The news was abuzz yesterday with coverage of a study released by Columbia University researchers warning consumers that HP laser printers are wide open to remote tampering and hacking. The researchers claim that the vast majority of printers from HP’s LaserJet line accept firmware updates without checking for any sort of digital authentication, allowing malicious users to abuse the machines remotely. The researchers go so far as to claim that modified firmware can be used to overheat the printer’s fuser, causing fires, to send sensitive documents to criminals, and even force the printers to become part of a botnet.
Officials at HP were quick to counter the claims, stating that all models built in 2009 and beyond require firmware to be digitally signed. Additionally, they say that all of the brand’s laser printers are armed with a thermal cutoff switch which would mitigate the fuser attack vector before any real fire risk would present itself. Despite HP’s statements, the researchers stand by their claims, asserting that vulnerable printers are still available for purchase at major office supply stores.
While most external attacks can easily be prevented with the use of a firewall, the fact that these printers accept unsigned firmware is undoubtedly an interesting one. We are curious to see if these revelations inspire anyone to create their own homebrew LaserJet firmware with advanced capabilities (and low toner warning overrides), or if this all simply fizzles out after a few weeks.
While watching his thin client boot up [Nav] noticed that it’s using some type of Linux kernel. He wondered if it were possible to run a full-blow desktop distribution on the device. A little poking around he got a Debian desktop distribution running on a thin client.
The hardware he’s working with is an HP t5325. It’s meant to be a dumb client, connecting to a backend machine like a Windows Terminal Server or via SSH. But it’s got a 1.2 GHz ARM processor and [Nav’s] preliminary investigations revealed the it’s running a version of Debian for ARM. He used CTRL-C during the boot sequence to derail that process and dump him to a shell. The login was easy enough to guess as the username and password are both ‘root’.
Once he’s got that root access it was slash and burn time. He got rid of the HP-specific setup and made way for additional Debian modules like the apt system. This isn’t trivial, but he’s worked out a bunch of sticking points which makes the process easier. With the repository tools loaded you can install Xserver and Gnome for a full-blown desktop on the embedded hardware.
[Thice] had himself a problem. As luck would have it his HP laser printer died shortly after the warranty period expired, and HP was ready to charge him €350 to repair it. Since that would pretty much buy [Thice] a new one, he decided to try fixing the problem himself. He scoured the Internet for a solution to his problem, and luckily discovered that his printer might be recoverable.
The entire LaserJet M1522 series is apparently pretty prone to breaking, with the formatter board being the usual point of failure. To fix his printer, he disassembled the outer shell, removing the formatter board from the unit. Once the onboard battery was removed, he constructed a set of standoffs using aluminum foil, and set the board in his oven at 180°C (~356°F) for about eight minutes.
After cooling, he reinstalled the board, and his printer behaved as good as new. [Thice] says that the only problem with his fix is that he needs to bake the board every 6 months or so, making this a great hack but not the most ideal solution in the long term.
Solder connections on processors seem to be a very common failure point in modern electronics. Consider the Red Ring of Death (RRoD) on Xbox 360 or the Yellow Light of Death (YLoD) on PlayStation 3. This time around the problem is a malfunctioning Nvidia GPU on an HP Pavilion TX2000 laptop. The video is sometimes a jumbled mess and other times there’s no video at all. If the hardware is older, and the alternative to fixing it is to throw it away, you should try to reflow the solder connections on the chip.
This method uses a heat gun, which we’ve seen repair PCBs in the past. The goal here is to be much less destructive and that’s why the first step is to test out how well your heat gun will melt the solder. Place a chunk of solder on a penny, hold the heat gun one inch above it and record how long it takes the solder to flow. Once you have the timing right, mask off the motherboard (already removed from the case) so that just the chip in question is accessible. Reflow with the same spacing and timing as you did during the penny test. Hopefully once things cool down you’ll have a working laptop or gaming console again.
Here’s another junk music performance to add to the list. [bd594] put together this rendition of Queen’s Bohemian Rhapsody on assorted computing equipment. The lead piano sound is from an Atari 800XL. Lead guitar is a Texas Instruments TI-99/4a. An 8inch floppy plays bass while a HP ScanJet 3C covers the vocals. He had to dub the scanner four times to get all of the vocal parts. He wanted to use four independent scanners but the prices on eBay were forbidding. The use of oscilloscopes to show the wave forms in the video is a nice touch. Check out our post about Radiohead’s Nude for more examples of this.
Gadget blogs have been a fluster the last day about TechCrunch stating that netbooks “just aren’t good enough“. Writing a response post hasn’t proven very hard given the number of factual errors in the original. Boing Boing Gadgets points out that the low-end of the spectrum that TC post seems to cover are almost impossible to purchase because they’re so outdated. Liliputing rightly states that comparing the browsing experience to the iPhone isn’t worthwhile since it’s entirely a software problem. Laptop goes so far as to recommend the HP Mini 1000 and Samsung NC10 specifically for their keyboard. TechCrunch isn’t alone in their opinion; this week Intel stated that using the ultra portable devices was “fine for an hour“. TechCrunch is designing a web tablet right now using the collective wisdom of blog commenters. Looks like they’re just reboxing a netbook for the prototype.
We cover the netbook market for different reasons than most: Their low low price makes people much more willing to hack on the device. For the price of a smartphone, you’re getting a fully capable laptop. The low performance doesn’t matter as much since we’re running different flavors of Linux that are much lighter than Windows. People running OSX86 are doing it to address a market that Apple doesn’t.
What’s your experience with netbooks? Do you have one that you adore or are you annoyed by their shortcomings? Models we’ve covered in the past include the Acer Aspire One, Asus Eee PC, Dell Mini 9, and MSI Wind.
[Photo: Onken Bio-pot]
[Aaron Nelson] of Hijinks Inc. wrote up how he installed OSX on his HP TouchSmart IQ507. It looks and works like you would expect, save for a few things. The touchscreen works, but the calibration is so far off it’s useless. The most important things, like ethernet and the memory card reader, work fine. [Nelson]’s biggest frustration is that he has to disable the on board audio every time he logs in, so that the keyboard and mouse will be recognized. He is working on improvements, and would love to hear any suggestions you have.