Author: simonmackay

Article

Germany has defined a minimum standard for secure broadband router design

Germany proposes router security guidelines | ZDNet

From the horse’s mouth

BSI (German Federal Office for Information Security)

TR-03148 Secure Broadband Router 1.0 (PDF)

My Comments

It is being identified that network connectivity devices and devices that are part of the Internet-Of-Things are being considered the weakest point of the secure Internet ecosystem. This is due to issues like security not being factored in to the device’s design along with improper software quality assurance when it comes to the devices’ firmware.

The first major incident that brought this issue to the fore was the Mirai botnet attack on some Websites and dynamic-DNS servers through the use of compromised firmware installed in network videosurveillance cameras. Recently in 2016, a similar Mirai-style attack attempt was launched by the “BestBuy” hacker involving home-network routers built by Zyxel and Speedport.There was a large installed base of these routers because they were provided as standard customer-premises equipment by Deutsche Telekom in Germany. But the attempt failed due to buggy software and the routers crashed.

Now the BSI who are Germany’s federal information-security government department have taken steps towards a baseline set of guidelines concerning security-by-design for these home-network routers. It addresses both the Internet-based attacker sithation and the local-network-based attacker situation such as a computer running malware.

Key requirements

Wi-Fi segments

There are requirements concerning the LAN-side private and guest Wi-Fi segments created by these devices. They have to work using WPA2 or newer standards as the default security standard and the default ESSIDs (wireless network names) and Wi-Fi passphrases can’t relate to the router itself like its make or model or any interface’s MAC address.

As well, guest Wi-Fi and community / hotspot Wi-Fi have to be treated as distinct separate logical networks on the LAN side and they have to be “fenced off” from each other. They will still have access to the WAN interfaces which will be the Internet service. The standard doesn’t address whether these networks should implement client-device isolation because there may be setups involving a requirement to discover printers or multimedia devices on these networks using client software.

Router management

The passwords for the management account or the Wi-Fi segment passphrases have to be tested against a password-strength algorithm when a user defines a new password. This would be to indicate how strong they are, perhaps through a traffic-light indicator. The minimum requirement for a strong password would be to have at least eight characters with at least 2 each of uppercase, lowercase, number and special characters.

For the management account, there has to be a log of all login attempts along with lockout-type algorithms to deter brute-force password attacks. It would be similar to a code-protected car radio that imposes a time delay if the wrong passcode is entered in the radio. There will be an expectation to have session-specific security measures like a session timeout if you don’t interact with the management page for a certain amount of time.

Other requirements for device management will include that the device management Webpage be only accessible from the main home network represented by the primary private Wi-Fi segment or the Ethernet segment. As well, there can’t be any undocumented “backdoor” accounts on the router when it is delivered to the customer.

Firmware updating

But the BSI TR-03148 Secure Broadband Router guidelines also addresses that sore point associated with router firmware. They address the issue of updating your router with the latest firmware whether through an online update or a file you download to your regular computer and upload to the router.

But it is preferred that automatic online updates take place regarding security-related updates. This will most likely extend to other “point releases” which address software quality or device performance. Of course, the end-user will need to manually update major versions of the firmware, usually where new functionality or major user-interface changes take place.

The router manufacturer will be required to rectify newly-discovered high-severity security exploits without undue delay once they are notified. Here, the end users will be notified about these software updates through the manufacturer’s own public-facing Website or the router’s management page.

Like with most regular-computer and mobile operating systems, the use of software signatures will be required to authenticate new and updated firmware. Users could install unsigned firmware like the open-source highly-functional firmware of the OpenWRT kind but they will need to be warned about the deployment of unsigned firmware on their devices as part of the deployment process. The ability to use unsigned firmware was an issue raised by the “computer geek” community who liked to tinker with and “soup up” their network hardware.

Users will also need to be notified when a manufacturer ceases to provide firmware-update support for their router model. But this can hang the end-user high and dry especially if there are newly-discovered weaknesses in the firmware after the manufacturer ceases to provide that software support.

The standard also places support for an “anti-bricking” arrangement where redundant on-device storage of prior firmware can exist. This is to avoid the router from “bricking” or irreversibly failing if downloaded firmware comes with software or file errors.

Other issues that need to be addressed

There are still some issues regarding this standard and other secure-by-design mandates.

One of these is whether there is a minimum length of time for a device manufacturer to continue providing security and software-quality firmware updates for a router model or series after it is superseded. This is because of risks like us purchasing equipment that has just been superseded typically to take advantage of lower prices,  or us keeping a router in service for as long as possible. This may be of concern especially if a new generation of equipment is being released rather than a model that was given a software-compatible hardware refresh.

