- Original Message -
> From: "K Richard Pixley"
> To: "Development discussions related to Fedora"
>
> Sent: Friday, May 8, 2015 3:14:13 PM
> Subject: firewall-offline-cmd needs a --quiet option
>
> That's all I really have to say on this.
>
> I don't know where else to raise the issue
On Wed, 11 Sep 2013, Thomas Woerner wrote:
On 09/10/2013 10:07 PM, Peter Oliver wrote:
Now, if you're running a server and you install, say, Apache, I think
you expect to have to go and poke at the firewall config, but these seem
to be very desktop-focused features, and the UI provides no clue
On Fri, 2013-09-13 at 11:23 +0300, Oron Peled wrote:
> On Friday 13 September 2013 01:51:00 drago01 wrote:
> > On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled wrote:
> > >- This means that any privileged service controlled by GUI client (e.g:
> > > NetworkManager) is still only as secure as i
On Fri, Sep 13, 2013 at 10:23 AM, Oron Peled wrote:
>
> On Friday 13 September 2013 01:51:00 drago01 wrote:
>> On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled wrote:
>> >- This means that any privileged service controlled by GUI client (e.g:
>> > NetworkManager) is still only as secure as it
On Friday 13 September 2013 01:51:00 drago01 wrote:
> On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled wrote:
> >- This means that any privileged service controlled by GUI client (e.g:
> > NetworkManager) is still only as secure as it's controller (e.g:
> > nm-applet).
> This is wrong. T
On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled wrote:
>- This means that any privileged service controlled by GUI client (e.g:
> NetworkManager) is still only as secure as it's controller (e.g:
> nm-applet).
This is wrong. That's not how "controlling the service" works.
--
devel mailing
On Thursday 12 September 2013 09:23:13 Colin Walters wrote:
> On Thu, 2013-09-12 at 10:01 +0300, Oron Peled wrote:
> > * From pid you can find the real executable (/proc/pid/cmd).
>
> And this is the step that's worthless:
>
> https://bugzilla.gnome.org/show_bug.cgi?id=533493
Thanks, that was
Am 12.09.2013 08:25, schrieb Pierre-Yves Chibon:
>> Application should request the ports to be opened and the firewalld
>> layer should then confirm with the user stating which ports and
>> which app requested said ports. The app can't lie if the firewall
>> layer is the one asking for confirmati
Am 11.09.2013 23:18, schrieb Mateusz Marzantowicz:
> On 11.09.2013 17:24, Daniel J Walsh wrote:
>> On 09/11/2013 09:18 AM, Reindl Harald wrote:
The problem with this solution is potential conflicts in port numbers and
pps that just use random ports (Which I think should just not be allo
On Thu, 2013-09-12 at 10:01 +0300, Oron Peled wrote:
> * From pid you can find the real executable (/proc/pid/cmd).
And this is the step that's worthless:
https://bugzilla.gnome.org/show_bug.cgi?id=533493
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/m
On Thursday 12 September 2013 08:25:21 Pierre-Yves Chibon wrote:
> > Application should request the ports to be opened and the firewalld
> > layer should then confirm with the user stating which ports and
> > which app requested said ports. The app can't lie if the firewall
> > layer is the one a
> Application should request the ports to be opened and the firewalld
> layer should then confirm with the user stating which ports and
> which app requested said ports. The app can't lie if the firewall
> layer is the one asking for confirmation.
But a malicious app can pretend to be another one
Am 10.09.2013 23:38, schrieb Heiko Adams:
> Am 10.09.2013 23:11, schrieb Reindl Harald:
>
>>> AFAIR the samba client port is also blocked by default which makes it
>>> impossible to share files with windows machines
>>
>> what is a samba *client* port?
> It's port 137 and 138 UDP
mhh - and why
Am 11.09.2013 04:17, schrieb Ankur Sinha:
> On Wed, 2013-09-11 at 00:01 +0200, Alec Leamas wrote:
>> Nobody questions this. Thie issue in this thread is if we could find
>> ways to make it simpler to enable these services.
