appeared, many weeks ago; and do not have the motivation to go back to look for details.

Then we have issues like long start-up and shut-down times,* a surprising amount of noise,* keys that carry obscure icons instead of text, an on-display navigation that ignores the left and right arrows,** …

*Both might be connected to internal maintenance programs or similar that might be a cause of wasted ink, which might explain my color-cartridges. Possibly, this can be avoided by not turning the printer on-and-off, but I use mine less than once a week on average, making this wasteful in other regards. To boot, fire-safety advice is typically to not leave electronic devices in the stand-by mode but to turn them of entirely. Of course, again, Canon has little incentive to be more economical with the ink…

**In favor of three keys below the display, which makes the navigation highly counter-intuitive. By all means, keep the extra keys—but also make the arrows work as expected. There is no need for an either–or.

However, my poor experiences have not been limited to this printer. (And not because I use Linux: CUPS et co. have done a very good job so far.) I note e.g. how:

  1. I helped my mother buy a printer (brand forgotten), did a test print of a black text, and was puzzled by the slightly brownish result. It turns out that the printer had chosen to print the black text using the color-cartridges, increasing cost and losing print quality (achieving a true black print through mixing colors is very hard). I went into the printer settings, disabled color-printing entirely, and now the same text came out black. (Note that I have made very certain to take corresponding steps with any printer that I have bought myself since then. A similar issue is not the explanation for the allegedly empty cartridges of my MG5650, unless it does some weird trickery on the hardware side.)
  2. At the beginning of the Windows Vista era, I bought a notebook with Vista pre-installed. At roughly the same time, I bought a new printer (brand forgotten), which was explicitly declared as Vista compatible. It turned out not to be… Moreover, my Internet searches back then indicated that such mislabeling was comparatively common.

    (While I was already a dedicated Linux user, I had no experience with Linux on notebooks or of (non-laser) printing under Linux, and I had heard again and again that both were complicated, did not work as intended, whatnot. For this reason, I originally stayed with Vista. Seeing that Vista was an absolute usability disaster, I eventually did try to install Linux—and it worked like a charm (as it has with any later notebook of mine). This particular printer, I had already returned, so I do not know whether it would have worked under Linux, but I do know that my MG5650 was easy to install. If I had but trusted in Linux to begin with… In all fairness, however, these might have been much more problematic areas in even earlier times.)

  3. Further back (possibly, 1998 resp. 2002), I had two Lexmarks (models forgotten, but different) under Windows. The first had, in terms of user-friendliness, one of the most awful print-apps, printer drivers, or whatnots that I have ever encountered. As I bought the second a few years later, I reasoned that with the years in between, Lexmark was bound to have improved. No: The second had virtually the same hopelessly idiotic interface.

    (Generally, I have found the manufacturer-provided interfaces somewhat to very poor. Under Linux, in contrast, CUPS, lpr, lpq, etc. provide a much more user-friendly and almost device independent interface. I might or might not miss out on some special settings, but this has not hurt me to date. Indeed, with printers or with other gadgets, I would prefer it, if more time was spent on developing standardized interfaces/APIs/whatnot for standard functionality and less on providing nice-to-have functionality over non-standard interfaces.)

Advertisements

Written by michaeleriksson

April 23, 2019 at 1:51 am

Posted in Uncategorized

Tagged with , , , ,

Meltdown and Spectre are not the problem

with one comment

Currently, the news reporting in the IT area is dominated by Meltdown and Spectre—two security vulnerabilities that afflict many modern CPUs and pose a very severe threat to at least* data secrecy. The size of the potential impact is demonstrated by the fact that even regular news services are paying close attention.

*From what I have read so far, the direct danger in other regards seems to be small; however, there are indirect dangers, e.g. that the read data includes a clear-text password, which in turn could allow full access to some account or service. Further, my readings on the technical details have not been in-depth and there could be direct dangers that I am still unaware of.

However, they are not themselves the largest problem, being symptoms of the disease(s) rather than the disease it self. That something like this eventually happened with our CPUs, is actually not very surprising (although I would have suspected Intel’s “management engine”, or a similar technology, to be the culprit).

The real problems are the following:

  1. The ever growing complexity of both software and hardware systems: The more complex a system, the harder it is to understand, the more likely to contain errors (including security vulnerabilities), the more likely to display unexpected behaviors, … In addition, fixing problems, once found, is the harder, more time consuming, and likelier to introduce new errors. (As well as a number of problems not necessarily related to computer security, notably the greater effort needed to add new features and make general improvements.)

    In many ways, complexity is the bane of software development (my own field), and when it comes to complicated hardware products, notably CPUs, the situation might actually be worse.

    An old adage in software development is that “any non-trivial program contains at least one bug”. In the modern world, we have to add “any even semi-complex program contains at least one security vulnerability”—and modern programs (and pieces of hardware) are more likely to be hyper-complex than semi-complex…

  2. Security is something rarely prioritized to the degree that it should be, often even not understood. In doubt, “Our program is more secure!” is (still) a weaker sales argument than “Look how many features we have!”, giving software manufacturers strong incentives to throw on more features (and introduce new vulnerabilities) rather than to fix old vulnerabilities or to ensure that old bugs are removed.

    Of course, more features usually also lead to greater complexity…

  3. Generally, although not necessarily in this specific case: A virtual obsession with having everything interfacing with everything else, especially over the Internet (but also e.g. over mechanisms like the Linux D-bus). Such generic and wide-spread interfacing brings more security problems than benefit; for reasons that include a larger interface (implying more possible points of vulnerability), a greater risk to accidentally share private information*, and the opening of doors for external enemies to interact with the software and to deliberately** send data after a successful attack.