Solutions that could be used include open-sourcing the firmware like what was done with the Linksys WRT-54G or establishing a known-to-be-good baseline firmware source for these devices while continuing to rectify exploits that are discovered in that firmware.

Another is the existence of a logo-driven “secure-by-design” campaign directed at retailers and the general public in order to encourage us to buy or specify routers that are compliant to this standard.

An issue that needs to be raised is whether to require that the modem routers or Internet-gateways supplied as standard customer-premises-equipment by German ISPs and telcos have a “secure-by-design” requirement. This is more of an issue with Internet service provided to the average household where these customers are not likely to fuss about anything beyond getting Internet connectivity.

Conclusion

The BSI will definitely exert market clout through Europe, if not just the German-speaking countries when it comes to the issue of a home network that is “secure by design”. Although the European Union has taken some action about the Internet Of Things and a secure-by-design approach, they could have the power to make these guidelines a market requirement for equipment sold in to the European, Middle Eastern and African areas.

It could also be seen by other IT bodies as an expected minimum for proper router design for home, SOHO and SME routers. Even ISPs or telcos may see it as an obligation to their customers to use this standard when it comes to specifying customer-premises equipment that is supplied to the end user.

At least the issue of “secured by design” is being continually raised regarding home-network infrastructure and the Internet Of Things to harden these devices and prevent them from being roped in to the next Mirai-style botnet.

Articles

Europe takes steps towards its own single sign-on services

European netID Foundation Launches; Turner Establishes Unified Ad Sales Unit T1 | ExchangeWire

netID provides a single portal where European consumers will be able to manage their data privacy | Videonet

RTL Group, ProSieben.Sat1 form European netID Foundation | TVB Europe

From the horse’s mouth

European NetID Foundation (German language / Deutsche Sprache)

Homepage (Startseite)

netid.de

My Comments

Social sign-on and single-sign-on concept diagram – relationship between the social network and online service

A situation that I am regularly watching is whether European companies are running consumer-facing online service that answer what the Silicon Valley establishment can provide yet maintain the European values of privacy and data-handling transparency. This is rather than the European Commission always tackling the Silicon Valley

It’s all kicking off within Germany thanks to RTL and ProSiebenSat1

titans with the big stick when they get out of control.

Here, the European values about democracy, user privacy and data-handling transparency have been moulded and established due to Continental Europe passing through some of the darkest periods in history. Through these eras, a significant number of European nations were run as police states with their national-security services were conduction mass surveillance at the behest of the nations’ dictators.

Infact the German-speaking countries of Europe have become strong defenders of this ideal by enacting strong data-privacy laws. It was also underscored with Germany showing strong concern regarding their Chancellor Angela Merkel being spied on by the NSA which led to European government having their information and communications technology business run by local businesses.

Initially, there have been some European companies operating in the online file-storage, Web-search and online-audio spaces like with CloudMe, Qwant, Spotify and SoundCloud. Also France is taking steps towards a YouTube competitor in the form of a peer-to-peer video-streaming service known as PeerTube. As well, there have been a few privacy-centric Webmail providers hosted within Europe like Protonmail. Lately the BMW Group worked on its own voice-driven personal assistant platform for its vehicles and I had valued this as a possible base for a European-base voice-driven assistant platform answering Alexa and co.

But the latest service class to have a European answer is single-sign-on for online services. This has been facilitated in a consumer-facing manner as a “social-sign-on” facilitated by social networks, mainly Facebook and Google. Such systems also implemented a simplified provisioning process with the data that you used to establish your Facebook or Google presence being used to create your account as you come onboard to a new online service.

The main European competitor has come in the form of NetID, created by the European NetID Foundation. This startup has been established by the RTL Group, ProSiebenSat1, and United Internet but is partnering with some other German brands like the Suddeutsche Zeitung and Spiegel newspapers along with the Scout24 online classifieds Websites.

Another is Verimi which is established by Allianz, Deutsche Bank and Lufthansa. This is based on the WebID video legitimisation service to facilitate verification of customers when they establish bank accounts or credit cards. This company is wanting to underscore the quality ethos behind the “Made In Germany” brand.

They offer a single-sign-on experience and a “hardened identity” service to facilitate online transactions. But the end-users have greater control over their own data and this is being driven by the GDPR and other European data-privacy regulations. Let’s not forget that the data is kept on servers that are within Europe.

The European NetID Foundation do expect to work beyond Germany with the desire to cut in to France, Belgium, Netherlands and Austria at the start. This could be facilitated very easily by the RTL Group who have private commercial TV or other media presence in multiple European countries or ProSiebenSat1 who effectively have private commercial TV presence across German-speaking Europe.

