At 9:55pm -0400 Tue, 17 Apr 2012, Mathieu Trudel-Lapierre wrote:
On Tue, Apr 17, 2012 at 6:48 AM, Jason Warner wrote:
Even so, we need those topics for 12.10 so when everyone gets a
chance, write them up and send them to the list so 1. we can get
UDS organized 2. wecan discuss the topic in the ML and 3. we can
start to shape 12.10and see where we'll be going with it.
Still networking-related for the desktop, I think we should discuss
firewalls and proxy again. Is there more work to be done for a better
integration of this? How can we get it to work properly? etc.
Please pardon me as a silly (power) end-user/poor
administrator/non-programmer who is lurking on this list: I can mention
some things that would be helpful to my experience, skill, and use-case:
1. Wireless Stability: In the laptop realm, I still regularly get
reports from my end-users of (and occasionally experience myself) either
temporary network loss, or a network condition "requiring a reboot".
I'm hoping it's Launchpad bug 548992, which claims to be fixed as of
March, but it has been plaguing our network and users for the last 3
years. In any event, it's beginning to rise on our priority list of issues.
2. When you say firewall, is this in relation to G/UFW? If so, then a
couple of suggestions:
- G/UFW: make certain actions usable by non-root users. Like the
status command. I have a few interested users on my network who
would just like to know the rules of their machines, and not have
to ascertain them via nmap <localhost|self_ip> or an email to me.
- GUI: immediate update when something changes via an external
measure, á là my command line tinkerings. The GUI is nice to have
for viewing the current status, but since it doesn't update, it's
minorly more cumbersome to type ufw status, or Alt+Tab, F5. This
would be handy if I need to iterate on the command line, as for
example when I'm debugging a random network issue. (i.e. It would
be handy to have an open window that automatically updates when a
change is made.)
- GUI: Add an (optional?) column for rule number, since the rule
numbers are referenced in a couple of places in the GUI.
- The ability to block or allow incoming and outgoing commication /per
program/. I gather from various conversations that this is not
possible b/c of lack of support from the kernel. However analogous
to what SELinux does in terms of "as much ability as warranted for
the job", it would be nice to only whitelist certain types of
conversation to certain programs. This is alluded to via the "ufw
allow CUPS" (for example), but as far as I'm aware, that's a mere
proxy for "allow port 631" rather than specifically 'cupsd'. I
wonder if some tie-in or communication with the init daemon would
be the ticket here?
- In a similar vein, it would be helpful if the log could be parsed
to a per-protocol and per-port information (as I believe it already
is), but with a filter for such. Major bonus points if it had a
PCRE (perhaps optional) interface, so that I could define the exact
match definition as sometimes multiple protocols are in the mix.
As it is, this is clearly low priority as I /can/ do this already,
just in the roundabout terminal method of pipes, greps, and such.
3. When connected to a network
- including the IP address in the mouseover text of the NM-applet
icon would be of use to me. I don't know how this will work given
the lack of mouseover capability in Unity ... but I digress. The
point is to have "quick, at-a-glance" access to basic informations,
(e.g. the IP address) without having to open yet another window.
- In concert with the above, the ability somehow copy to clipboard
then entire text of the connection information (as for getting
basic user info when they call in); perhaps a "copy-to-clipboard"
button, or allowing all fields to be simultaneously selected for
copy-and-paste.
- Another real-handy thing to have would be a "per-session" or
"until cable disconnects" feature, perhaps through NetworkManager
and nm-applet. There've been a number of situations where I'd've
liked to have set the (for example) DNS lookup only for "this"
session while I work on a client computer, and have it revert to
another setting at some event (e.g. logout/login, unplug the cable).
4. While IPv4 still reigns
- Having some indication -- either in the nm-applet icon or in the
connection information -- of if the network is in a non-routable
network, or is "fake" connected (i.e. has an IP address, but can't
actually talk to the world-wide internet, or perhaps some
configurable address). However, short of a ping test, the
immediate implementation to me is non-obvious. Regardless this
would be a "nice-to-have".
All-in-all, please take my above, err, ramblings as a sign of respect
for the work done so far. I'm admittedly not a programmer, and _maybe_
a weak administrator, but offer these as my mere 2c of what *I* would
find as helpful modifications to the various networking utilities of the
desktop.
Cheers,
Kevin
--
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