>
> Last I checked, the bugs already spoke about giving utilities the
>
Am 11.09.2013 12:02, schrieb Nicolas Mailhot:
> Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
>> On 2013-09-11 11:11, Heiko Adams wrote:
>>> Am 11.09.2013 10:41, schrieb Ankur Sinha:
- These software inform and take permission from the user before
opening
ports in the firewal
Am 11.09.2013 00:01, schrieb Alec Leamas:
> On 2013-09-10 23:11, Reindl Harald wrote:
>>
>> Am 10.09.2013 22:58, schrieb Heiko Adams:
>>> Am 10.09.2013 22:07, schrieb Peter Oliver:
Empathy's "People Nearby" feature doesn't work out of the box because
the required ports are blocked by de
On Wed, 2013-09-11 at 23:18 +0200, Mateusz Marzantowicz wrote:
> On 11.09.2013 17:24, Daniel J Walsh wrote:
> > On 09/11/2013 09:18 AM, Reindl Harald wrote:
> >
> >
> >> Am 11.09.2013 15:05, schrieb Daniel J Walsh:
> >>> On 09/11/2013 08:56 AM, Alec Leamas wrote:
> Although this would work f
On 11.09.2013 17:24, Daniel J Walsh wrote:
> On 09/11/2013 09:18 AM, Reindl Harald wrote:
>
>
>> Am 11.09.2013 15:05, schrieb Daniel J Walsh:
>>> On 09/11/2013 08:56 AM, Alec Leamas wrote:
Although this would work for both our wifes I'd hate it myself. There
need to be some way in the
Am 11.09.2013 15:05, schrieb Daniel J Walsh:
> On 09/11/2013 08:56 AM, Alec Leamas wrote:
>> Although this would work for both our wifes I'd hate it myself. There need
>> to be some way in the interface to understand what's *really* going on
>> here, the ports opened, triggers etc. But not unles
On 09/10/2013 10:07 PM, Peter Oliver wrote:
Empathy's "People Nearby" feature doesn't work out of the box because
the required ports are blocked by default by the firewall
(https://bugzilla.redhat.com/show_bug.cgi?id=844308). It's a similar
story with Gnome's "Media Sharing" feature, and I'm sur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 09:18 AM, Reindl Harald wrote:
>
>
> Am 11.09.2013 15:05, schrieb Daniel J Walsh:
>> On 09/11/2013 08:56 AM, Alec Leamas wrote:
>>> Although this would work for both our wifes I'd hate it myself. There
>>> need to be some way in the in
On 09/11/2013 10:59 AM, Ankur Sinha wrote:
- The software*must* inform the user and take permission before opening
ports.
Hmm, can you use this feature?:
https://lists.fedoraproject.org/pipermail/devel/2013-July/186797.html
I.e. you will write script, which will ask admin and open the port.