There is the one “data point” for each individual customer to make their data-privacy wishes clear. It is accessible from multiple Websites like those run by the different media providers. But each customer has the ability to have granular opt-in / opt-out control over their data with, for example, the ability to let a company they trust run targeted advertising for them but not allow another company they don’t trust to run that same service. The other key factor behind the European NetID Foundation is that it is an open-platform approach with an open-source codebase.

There is also the concept of customer data being managed by a third-party agent but effectively under the control of these end-users. It is also underscored by an open approach that supports the European transparency value and the data cannot be used by a company until the user grants them consent to that data.

At the moment, the European NetID Foundation is at is early days but it will be needing to approach other sign-on situations including support for devices with limited user interfaces. Here, this would be either be about setting up an account with or signing in to an online video service from a TV using its remote control for example.

Personally, I would like to see these companies offer their alternative single-sign-on services beyond Europe, especially to organisations who support and honour European business values.  But I see it as another step towards Europe creating their own online services that break away from Silicon Valley’s stranglehold on our online life.

Article

You can use Amazon Alexa on any Windows 10 computer thanks to a generally-available Microsoft Store app

Control Alexa from your Windows 10 PC | CNet

My Comments

Amazon are releasing a Windows 10 native app that serves as a gateway to their Alexa voice-driven home-assistant ecosystem. Initially this was a very limited release that was preinstalled on certain computer ranges like Lenovo’s Yoga laptop range, but they are making it generally available through the Microsoft Store in the USA. This means you could install it on any Windows 10 desktop, laptop or 2-in-1 rather than having to buy one of the certain computers that come with this function if you want to speak to Alexa through that computer.

It will be targeted for any regular computer that is running Windows 10 as long as it has a microphone and the usual keyboard. There will be the ability to invoke Alexa through a keyboard shortcut or to click / tap the Alexa button within the app. The “Wake On Voice” functionality where you can speak the “Alexa” keyword to invoke Alexa will be available on some supported computers.

At the moment, the Amazon Alexa native app for Windows 10 doesn’t provide the kind of management that its iOS or Android mobile-platform brethren provide. This means that you will have to use the Alexa management Web page to manage the Skills available to your Echo devices or the smart-home ecosystem that they are part of.

This will make your Windows laptop work a bit like the Amazon Echo

The other question that may be raised by Amazon as part of developing the Alexa app further is whether the Alexa app will provide a visual interface of the “Echo Show” kind for those skills that have visual abilities. It may be seen as a further direction for third-party Alexa-platform devices to answer the Google Assistant (Home) platform.

I would expect that these features will come through in newer versions of this app. Similarly I would expect that this app would be rolled out in to all of the markets that Amazon has established the Alexa / Echo ecosystem in to over time.

The Alexa app is part of a strong effort by the two Seattle-based IT giants to provide a strong partnership between their efforts i.e. the Windows desktop operating system for Microsoft and the Alexa voice-assistant / smart-home ecosystem for Amazon.

This effort was initially represented through the availability of “pathway” skills between Microsoft’s Cortana and Amazon’s Alexa assistants. It is with the ability also to provide the necessary abilities to users to interlink their user accounts on each of these services for transparent operation.

It could be seen to be about Microsoft dumping the Cortana assistant’s home-automation roles. Or it could be about Amazon and Microsoft to fuse together their voice-driven assistants in a manner to build a highly-strung Seattle-based voice-driven assistant platform to take on what is being offered by Silicon Valley.

Previous Coverage

Are you sure you are casting your vote or able to cast your vote without undue influence?

Being aware of fake news in the UK

Fact-checking now part of the online media-aggregation function

Useful Australian-based resources

ABC Fact Check – ran in conjunction with RMIT University

Political Parties

Australian Labor Party (VIC, NSW)

Liberal Party – work as a coalition with National Party (VIC, NSW)

National Party – work as a coalition with Liberal Party (VIC, NSW)

Australian Greens – state branches link from main page

One Nation (Pauline Hanson)

Katter’s Australia Party

Derryn Hinch’s Justice Party

Australian Conservatives

Liberal Democratic Party

United Australia Party

My Comments

Over the next six months, Australia will see some very critical general elections come to pass both on a federal level and in the two most-highly-populated states that host most of that country’s economic and political activity. On October 30 2018, the election writs were recently served in the state of Victoria for its general election to take place on November 24 2018. Then, on the 23 March 2019, New South Wales will expect to go to the polls for its general election. Then the whole country will expect to go to the polls for the federal general election by 18 May 2019.

