On 12/09/2014 04:32 PM, Bastien Nocera wrote:
Is it really so awful to ask a user:
Do you want to expose Eclipse to the network ? (of course worded
in a better way than my poor English skills can do).
Probably not, but it's not implementable in the current state of
things.
Understood.
Do we
Hi
On Thu, Dec 11, 2014 at 11:49 PM, M. Edward (Ed) Borasky wrote:
Is there an upvote mechanism for that? I'd like to join the chorus if I
can. ;-)
No. Voting is limited to FESCo members. However, if you feel you have
something more to add than the in-numerous responses already in this
- Original Message -
On 10 December 2014 at 11:47, Bastien Nocera bnoc...@redhat.com wrote:
snip
I see no
explanation of why rygel needs a random port or why it cannot supply
that information to firewalld. The same goes for any others that have
random ports.
Because that's
On Thu, Dec 11, 2014 at 06:03:49AM -0500, Bastien Nocera wrote:
There's absolutely no way that firewalld is going to be anything but a
Fedora-only thing, which is a first problem in getting any patches to
upstream projects. Which is the first problem.
Well, it's a CentOS and RHEL thing, and
Kevin Kofler wrote:
I just happened to look at the firewalld default settings, and I was not
amused when I noticed this:
http://pkgs.fedoraproject.org/cgit/firewalld.git/tree/FedoraWorkstation.xml
port protocol=udp port=1025-65535/
port protocol=tcp port=1025-65535/
This firewall is a
Is there an upvote mechanism for that? I'd like to join the chorus if I can. ;-)
On Thu, Dec 11, 2014 at 7:06 PM, Kevin Kofler kevin.kof...@chello.at wrote:
Kevin Kofler wrote:
I just happened to look at the firewalld default settings, and I was not
amused when I noticed this:
On 10 December 2014 at 00:43, Bastien Nocera bnoc...@redhat.com wrote:
- Original Message -
On 9 December 2014 at 13:47, Matthew Miller mat...@fedoraproject.org wrote:
On Tue, Dec 09, 2014 at 01:11:33PM +, Ian Malone wrote:
have a proposal for a new spin focused on privacy and
Am 10.12.2014 um 06:08 schrieb Simo Sorce:
Most users have no idea what NAT, TCP or ports are
sadly yes
nor should they!
*they should* damned
people should stop to evangelize that users do not need to know anything
and then design operating systems based on that self-fulfilling prophecy
- Original Message -
On 10 December 2014 at 00:43, Bastien Nocera bnoc...@redhat.com wrote:
- Original Message -
On 9 December 2014 at 13:47, Matthew Miller mat...@fedoraproject.org
wrote:
On Tue, Dec 09, 2014 at 01:11:33PM +, Ian Malone wrote:
have a
- Original Message -
Am 10.12.2014 um 06:08 schrieb Simo Sorce:
Most users have no idea what NAT, TCP or ports are
sadly yes
nor should they!
*they should* damned
people should stop to evangelize that users do not need to know anything
and then design operating systems
- Original Message -
Bastien Nocera wrote:
For example, RTSP streaming, Rhythmbox remote control for iOS, music
sharing via DAAP, DLNA sharing via rygel, but also DLNA client usage
(through Videos), and VNC are impacted. This is a non-exhaustive list for
the default applications
Am 10.12.2014 um 12:47 schrieb Bastien Nocera:
Even if we chose static ports for those (or rather port ranges, because if you
have multiple users running, you'd need multiple ports), leaving only those
ports
opened wouldn't stop other random applications from choosing those ports to
do
On 12/10/2014 12:38 AM, Simo Sorce wrote:
On Wed, 10 Dec 2014 05:46:32 +0100
Kevin Kofler kevin.kof...@chello.at wrote:
Pete Travis wrote:
Lets say I do have an understanding of network basics, just for the
sake of argument. I share my application with you. The
application is intended to
On 12/10/2014 12:01 AM, Kevin Kofler wrote:
Stephen John Smoogen wrote:
In the end, this is a tempest in a teapot. The release is out and it is
done.