    *Be it through technical errors or through the users and software makers having different preferences. For an example of the latter, consider someone trying to document human-rights violations by a dictatorship, and who goes to great length to keep the existence of a particular file secret, including keeping the file on an encrypted USB drive and cleaning up any additional files (e.g. an automatic backup) created during editing. Now say that he opens the file on his computer—and that the corresponding program immediately adds the name and path of the document to an account-wide list of “recently used documents”… (Linux users, even those not using an idiocy like Gnome or KDE, might want to check the file ~/.local/share/recently-used.xbel, should they think that they are immune—and other files of a similar nature are likely present for more polluted systems.)

    **With the particularly perfidious variation of a hostile maker of the original software, who abuses an Internet connection to “phone home” with the user’s private information (cf. Windows 10), or a smart-phone interface to send spam messages to all addresses in the user’s address book, or similar.

To this might, already or in the future, government intervention, restrictions, espionage, whatnot, be added.

The implications are chilling. Consider e.g. the “Internet of things”, “smart homes”, and similar, low benefit* and high risk ideas: Make your light-bulbs, refrigerators, toasters, whatnot, AIs and connect them to the Internet and what will happen? Well, sooner or later one or more of them will be taken over by a hostile entity, be it a hacker or the government, and good-bye privacy (and possibly e.g. money). Or consider trusting a business with a great reputation with your personal data, under the solemn promise that they will never be abused: Well, the business might be truthful, but will it be sufficiently secure for sufficiently long? Will third-parties that legitimately** share the data also be sufficiently secure? Do not bet your life on it—and if you “trust” a dozen different businesses, it is just a matter of time before at least some of the data is leaked. Those of you who follow security related news will have noted a number of major revelations of stolen data being made public on the Internet during the last few years, including several incidents involving Yahoo and millions of Yahoo users.

*While there are specific cases where non-trivial benefits are available, they are in the minority—and even they often come with a disproportional threat to security or privacy. For instance, to look at two commonly cited benefits from this area: Being able to turn the heating in ones apartments up from the office shortly before leaving work, or down from a vacation resort, is a nice feature. Is is more than a nice-to-have, however? For most people, the answer is “no”. Do I actually want my refrigerator to place an order with the store for more milk when it believes that I am running out? Hell no! For one thing, I might not want more milk, e.g. being about to leave for a vacation; for another, I would like to control the circumstance sufficiently well myself, e.g. to avoid that I receive one delivery for (just) milk today, another for (just) bread tomorrow, etc. For that matter, I am far from certain that I would like to have food deliveries be a common occurrence in the first place (for reasons like avoiding profile building and potential additional costs).

**From an ethical point of view, it can be disputed whether this is ever the case; however, it will almost certainly happen anyway, in a manner that the business considers legitimate, the simply truth being that it is very common for large parts of operations to be handled by third-parties. For example, at least in Germany, a private-practice physician almost certainly will have lab work done by an external contractor (who will end up with name, address, and lab results of the patient) and have bills handled by a factoring company (who will end up with name, address, and a fair bit of detail about what took place between patient and physician)—this despite such data being highly confidential. Yes, the patient can refuse the sharing of his data—but then the physician will just refuse taking him on as a patient… To boot, similar information will typically end up with the patient’s insurance company too—or it will refuse to reimburse his costs…

On paper, I might look like a hardware makers dream customer: In the IT business, a major nerd, living behind the keyboard, and earning well. In reality, I am more likely to be a non-customer, to a large part* due to my awareness of the many security issues. For instance, my main use of my smart-phone is as an alarm clock—and I would not dream of installing the one-thousand-and-one apps that various businesses, including banks and public-transport companies, try to shove down the throat of their customers in lieu of a good web-site or reasonably customer support. Indeed, when we compare what can be done with a web-site and with a smart-phone app (in the area of customer service), the app brings precious little benefit, often even a net detriment, for the customer. The business of which he is a customer, on the other hand, has quite a lot to gain, including better possibilities to control the “user experience”, to track the user, to spy on other data present on the device, … (All to the disadvantage of the user.)

*Other parts include that much of the “innovation” put on the market is more-or-less pointless, and that what does bring value will be selling for a fraction of the current price to those with the patience to wait a few years.

Sadly, even with wake-up calls like Meltdown and Spectre, things are likely to grow worse and our opportunity to duck security risks to grow smaller. Twenty years from now, it might not even be possible to buy a refrigerator without an Internet connection…

In the mean time, however, I advice:

  1. My fellow consumers to beware of the dangers and to prefer more low-tech solutions and less data sharing whenever reasonably possible.
  2. My fellow developers to understand the dangers of complexity and try to avoid it and/or reduce its damaging effects, e.g. throw preferring smaller pieces of software/interfaces/whatnot, using a higher degree of modularization, sharing less data between components, …
  3. Businesses to take security and privacy seriously and not to unnecessarily endanger the data or the systems of their customers.
  4. The governments around the world to consider regulations* and penalties to counter the current negative trends and to ensure that security breaches hurt the people who created the vulnerabilities as hard as their customers—and, above all, to lay off idiocies like the Bundestrojaner!

    *I am not a friend of regulation, seeing that it usually does more harm than good. When the stakes are this high, and the ability or willingness to produce secure products so low, then regulation is the smaller of the two evils. (With some reservations for how well or poorly thought-through the regulations are.)

Written by michaeleriksson

January 7, 2018 at 1:08 am