As these election cycles take place over a relatively short space of time and affecting , there is a high risk that Australians could fall victim to misinformation campaigns. This can subsequently lead to state and federal ballots being cast that steer the country against the grain like what happened in 2016 with the USA voting in Donald Trump as their President and the UK voting to leave the European Union.

Look for tags within Google News that describe the context of the story

The issue of fake news and misinformation is being seen as increasingly relevant as we switch away from traditional media towards social media and our smartphones, tablets and computers for our daily news consumption.  This is thanks to the use of online search and news-aggregation services like Google News; or social media like Facebook or Twitter which can be seen by most of us as an “at-a-glance” view of the news.

As well, a significant number of well-known newsrooms are becoming smaller due to the reduced circulation and ratings for their newspaper or radio / TV broadcast thanks to the use of online resources for our news. It can subsequently lead to poor-quality news reporting and presentation with a calibre equivalent to the hourly news bulletin offered by a music-focused radio station. It also leads to various mastheads plagiarising content from other newsrooms that place more value on their reporting.

The availability of low-cost or free no-questions-asked Web and video hosting along with easy-to-use Web-authoring, desktop-publishing and desktop-video platforms make it feasible for most people to create a Web site or online video channel. It has led to an increased number of Websites and video channels that yield propaganda and information that is dressed up as news but with questionable accuracy.

Another factor that has recently been raised in the context of fake news, misinformation and propaganda is the creation and use of deepfake image and audio-visual content. This is where still images, audio or video clips that are in the digital domain are altered to show a falsehood using artificial-intelligence technology in order to convince viewers that they are dealing with original audio-visual resource. The audio content can be made to mimic an actual speaker’s voice and intonation as part of creating a deepfake soundbite or video clip.

It then becomes easy to place fake news, propaganda and misinformation onto easily-accessible Web hosts including YouTube in the case of videos. Then this content would be propagated around the Internet through the likes of Twitter, Facebook or online bulletin boards. It is more so if this content supports our beliefs and enhances the so-called “filter bubble” associated with our beliefs and media use.

There is also the fact that newsrooms without the resources to rigorously scrutinise incoming news could pick this kind of content up and publish or broadcast this content. This can also be magnified with media that engages in tabloid journalism that depends on sensationalism to get the readership or keep listeners and viewers from switching away.

The borderless nature of the Internet makes it easy to set up presence in one jurisdiction to target the citizens of another jurisdiction in a manner to avoid being caught by that jurisdiction’s election-oversight, broadcast-standards or advertising-standards authority. Along with that, a significant number of jurisdictions focus their political-advertising regulation towards the traditional media platforms even though we are making more use of online platforms.

Recently, the Australian Electoral Commission along with the Department of Home Affairs, Australian Federal Police and ASIO have taken action on an Electoral Integrity Assurance Task Force. It was in advance of recent federal byelections such as the Super Saturday byelections, where there was the risk of clandestine foreign interference taking place that could affect the integrity of those polls.

But the issue I am drawing attention to here is the use of social media or other online resources to run fake-news campaigns to sway the populace’s opinion for or against certain politicians. This is exacerbated by the use of under-resourced newsrooms that could get such material seen as credible in the public’s eyes.

But most of Silicon Valley’s online platforms are taking various steps to counter fake news, propaganda and disinformation using these following steps.

Firstly, they are turning off the money-supply tap by keeping their online advertising networks away from sites or apps that spread misinformation.

They also are engaging with various fact-check organisations to identify fake news that is doing the rounds and tuning their search and trending-articles algorithms to bury this kind of content.

Google users can report Autocomplete suggestions that they come across in their search-engine experience/

They are also maintaining a feedback loop with their end-users by allowing them to report fake-news entries in their home page or default view. This includes search results or autocomplete entries in Google’s search-engine user interface. This is facilitated through a “report this” option that is part of the service’s user interface or help pages.

Most of the social networks and online-advertising services are also implementing robust user-account-management and system-security protocols. This includes eliminating or suspending accounts that are used for misinformation. It also includes checking the authenticity of accounts running pages or advertising campaigns that are politically-targeted through methods like street-address verification.

In the case of political content, social networks and online-advertising networks are implementing easily-accessible archives of all political advertising or material that is being published including where the material is being targeted at.

ABC FactCheck – the ABC’s fact-checking resource that is part of their newsroom

Initially these efforts are taking place within the USA but Silicon Valley is rolling them out across the world at varying timeframes and with local adaptations.

Personally, I would still like to see a strong dialogue between the various Social Web, search, online-advertising and other online platforms; and the various government and non-government entities overseeing election and campaign integrity and allied issues. This can be about oversight and standards regarding political communications in the online space along with data security for each stakeholder.

What can you do?