The release is out, but there are an expected 13 months of security updates,
of which this ought to be the first.
and there is a precedent of
On Wed, 2014-12-10 at 05:57 +0100, Kevin Kofler wrote:
VNC?! You think it's a good idea to allow REMOTE CONTROLLING YOUR
DESKTOP by
default???
The firewall must not block VNC. VNC is a GNOME feature and it must work
if enabled. It's disabled by default, because it'd be stupid to have it
Bastien Nocera wrote:
Even if we chose static ports for those (or rather port ranges, because if
you have multiple users running, you'd need multiple ports), leaving only
those ports opened wouldn't stop other random applications from choosing
those ports to do something nefarious. You're just
On 12/09/2014 07:54 PM, Kevin Kofler wrote:
Stephen Gallagher wrote:
services: dhcpv6-client dns freeipa-ldap freeipa-ldaps samba-client
ssh
With the default Workstation policy, does that enumerate all 129022 open
unprivileged ports?
# firewall-cmd --list-all
FedoraWorkstation (active)
On 9 December 2014 at 21:31, Kevin Kofler kevin.kof...@chello.at wrote:
Stephen John Smoogen wrote:
In the end, this is a tempest in a teapot. The release is out and it is
done.
The release is out, but there are an expected 13 months of security
updates,
of which this ought to be the
On 10 December 2014 at 11:47, Bastien Nocera bnoc...@redhat.com wrote:
- Original Message -
On 10 December 2014 at 00:43, Bastien Nocera bnoc...@redhat.com wrote:
- Original Message -
On 9 December 2014 at 13:47, Matthew Miller mat...@fedoraproject.org
wrote:
On
On Tue, 2014-12-09 at 17:29 +1030, William B wrote:
I just happened to look at the firewalld default settings, and I
was not amused when I noticed this:
http://pkgs.fedoraproject.org/cgit/firewalld.git/tree/FedoraWorkstation.xml
port protocol=udp port=1025-65535/
port
Am 09.12.2014 um 10:08 schrieb Nikos Mavrogiannopoulos:
On Tue, 2014-12-09 at 17:29 +1030, William B wrote:
I just happened to look at the firewalld default settings, and I
was not amused when I noticed this:
http://pkgs.fedoraproject.org/cgit/firewalld.git/tree/FedoraWorkstation.xml
port
Subject: Re: Workstation Product defaults to wide-open firewall
Message-ID: 54862c26.9020...@gmail.com
Content-Type: text/plain; charset=utf-8; format=flowed
On 08/12/14 16:33, Matthew Miller wrote:
On Mon, Dec 08, 2014 at 02:31:58PM +, Ian Malone wrote:
There are three products
- Original Message -
As one who maintains a remix for journalists, I expect the default for
a workstation should be that you mus* explicitly know what you are
doing to open a port, and enable or start a service - the default
release should have a minimum attack surface by design.
- Original Message -
sudo firewall-cmd --set-default-zone=FedoraServer
That will limit it to SSH, DHCPv6 and cockpit
Or use default zone Public, which swaps cockpit out and adds mDNS
Or if you're Reindl Harald-level paranoid (no offense intended, Harald
but
On Mon, 2014-12-08 at 16:30 +0100, Kevin Kofler wrote:
Bastien Nocera wrote:
If this had been discussed on this list, as it is supposed to, the
objections would have come in much earlier.
If you're interested in Workstation-specific features, you need to
subscribe to
- Original Message -
Stephen Gallagher wrote:
Also, while I think it's been unclear in this thread, the main reason
that the firewall GUI was taken out was because the Workstation guys
want to design a more user-understandable one and include that directly
(if I am remembering
On Mon, 2014-12-08 at 10:49 -0500, Bastien Nocera wrote:
If Reindl, Kevin or Tomas want to disagree with that, I'll give you a
little
exercise:
Having just installed and updated my Fedora 20, I want to share a
video in my
home directory using UPnP/DLNA to my TV, using rygel for example.
Hi,
I also thought that the whole points of having Zones etc, was so that
we could pick a different zone per network connection,
/me too.
so if I'm in the office or at home I can say use this zone, if I'm
at a coffee shop I can pick a different one etc.
