Configuring Ubuntu to access a wireless HP printer

hplip is an opensource project to support multiple HP printers on Linux. On Ubuntu 12.04 I already had this installed, but running ‘sudo hp-setup’ gave me this error:

kev@ubuntu:~$ sudo hp-setup

HP Linux Imaging and Printing System (ver. 3.12.2)
Printer/Fax Setup Utility ver. 9.0

Copyright (c) 2001-9 Hewlett-Packard Development Company, LP
This software comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to distribute it
under certain conditions. See COPYING file for more details.

warning: Qt/PyQt 4 initialization failed.
error: hp-setup requires GUI support (try running with --qt3). Also, try using interactive (-i) mode.

A quick Google turned up this post, and installing hplip-gui installed the missing libraries and got me up and running.

sudo apt-get install hplip-gui

Starting up hp-setup again and following the wizard to point to the IP of my printer was all I needed to get my printer working.

Spring Roo @RooEntity from 1.1.x replaced in 1.2.x

If you have an older Spring Roo project created from Spring Roo 1.1.x and you’re trying to imported it to a more recent STS version and/or trying to upgrade to a later 1.2.x version of Spring Roo, you may be seeing these errors:

RooEntity cannot be resolved to a type

@RooEntity was replaced in Spring Roo 1.2.x with @RooJpaActiveRecord. Replace this in all your Entity classes and you should be good to go.

This is discussed in this thread.

@RooJpaActiveRecord is covered in the docs here.

‘Security by obscurity’ is not an effective security approach

This is a true story. I just came across a website, which I will not name (yes, I have emailed them to let them know of their issue), that provides a number of tutorials for download for a fee. They also have some free samples that you can download for free that are excerpts from the main materials.

I found the website from a Google search, and one of the search results was a pdf from their site on the topic I was looking for. Once I started browsing the tutorial contents however, I noticed that the file I’d found from my Google search appeared to cover far more pages in one chapter than should have been covered by one of the listed sample downloads, it was a complete chapter.

Thinking this was odd, I noticed that each sample download pdf listed in the tutorial table of contents had a range of pages in the file name, for example chapter1_1-2.pdf, but the file I had come across was chapter2_10-20.pdf

Out of curiosity it didn’t take too much guess work to change my url to point to chapter1_1-9.pdf and I’d downloaded a whole another chapter of material that should have only been accessible as paid materials. Looking at the other file names for the other chapter samples, it was easy to guess all the other filenames for all the other chapters too.

This wasn’t an isolated case. This particular website has a number of tutorials online following the same pattern. Given the example filenames from the free samples, it’s possible to guess all the full download files for all of their tutorials.

What the website owners and/or developers of their site had done was rely on ‘security through obscurity’ – the direct links to the paid materials were not listed on the website, but there was no security to prevent anyone from downloading the paid materials for free, even if they hadn’t paid to access the paid content. They had in effect hidden the paid materials in plain view.

The second mistake was to use an obvious pattern in the file names so that it was easy to guess the file names for the paid content. The table of contents which included links to a small number of sample pages made this easier, because it illustrated that the chapter files were numbered sequentially, and since there was a sample download for the first couple of pages for each chapter, it was easy to deduce that the files names were for all the other pages for the paid content.

If there was another authentication mechanism in place for paying customers to logon on to the site first before they could download content then the sequential nature of the file names wouldn’t be as much of an issue. The fact that there was no other security on the site however, meant that the table of contents with it’s sample links pretty much gave away the names of all the paid content.

‘Security by Obscurity’ is a very ineffective security mechanism. You can assume that ‘no-one will be able to find these files, right?’ but that’s a pretty bad assumption. If you think there’s a chance that no-one will find the files, it also means there’s a chance that someone will find the files. If your business is to make money from selling access to these paid materials, then this is a risk you cannot afford to take.