Look for any information that qualifies the kind of story if you are viewing a collection of headlines like a search or news-aggregation site or app. Here you pay attention to tags or other metadata like “satire”, “fact checking” or “news” that describe the context of the story or other attributes.

Most search engines and news-aggregation Websites will show up this information in their desktop or mobile user interface and are being engineered to show a richer set of details. You may find that you have to do something extra like click a “more” icon or dwell on the heading to bring up this extra detail on some user interfaces.

Trust your gut reaction to that claim being shared around social media. You may realise that a claim associated with fake news may be out of touch with reality. Sensationalised or lurid headlines are a usual giveaway, along with missing information or copy that whips up immediate emotional responses from the reader.

Check the host Website or use a search engine like Google to see if the news sources you trust do cover that story. You may come across one or more tools that identify questionable news easily, typically in the form of a plug-in or extension that works with your browser if its functionality can be expanded with these kind of add-ons. It is something that is more established with browsers that run on regular Windows, Mac or Linux computers.

It is also a good idea to check for official press releases or similar material offered “from the horse’s mouth” by the candidates, political parties, government departments or similar organisations themselves. In some cases during elections, some of the candidates may run their own Web sites or they may run a Website that links from the political party’s Website. Here, you will find them on the Websites ran by these organisations and may indicate if you are dealing with a “beat-up” or exaggeration of the facts.

As you do your online research in to a topic, make sure that you are familiar with how the URLs are represented on your browser’s address bar for the various online resources that you visit. Here, be careful if a resource has more than is expected between the “.com”, “.gov.au” or similar domain-name ending and the first “/” leading to the actual online resource.

Sometimes the good ol’ radio can be the trusted news source

You may have to rely on getting your news from one or more trusted sources. This would include the online presence offered by these sources. Or it may be about switching on the radio or telly for the news or visiting your local newsagent to get the latest newspaper.

Examples of these are: the ABC (Radio National, Local radio, News Radio, the main TV channel and News 24 TV channel), SBS TV, or the Fairfax newspapers. Some of the music radio stations that are part of a family run by a talk-radio network like the ABC with their ABC Classic FM or Triple J services will have their hourly newscast with news from that network. But be careful when dealing with tabloid journalism or commercial talkback radio because you may be exposed to unnecessary exaggeration or distortion of facts.

As well, use the social-network platform’s or search engine’s reporting functionality to draw attention to fake news, propaganda or misinformation that is being shared or highlighted on that online service. In some cases like reporting inappropriate autocomplete predictions to Google, you may have to use the platform’s help options to hunt for the necessary resources.

Here, as we Australians faces a run of general-election cycles that can be very tantalising for clandestine foreign interference, we have to be on our guard regarding fake news, propaganda and misinformation that could affect the polls.

Netgear Nighthawk 5G Mobile Hotspot – first retail 5G device

Article – From the horse’s mouth

NETGEAR

NETGEAR Nighthawk® 5G Mobile Hotspot – World’s First Standards-Based Millimeter Wave Mobile 5G Device (Blog Post)

My Comments

There has been a lot of talk about 5G mobile broadband lately with Telstra running consumer trials of this technology in the Gold Coast using 5G “Mi-Fi” devices installed at fixed locations.

Of course, some people are seeing it as an alternative to wireline and fibre next-generation broadband deployments. Here, they are trying to see the technology as an enabler for the “digital nomadic” lifestyle where people live and work while roaming from place to place, keeping in touch with the world with mobile telecommunications technology.

But NETGEAR and AT&T have stepped forward with a production-grade consumer endpoint device as part of a production-grade 5G network being rolled out across the USA. It is typically assumed that the first production-grade consumer endpoint device for a new mobile broadband technology will be a smartphone of some sort or a USB wireless-broadband modem. But this time it is a highly-portable “Mi-Fi” router in the form of a NETGEAR Nighthawk 5G Mobile Hotspot.

Here, it is to use a device that could support high-throughput data transfer arrangements with a network of mobile devices and take advantage of what a production 5G network could offer. As well, the WAN (Internet) aspect of the NETGEAR Nighthawk 5G Mobile Hotspot is based on millimetre-wave technology and is designed according to standards.

Being the first device of its kind, there could be issues with connection reliability because of it implementing technology that is too “cutting-edge”. As more service providers “light up” standards-based 5G networks in more areas and more device manufacturers offer 5G mobile-endpoint devices, it will be the time to show whether 5G can really satisfy mobile-broadband users’ needs or be a competitor to fixed broadband.

I will update this article as NETGEAR and AT&T release more information about this Mi-Fi’s capabilities.