Or was this consider too
On Tue, Dec 09, 2014 at 12:54:59PM +0100, Gerd Hoffmann wrote:
Why we can't have something like this? And if you don't want a popup
asking, have something in the NetworkManager applet menu, where people
can easily find the switch without having to search for it? A [x]
allow sharing checkbox?
to wide-open firewall
Message-ID:
1627776125.20134262.1418122486256.javamail.zim...@redhat.com
Content-Type: text/plain; charset=utf-8
Is it possisible that the real reason for this decision from gnome was to
fix
a long outstanding bug in gnome-user-share?
It wasn't.
It caused
On Tue, Dec 09, 2014 at 12:35:23PM +0100, Michael Catanzaro wrote:
We are concerned with practical security -- keeping the user safe by
anticipating the user's typical response to situations. But if you think
the firewall configuration GUI in F20 existed for any purpose other than
to
On 9 December 2014 at 11:35, Michael Catanzaro mcatanz...@gnome.org wrote:
On Mon, 2014-12-08 at 10:49 -0500, Bastien Nocera wrote:
If Reindl, Kevin or Tomas want to disagree with that, I'll give you a
little
exercise:
Having just installed and updated my Fedora 20, I want to share a
video
On Tue, 2014-12-09 at 03:34 +0100, Kevin Kofler wrote:
Because Fedora is aggressively marketing a Product with a major
security
vulnerability as its primary Product.
To the extent that this is any argument at all: neither Ubuntu nor
Debian enables a firewall.
signature.asc
Description: This
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 09 Dec 2014 10:08:06 +0100
Nikos Mavrogiannopoulos n...@redhat.com wrote:
On Tue, 2014-12-09 at 17:29 +1030, William B wrote:
I just happened to look at the firewalld default settings, and I
was not amused when I noticed this:
On Tue, 2014-12-09 at 07:27 +0100, Kevin Kofler wrote:
Stephen Gallagher wrote:
Also, while I think it's been unclear in this thread, the main reason
that the firewall GUI was taken out was because the Workstation guys
want to design a more user-understandable one and include that
On 8 December 2014 at 15:33, Matthew Miller mat...@fedoraproject.org wrote:
On Mon, Dec 08, 2014 at 02:31:58PM +, Ian Malone wrote:
There are three products: workstation, server, cloud. Workstation is
the one for desktop use. That leaves server to aim for the traditional
fedora user base,
- Original Message -
On 9 December 2014 at 11:35, Michael Catanzaro mcatanz...@gnome.org wrote:
On Mon, 2014-12-08 at 10:49 -0500, Bastien Nocera wrote:
If Reindl, Kevin or Tomas want to disagree with that, I'll give you a
little
exercise:
Having just installed and updated my
- Original Message -
On Tue, Dec 09, 2014 at 12:54:59PM +0100, Gerd Hoffmann wrote:
Why we can't have something like this? And if you don't want a popup
asking, have something in the NetworkManager applet menu, where people
can easily find the switch without having to search for
Am 09.12.2014 um 14:16 schrieb Bastien Nocera:
On Tue, Dec 09, 2014 at 12:54:59PM +0100, Gerd Hoffmann wrote:
Why we can't have something like this? And if you don't want a popup
asking, have something in the NetworkManager applet menu, where people
can easily find the switch without having
- Original Message -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 09 Dec 2014 10:08:06 +0100
Nikos Mavrogiannopoulos n...@redhat.com wrote:
On Tue, 2014-12-09 at 17:29 +1030, William B wrote:
I just happened to look at the firewalld default settings, and I
Am 09.12.2014 um 14:23 schrieb Bastien Nocera:
[1]: I haven't seen anything but arm-flailing on that issue. If somebody wants
to
go into details about what a server running inside the user's session would be
able to do that a client wouldn't be able to, feel free.
you realize the difference
- Original Message -
Am 09.12.2014 um 14:16 schrieb Bastien Nocera:
On Tue, Dec 09, 2014 at 12:54:59PM +0100, Gerd Hoffmann wrote:
Why we can't have something like this? And if you don't want a popup
asking, have something in the NetworkManager applet menu, where people
can
- Original Message -
Am 09.12.2014 um 14:23 schrieb Bastien Nocera:
[1]: I haven't seen anything but arm-flailing on that issue. If somebody
wants to
go into details about what a server running inside the user's session would
be
able to do that a client wouldn't be able to,
@lists.fedoraproject.org
Subject: Re: Product defaults to wide-open firewall
Message-ID:
1627776125.20134262.1418122486256.javamail.zim...@redhat.com
Content-Type: text/plain; charset=utf-8
Is it possisible that the real reason for this decision from gnome was to
fix
a long outstanding bug
On Mon, 2014-12-08 at 16:41 +0100, Kevin Kofler wrote:
So you rather implement the type of OS that just always assumes Yes
without even asking? Because that's what the current firewall rules
do
(between quotes because it can hardly be called a firewall in that
state).