Introduction

I am reviewing the Brother HL-L3230CDW which is their latest iteration of a colour LED-based xerographic printer. These xerographic printers works in a similar manner to a laser printer but uses a row of LEDs rather than a laser steered by moving mirrors to light the imaging drum with what you are printing as part of the printing process.

Brother is positioning the HL-L3230CDW as a follow-on model to their HL-3170CDW colour LED printer and its stablemates. But they are also running this model as a baseline printer for their new colour LED xerographic printing engine. The higher-priced pureplay stablemates based on the new engine also have a colour LCD touchscreen and offer more in the way of walk-up printing options such as working with Brother’s Web Connect online printing subsystem. There are also some colour LED multifunction printers with the fax-equipped models supporting this same Web Connect as well.

Prices

Printer

RRP: AUD$329

Toners

Servicing and Other Parts (Laser Printers)

The printer itself

Connectivity and Setup

The control panel on the Brother HL-L3230CDW colour LED printer

The Brother HL-L3230CDW is able to connect to your computer directly via USB or via your home network using Wi-Fi 4 (802.11g/n) or Ethernet. This review will be the first product review on HomeNetworking01.info to implement the new Wi-Fi Alliance “generation mumbering” scheme that has just been set in stone when it comes to what kind of connectivity to expect from a Wi-Fi wireless-network device.

There is a small LCD display as well as a D-pad for basic machine setup functionality so you are not expecting much from this printer beyond a baseline print device.

Toner cartridges and drum units in the Brother HL-L3230CDW colour LED printer

You have to open a lid to gain access to the toner cartridges. drum units and belt unit. Here, each colour toner cartridge is installed in its drum unit but you separately replace the toner cartridge and the drum unit unlike what happens with HP LaserJet printers.

Here, each of the parts are easy to remove and reinstall which can be of benefit when dealing with paper jams. If you are dealing with a paper jam that occurred around the back of the printer, the fuser rollers are exposed when you open the back panel and release another black plastic panel to rectify the paper jam. This is a risky situation due to these rollers being hot after a print job.

Toner cartridge and drum unit as separate pieces – installed in a similar manner to Brother monochrome laser printers

A security issue that will always come up regarding dedicated-function devices that connect to your network and the Internet is making sure these devices are kept up-to-date with the latest firmware. This is something I will be paying attention to regarding these devices and writing up about in these product reviews.

Brother integrates in to their print monitor software installed on your computer a software-update monitoring function. If there are new versions of the driver or printer firmware, this program will let you know so you can update this software, whereupon you can update this software. It will lead to the installation of a printer-firmware update tool to install newer firmware.

Paper Handling

The Brother HL-L3230CDW has a standard paper tray for ordinary document paper. But like most of the popularly-priced Brother printers. it has a single-sheet multipurpose feed slot which can be annoying if you are doing things like run a batch of labels or print on special media.

Walk-up functions

Due to its position in the market for its product type as an economy “bare-bones” printer, this printer doesn’t offer walk-up printing from USB, network or online resources.

Computer functions

I have installed the driver software on to my Windows 10 computer from Brother’s official support Website and this installation went according to plan.

As for printing from mobile devices, the Brother HL-L3230CDW can print using Brother’s own iPrint&Scan app. But it supports driver-free printing in the form of Apple’s AirPrint and the Mopria platform as well as supporting Google Cloud Print.

There is support for code-based secure job release but it requires you to enter the pre-determined release code using a “pick-and-choose” method not dissimilar to text entry on a Smart TV or video peripheral using its remote control.

Print speed and quality

If the Brother HL-L3230CDW colour LED printer hasn’t been used for a significant amount of time, it would take around 20 seconds to yield the first page of the document from when you send the print job from your computer. If it was recently used, the printer would take around 10 seconds to turn out the first page of the print job. This is something that would be expected for most economy laser printers.

This printer would yield sharp crisp document output even for colour work thus making it suitable for basic office printing including printing of desktop publishing work.

I printed two test photos using Windows 10 Photos app along using the best printing-quality setting available and they came out slightly pale compared with Brother’s recent premium colour laser printer – the HL-L8350CDW. Most of the colours still come out vibrant although it doesn’t handle the flesh tones really well.

Even though I haven’t had the chance to personally test the Brother HL-3170CDW or its stablemates that are based on the second-generation LED xerographic print engine, I had noticed a significant improvement on photo output quality over the generations compared to when I tested the HL-3075CW which used Brother’s first-generation LED xerographic print engine.  What is showing up with the Brother HL-L3230CDW is that it is capable of yielding photo output that is good for ordinary use but not fully presentation-grade.

The Brother HL-L3230CDW’s LED print engine is the second colour LED print engine that Brother designed to implement an automatic duplexer across all of the models. But I have paid some attention to registration shift between the front and back of the same sheet of paper during a double-sided print run. Here, I had noticed a slight vertical shift where the back page was slightly shifted down from the front by a few millimetres. This is something that may be common with most desktop printers equipped with this feature but may be of concern with turning out print jobs like doorknob hangers, luggage tags or the like where you need to cut out a particular shape.

Unlike the premium Brother colour laser printers, the Brother HL-L3230 doesn’t implement a “quick turnaround” approach to automatic duplexing. Rather it seems to work one sheet of paper at a time while doing a double-sided print run.

Limitations And Points Of Improvement

One feature that Brother could work on with the economy colour LED printers is the registration shift for auto-duplexing. Here, they could make sure that there isn’t any drift between the front and back of the printed page, which can be of benefit for printing special-shaped work. It can also lead towards designing automatic duplexer mechanisms for printers that are paper-agile such as being able to work with smaller paper sizes or thicker paper.

The manual bypass tray could be able to support multiple sheets of paper, which can be of benefit if you are turning out a significant quantity of labels, printed envelopes or other special documents.

Another issue that will be of concern is the cost to replace the drum units when they come up for replacement. This can cause one to consider buying a new printer from the same range rather than replacing the necessary parts. It is more so where the drum units are being rated for fewer pages than the other components.

Another improvement I would like to see regarding this printer is the option to start a firmware update for a network-connected printer from its control panel through the “Machine Info” menu. This could be augmented through a message on the printer’s display to say that new firmware is available like I have seen with some of the multifunction units they offer.

Conclusion and Placement Notes

Personally, I would see the Brother HL-L3230CDW as an entry-level casual-use option for a xerographic-based colour printer that is suited for small jobs. This could be something that is a home office or a private “document-preview” printer.

An issue that will be of concern is that if at least one drum unit or the belt unit comes up for replacement at the same time as a toner replacement, it could make us think that this printer is worth replacing rather than the necessary parts. This is a problem that I see being endemic with economy-positioned printers.

The HDMI and DisplayPort outputs make use of the display audio device driver for sound they send to the external display

Some of you may take stock of what device drivers and software exist on your Windows computer and may find two or more audio device drivers on your computer with one being referred to as an “HDMI” or “Display” audio driver. Such a driver will have a reference to the graphics chipsets that are installed in your computer. Why does this driver exist and how could I take advantage of this setup?

The standard audio setup

Most computers are nowadays equipped with an on-board audio infrastructure of some sort. This was initially a sound card but is nowadays an on-board audio chipset like Realtek or Intel HD Audio. Here, it would have its own digital-analogue audio circuitry and would be serving integrated speakers or audio equipment like computer speakers that are connected to the computer’s own audio jacks.

The better implementations would have an SP/DIF audio output which would serve an outboard digital-analogue converter or digital amplifier. In this case, the audio infrastructure would repackage the sound in to an SP/DIF-compliant form either as a PCM stream or a bitstream supporting Dolby Digital.

In this case, the above-mentioned sound infrastructure would work with its own driver software and be listed as a distinct audio device in Windows. With most of the recent laptops that have sound tuning provided typically by a name-of-respect in the professional-audio or hi-fi scene, this driver also has the software component that is part of this tuning.

HDMI and DisplayPort adds a point of confusion

HDMI output for monitor as a unique audio playback device in Windows

HDMI and DisplayPort display connections have the ability to transport a digital audio stream along with the video stream over the same cable. Therefore, display-chipset and graphics card manufacturers have had to support digital-audio transport for host-computer audio through these connections.

In some early setups, it required that the computer’s sound card or audio chipset expose a digital-audio stream via the HDMI or DisplayPort connection. With graphics cards, this typically required a wired connection between an SP/DIF digital output on a sound card or motherboard audio chipset and a digital input on the graphics card.

But recent implementations used a cost-effective digital-audio processor as part of the graphics infrastructure which simply repackages the digital audio stream from the host computer to a form that can be handled by the display or audio device connected via the HDMI or DisplayPort connection. During the initial setup of an HDMI or DisplayPort connection, it will be about determining what audio codecs, bit-depths and sampling frequencies the connected monitor, TV, home-theatre receiver or other audio-equipped device can handle.

If you connect your computer to your monitor or TV even via the HDMI connections on one of these home-theatre receivers, you will be using the HDMI audio subsystem and display audio driver as outlined here

This also applies to computers and display setups that use the USB-C port as a “DisplayPort alt” connection like some of the laptops that have come my way for product review. But if you are using a USB-C expansion module that has audio connections, you may find that this device may use a USB-based sound chipset to serve those connections. Typically this chipset will use the USB Audio Device class drivers that are part of the operating system rather than the “display audio” drivers.