How's that more
On Mon, 2014-12-08 at 18:56 -0800, M. Edward (Ed) Borasky wrote:
is Workstation the only Fedora-branded release with those ports open?
Yes
signature.asc
Description: This is a digitally signed message part
--
devel mailing list
devel@lists.fedoraproject.org
Am 09.12.2014 um 14:32 schrieb Bastien Nocera:
Am 09.12.2014 um 14:23 schrieb Bastien Nocera:
[1]: I haven't seen anything but arm-flailing on that issue. If somebody
wants to
go into details about what a server running inside the user's session would
be
able to do that a client wouldn't be
On Tue, Dec 09, 2014 at 01:11:33PM +, Ian Malone wrote:
have a proposal for a new spin focused on privacy and security — the
Netizen Spin. (If you're interested, I think that could use additional
contributors.)
I was under the impression spins were to be phased out. I could be
wrong,
On Tue, Dec 09, 2014 at 02:41:08PM +0100, Michael Catanzaro wrote:
is Workstation the only Fedora-branded release with those ports open?
Yes
Well, no. Fedora Cloud doesn't include any iptables rules by default.
(The assumption is that it'll be run in a cloud environment with
security groups at
On 9 December 2014 at 13:39, Michael Catanzaro mcatanz...@gnome.org wrote:
So your challenge is to find an alternative default that
supports it.
I'd go even further. I don't think the people writing the vast number
of lengthy posts on this thread actually want to *use* workstation,
with the
On Mon, 2014-12-08 at 17:08 -0430, Robert Marcano wrote:
Adding to that, this decision bring me memories to the awful old case
when someone decided that the install anything from the repositories
was
permitted to any user on the system by default, that was reverted
with
an update because
On 12/09/2014 08:53 AM, Reindl Harald wrote:
Am 09.12.2014 um 14:16 schrieb Bastien Nocera:
On Tue, Dec 09, 2014 at 12:54:59PM +0100, Gerd Hoffmann wrote:
Why we can't have something like this? And if you don't want a popup
asking, have something in the NetworkManager applet menu, where
On 12/09/2014 09:20 AM, Michael Catanzaro wrote:
On Mon, 2014-12-08 at 17:08 -0430, Robert Marcano wrote:
Adding to that, this decision bring me memories to the awful old case
when someone decided that the install anything from the repositories
was
permitted to any user on the system by
- Original Message -
Am 09.12.2014 um 14:32 schrieb Bastien Nocera:
Am 09.12.2014 um 14:23 schrieb Bastien Nocera:
[1]: I haven't seen anything but arm-flailing on that issue. If somebody
wants to
go into details about what a server running inside the user's session
would
On Tue, 2014-12-09 at 14:41 +0100, Michael Catanzaro wrote:
On Mon, 2014-12-08 at 18:56 -0800, M. Edward (Ed) Borasky wrote:
is Workstation the only Fedora-branded release with those ports open?
Yes
No, actually. The Fedora Cloud ships with no firewall at all (but that's
because it's
On 12/09/2014 09:27 AM, Robert Marcano wrote:
What I see frequently are applications that are installed from outside
the Fedora repositories, that can be forced to behave like Fedora
packaging rules, with secure defaults before sharing, being installed
and the user that don't know much about
On 12/09/2014 08:50 AM, Richard Hughes wrote:
On 9 December 2014 at 13:39, Michael Catanzaro mcatanz...@gnome.org wrote:
So your challenge is to find an alternative default that
supports it.
I'd go even further. I don't think the people writing
On Tue, 2014-12-09 at 08:23 -0500, Bastien Nocera wrote:
- Original Message -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 09 Dec 2014 10:08:06 +0100
Nikos Mavrogiannopoulos n...@redhat.com wrote:
On Tue, 2014-12-09 at 17:29 +1030, William B wrote:
I
- Original Message -
From: Robert Marcano rob...@marcanoonline.com
To: Development discussions related to Fedora
devel@lists.fedoraproject.org
Sent: Tuesday, December 9, 2014 8:57:51 AM
Subject: Re: Workstation Product defaults to wide-open firewall
On 12/09/2014 08:53 AM
- Original Message -
From: Brian Wheeler bdwhe...@indiana.edu
To: devel@lists.fedoraproject.org
Sent: Tuesday, December 9, 2014 9:18:47 AM
Subject: Re: Workstation Product defaults to wide-open firewall
On 12/09/2014 08:50 AM, Richard Hughes wrote:
On 9 December 2014
Am 09.12.2014 um 15:57 schrieb Christian Schaller:
Well I think it is hard for anyone to guess what would be reasonable defaults
for
you specifically, any default is by its nature just targeting an generic
person, which might or might not be a lot like you.
But if you are aware and understand
On 12/09/2014 03:57 PM, Christian Schaller wrote:
- Original Message -
From: Brian Wheeler bdwhe...@indiana.edu
To: devel@lists.fedoraproject.org
Sent: Tuesday, December 9, 2014 9:18:47 AM
Subject: Re: Workstation Product defaults to wide-open firewall
On 12/09/2014 08:50 AM
- Original Message -
On Mon, 8 Dec 2014 05:45:56 -0500 (EST)
Bastien Nocera bnoc...@redhat.com wrote:
No, because that'd be awful UI.
Is it really so awful to ask a user:
Do you want to expose Eclipse to the network ? (of course worded in a
better way than my poor English
- Original Message -
On 12/09/2014 08:50 AM, Richard Hughes wrote:
On 9 December 2014 at 13:39, Michael Catanzaro mcatanz...@gnome.org wrote:
So your challenge is to find an alternative default that
supports it.
I'd go even further. I don't think the people writing the
- Original Message -
Hi,
I also thought that the whole points of having Zones etc, was so that
we could pick a different zone per network connection,
/me too.
so if I'm in the office or at home I can say use this zone, if I'm
at a coffee shop I can pick a different
On Di, 2014-12-09 at 08:16 -0500, Bastien Nocera wrote:
- Original Message -
On Tue, Dec 09, 2014 at 12:54:59PM +0100, Gerd Hoffmann wrote:
Why we can't have something like this? And if you don't want a popup
asking, have something in the NetworkManager applet menu, where
On Tue, 9 Dec 2014 10:09:07 -0500 (EST)
Bastien Nocera bnoc...@redhat.com wrote:
- Original Message -
On Mon, 8 Dec 2014 05:45:56 -0500 (EST)
Bastien Nocera bnoc...@redhat.com wrote:
No, because that'd be awful UI.
Is it really so awful to ask a user:
Do you want to
On Mon, 8 Dec 2014 05:45:56 -0500 (EST)
Bastien Nocera bnoc...@redhat.com wrote:
No, because that'd be awful UI.
Is it really so awful to ask a user:
Do you want to expose Eclipse to the network ? (of course worded in a
better way than my poor English skills can do).
I think users can
- Original Message -
From: Gerd Hoffmann kra...@redhat.com
To: Development discussions related to Fedora
devel@lists.fedoraproject.org
Sent: Tuesday, December 9, 2014 10:22:01 AM
Subject: Re: Workstation Product defaults to wide-open firewall
On Di, 2014-12-09 at 08:16 -0500
- Original Message -
On Tue, 9 Dec 2014 10:09:07 -0500 (EST)
Bastien Nocera bnoc...@redhat.com wrote:
- Original Message -
On Mon, 8 Dec 2014 05:45:56 -0500 (EST)
Bastien Nocera bnoc...@redhat.com wrote:
No, because that'd be awful UI.