If you connect your computer to your display via an HDMI audio device like a home-theatre receiver, soundbar or HDMI audio adaptor, you will find that the audio device will be identified as the sound-output device for the “display audio” device.

In this case, you would see another audio device listed in your computer’s audio device list with a name that references your computer’s graphics chipset like Intel Display Audio or AMD HDMI Audio. The only audio-endpoint device that these drivers refer to are whatever audio device is connected to your computer’s HDMI or DisplayPort connection.

If you use the HDMI input on your in-room AV connection panel like this one at Rydges Melbourne, you would have to use the “display-audio” sound driver for your computer’s sound

Where you connect a computer to a speaker-equipped display or audio device that uses HDMI / DisplayPort alongside a traditional audio input connection like RCA or 3.5mm jack, the “display audio” driver would be used while you use the HDMI or DisplayPort connections. This also applies to the device connection panels you may find in your hotel room and you connect your laptop to the HDMI input on these panels. In this case, you have to use the “display audio” driver when you select the “virtual channel” or source associated with the HDMI input.

What do I do about the existence of these “display audio” drivers?

If you are trying to rationalise the driver software that exists on your computer, don’t remove the “display audio” or “HDMI audio” drivers associated with your computer’s graphics infrastructure. This is because if you connect a TV, monitor with speakers or home-theatre audio device to your computer via the HDMI or DisplayPort connections and you remove the “display audio” driver, the sound won’t play through devices connected via those connections.

Instead, keep these “display audio” drivers up-to-date as part of updating your computer’s graphics-infrastructure software. Here, it will preserve best compatibility for the communications, games and multimedia software and Websites you run on your computer if you are using audio-capable devices connected via HDMI or DisplayPort along with this audio-capable hardware hanging off these ports.

Also remember that if you are using an audio-capable display device connected via the HDMI or DisplayPort connections, you need to use the “diisplay audio” driver to hear your computer’s or application’s sound through that device. This may require you to have it as a “default sound playback device” for software that doesn’t support audio-device switching like Spotify or Web browsers.

Computer systems with multiple graphics chipsets

Computer systems that implement multiple graphics chipsets may also run multiple “display audio” drivers for each chipset. Here, the audio to be sent via the HDMI or DisplayPort output would be processed by the “display audio” chipset for the currently-used chipset.

Some setups may require you to manually select the “display audio” chipset that you are using when you are directing the sound via your audio-equipped display device. This may especially apply to the use of external graphics modules.

But on the other hand, a multiple-graphics-chipset computer may implement a virtual “display audio” or “HDMI audio” driver that automatically steers sound output to the HDMI or DisplayPort device via the currently-used graphics chipset without you needing to intervene. This kind of driver will be relevant with computers that implement NVIDIA Optimus or similar logic to automatically select the appropriate chipset depending on whether you are after high graphics performance or longer battery runtime.

A solution for “steering” Windows sound output towards the devices you want

You can steer particular applications’ sound through your laptop’s HDMI output using the display audio driver

When I installed the Windows 10 April Update (Build 1803) on my computer, I had found the improved sound-management ability that this operating system update offers can make better use of this arrangement. I chose to create a sound setup to steer multimedia to better sound outputs while keeping the audio prompts that Windows makes during errors towards a lower-quality output and documented how this is done.

Here, the “display audio” driver will earn its keep as a way to allow the speakers in your smart TV, home-theatre setup or audio-equipped monitor connected to your computer’s HDMI or DisplayPort output to be used only by the software that you want.

There are two situations that this will encompass. One is to have a laptop connected to the large TV or home-theatre setup for some Netflix binge-watching or full-on game-playing but you rather have Windows sound its notification sounds through the laptop’s own small speakers.

The other is where you use a monitor with not-so-great speakers as your primary display but want music or other multimedia to come out through a better sound system connected to your computer. It also includes desktop computers used in an AV playout role with a projector and PA system conveying the audio-video content to the audience but using a monitor with not-so-great speakers as the operator’s display.

The first situation involving a laptop would have the standard audio driver serving the integrated speakers set up as a “default” sound device while the Web browser, game or multimedia software uses the display-audio driver as the output device. The second situation using a monitor with not-so-great speakers would have the display-audio driver as the default driver while the Web browser or multimedia software handling the AV content to be played to the audience uses the audio driver associated with the better sound system.

Conclusion

Simply, the “display audio” or “HDMI audio” driver works with your computer’s graphics infrastructure as a separate audio driver to present sound from your computer to an audio-capable monitor or A/V device connected via its DisplayPort or HDMI connections.