Is it
On 12/09/2014 11:01 AM, Christian Schaller wrote:
- Original Message -
From: Gerd Hoffmann kra...@redhat.com
To: Development discussions related to Fedora devel@lists.fedoraproject.org
Sent: Tuesday, December 9, 2014 10:22:01 AM
Subject: Re: Workstation Product defaults to wide-open
- Original Message -
From: Reindl Harald h.rei...@thelounge.net
To: devel@lists.fedoraproject.org
Sent: Tuesday, December 9, 2014 10:04:46 AM
Subject: Re: Workstation Product defaults to wide-open firewall
Am 09.12.2014 um 15:57 schrieb Christian Schaller:
Well I think
Am 09.12.2014 um 16:40 schrieb Christian Schaller:
- Original Message -
From: Reindl Harald h.rei...@thelounge.net
To: devel@lists.fedoraproject.org
Sent: Tuesday, December 9, 2014 10:04:46 AM
Subject: Re: Workstation Product defaults to wide-open firewall
Am 09.12.2014 um 15:57
On 12/09/2014 10:11 AM, Bastien Nocera
wrote:
The defaults for the various products are "packaged" by zones. You just need
to change the firewalld zone to get whatever is the default on the server side.
Ok, so it's another item on my list of
Hi,
Side Note: For the latter we need to cleanup the zones though. There
are *way* to many to choose from, and the names suck big
time. WTF is a Fedora$product zone? And wasn't that
discussed before on this list? Why do we *still* have this
On 12/08/2014 06:41 PM, Reindl Harald wrote:
the security community is usually very clear:
* forbid as much as you can by default
* allow only what *really* is needed to get the work done
...and this is the tricky part---you want tightly defined functionality,
and other people want to install
On 9 December 2014 at 14:18, Brian Wheeler bdwhe...@indiana.edu wrote:
I also expect things to work with the minimum amount of fuss.
So do I! I'm a developer, which spin do I use so that the firewall
doesn't get in my way? We can't develop a *product* based around what
you specifically want, not
On Mon, Dec 8, 2014 at 11:59 PM, William B will...@firstyear.id.au wrote:
The true crux of this issue is the over complexity that firewalld has brought
to fedora, and the fact that a quality UI for managing it does not exist yet.
OSX solves this issue by having an on or off button, and a
On 12/09/2014 10:27 AM, Chris Murphy wrote:
On Mon, Dec 8, 2014 at 11:59 PM, William B will...@firstyear.id.au wrote:
The true crux of this issue is the over complexity that firewalld has
brought to fedora, and the fact that a quality UI for managing it does not
exist yet.
OSX solves
On Tue, Dec 9, 2014 at 2:08 AM, Nikos Mavrogiannopoulos n...@redhat.com wrote:
On Tue, 2014-12-09 at 17:29 +1030, William B wrote:
I just happened to look at the firewalld default settings, and I
was not amused when I noticed this:
On 9 December 2014 at 10:27, Chris Murphy li...@colorremedies.com wrote:
On Mon, Dec 8, 2014 at 11:59 PM, William B will...@firstyear.id.au
wrote:
The true crux of this issue is the over complexity that firewalld has
brought to fedora, and the fact that a quality UI for managing it does not
On 09/12/14 18:39, Stephen John Smoogen wrote:
On 9 December 2014 at 10:27, Chris Murphy li...@colorremedies.com
[cut]
OS X's firewall is disabled by default. Where's the outcry?
It was a long time ago and it basically caused it to have extra
configurations before it could be 'ok'd'
On 12/09/2014 11:46 AM, Richard Hughes
wrote:
I don't think it makes much sense for people to stamp their feet
saying "BUT I LIKED THE OLD WAY OF DOING THINGS" when the people
leading the workstation product have identified that the old way of
doing things
On 9 December 2014 at 10:46, Alec Leamas leamas.a...@gmail.com wrote:
On 09/12/14 18:39, Stephen John Smoogen wrote:
On 9 December 2014 at 10:27, Chris Murphy li...@colorremedies.com
[cut]
OS X's firewall is disabled by default. Where's the outcry?
It was a long time ago and it
On 09/12/14 18:53, Stephen John Smoogen wrote:
In the end, this is a tempest in a teapot. The release is out and it is
done. I don't like it, but my yelling and screaming and spitting in an
autistic rage did not fix it so its time to move on so that is what I am
going to do.
Amen
--alec
--
On Tue, 2014-12-09 at 10:19 -0500, Bastien Nocera wrote:
- Original Message -
Hi,
I also thought that the whole points of having Zones etc, was so that
we could pick a different zone per network connection,
/me too.
so if I'm in the office or at home I can say
On Dec 9, 2014 10:54 AM, Stephen John Smoogen smo...@gmail.com wrote:
On 9 December 2014 at 10:46, Alec Leamas leamas.a...@gmail.com wrote:
On 09/12/14 18:39, Stephen John Smoogen wrote:
On 9 December 2014 at 10:27, Chris Murphy li...@colorremedies.com
[cut]
OS X's firewall is
Richard Hughes wrote:
So do I! I'm a developer, which spin do I use so that the firewall
doesn't get in my way? We can't develop a *product* based around what
you specifically want, not me, nor anyone else on this list.
If you're a developer, surely you know what a port is and can make a few
Christian Schaller wrote:
I think the part of the sentence you probably missed was if you are aware
and understand the finer details here, because for anyone who doesn't
understand the finer details here you are suggesting we default the system
to 'broken'.
s/broken/secure/
Secure by default
Am 09.12.2014 um 19:13 schrieb Kevin Kofler:
Michael Catanzaro wrote:
The default for an invalid TLS certificate should be to fail, no
exceptions, since we know that a user clicking Yes is almost always
picking the wrong option.
Nonsense (and this is one of the reasons I hate Firefox). The
Brian Wheeler wrote:
Ok, so what product/spin am I supposed to use? I'm a RHEL sysadmin
but I use Fedora on my desktop laptop. I expect the firewall
to be on so when I evaluate a new piece of software or do a bit of
network development I don't inadvertently increase my
Przemek Klosowski wrote:
I think that we should start with the low hanging fruit and simplify the
firewall zones to two : a public, restricted one and a home/private with
more ports open; selected by user for each new interface.
Those 2 zones are basically what is defined now with that
Michael Catanzaro wrote:
The default for an invalid TLS certificate should be to fail, no
exceptions, since we know that a user clicking Yes is almost always
picking the wrong option.
Nonsense (and this is one of the reasons I hate Firefox). The right answer
for an invalid TLS certificate is
On Tue, Dec 09, 2014 at 11:16:54AM -0700, Pete Travis wrote:
But seriously, there's an implication in this thread that there will be
work happening to give stuff a path to ask for an open port. Where can we
follow along with that effort? Starting with, say, how I might change
`nikola
Am 09.12.2014 um 19:33 schrieb Chuck Anderson:
On Tue, Dec 09, 2014 at 11:16:54AM -0700, Pete Travis wrote:
But seriously, there's an implication in this thread that there will be
work happening to give stuff a path to ask for an open port. Where can we
follow along with that effort?
- Original Message -
Richard Hughes wrote:
So do I! I'm a developer, which spin do I use so that the firewall
doesn't get in my way? We can't develop a *product* based around what
you specifically want, not me, nor anyone else on this list.
If you're a developer, surely you
Am 09.12.2014 um 19:45 schrieb Bastien Nocera:
Richard Hughes wrote:
So do I! I'm a developer, which spin do I use so that the firewall
doesn't get in my way? We can't develop a *product* based around what
you specifically want, not me, nor anyone else on this list.
If you're a developer,
So, since I was accused of ignoring the main part of this mail, let's
answer it:
Stephen Gallagher wrote:
I think you're forgetting the core tenet of security: good security is
*always* layered.
But Workstation is basically removing the outer layer.
Also yes: I keep my irreplaceable and
On Dec 9, 2014 11:33 AM, Chuck Anderson c...@wpi.edu wrote:
On Tue, Dec 09, 2014 at 11:16:54AM -0700, Pete Travis wrote:
But seriously, there's an implication in this thread that there will be
work happening to give stuff a path to ask for an open port. Where can
we
follow along with that
On 9 December 2014 at 18:19, Kevin Kofler kevin.kof...@chello.at wrote:
If you're a developer, surely you know what a port is and can make a few
clicks in firewall-config or system-config-firewall to open it! A
developer who can't even figure that out is a HORRIBLE developer!
Yup, that's me. A
1 - 100 of 245 matches
Mail list logo