A
On 09/11/2013 06:30 AM, Alec Leamas wrote:
On 2013-09-11 12:02, Nicolas Mailhot wrote:
Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
On 2013-09-11 11:11, Heiko Adams wrote:
Am 11.09.2013 10:41, schrieb Ankur Sinha:
- These software inform and take permission from the user before
openi
On 2013-09-11 15:41, Ralf Corsepius wrote:
On 09/11/2013 03:32 PM, Alec Leamas wrote:
On 2013-09-11 15:20, Ralf Corsepius wrote:
On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Asking her "Do you want to make security changes to share directory
/home/phyllis
On 09/11/2013 03:32 PM, Alec Leamas wrote:
On 2013-09-11 15:20, Ralf Corsepius wrote:
On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Asking her "Do you want to make security changes to share directory
/home/phyllis/Share?" Or
Do you want to make security c
On 2013-09-11 15:20, Ralf Corsepius wrote:
On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 06:35 AM, Heiko Adams wrote:
Am 11.09.2013 12:30, schrieb Alec Leamas:
That said, I see your point. Seems to boil down to that only the
applic
On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 06:35 AM, Heiko Adams wrote:
Am 11.09.2013 12:30, schrieb Alec Leamas:
That said, I see your point. Seems to boil down to that only the
application knows which port(s) to open and why,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 08:56 AM, Alec Leamas wrote:
> On 2013-09-11 14:46, Daniel J Walsh wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>
>> On 09/11/2013 06:35 AM, Heiko Adams wrote:
>>> Am 11.09.2013 12:30, schrieb Alec Leamas:
That said, I s
On 2013-09-11 14:46, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 06:35 AM, Heiko Adams wrote:
Am 11.09.2013 12:30, schrieb Alec Leamas:
That said, I see your point. Seems to boil down to that only the
application knows which port(s) to open and why, wher
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 06:35 AM, Heiko Adams wrote:
> Am 11.09.2013 12:30, schrieb Alec Leamas:
>>
>> That said, I see your point. Seems to boil down to that only the
>> application knows which port(s) to open and why, whereas only the
>> firewall can guar
Am 11.09.2013 12:30, schrieb Alec Leamas:
>
> That said, I see your point. Seems to boil down to that only the
> application knows which port(s) to open and why, whereas only the
> firewall can guarantee that it actually opens the ports requested by
> user instead of something else.
>
So the a
On 2013-09-11 12:02, Nicolas Mailhot wrote:
Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
On 2013-09-11 11:11, Heiko Adams wrote:
Am 11.09.2013 10:41, schrieb Ankur Sinha:
- These software inform and take permission from the user before
opening
ports in the firewall.
IMHO it should be
Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
> On 2013-09-11 11:11, Heiko Adams wrote:
>> Am 11.09.2013 10:41, schrieb Ankur Sinha:
>>> - These software inform and take permission from the user before
>>> opening
>>> ports in the firewall.
>> IMHO it should be the job of the firewall to i
On 2013-09-11 11:11, Heiko Adams wrote:
Am 11.09.2013 10:41, schrieb Ankur Sinha:
- These software inform and take permission from the user before opening
ports in the firewall.
IMHO it should be the job of the firewall to inform the user about an
application that want's to open one or more por
Am 11.09.2013 10:41, schrieb Ankur Sinha:
>
> - These software inform and take permission from the user before opening
> ports in the firewall.
IMHO it should be the job of the firewall to inform the user about an
application that want's to open one or more ports and ask for permission
to open t
On Wed, 2013-09-11 at 18:41 +1000, Ankur Sinha wrote:
> - These software inform and take permission from the user before
> opening
> ports in the firewall.
In light of the parallel discussion on "too many password prompts", as
pointed out by Bochecha, I'd like to clarify:
- The software *must* in
On Wed, 2013-09-11 at 10:04 +0200, Reindl Harald wrote:
> and who controls for sure that bad software does not the same?
The source of all this software is available to be looked at. So really,
you can verify that only the required ports are opened up.
> *nobody* and *nothing* has to punch holes
On Wed, 2013-09-11 at 00:01 +0200, Alec Leamas wrote:
> Nobody questions this. Thie issue in this thread is if we could find
> ways to make it simpler to enable these services.
Last I checked, the bugs already spoke about giving utilities the
ability to punch holes in the firewall and then close
On 2013-09-10 23:11, Reindl Harald wrote:
Am 10.09.2013 22:58, schrieb Heiko Adams:
Am 10.09.2013 22:07, schrieb Peter Oliver:
Empathy's "People Nearby" feature doesn't work out of the box because
the required ports are blocked by default by the firewall
(https://bugzilla.redhat.com/show_bug.c
Am 10.09.2013 22:07, schrieb Peter Oliver:
> Empathy's "People Nearby" feature doesn't work out of the box because
> the required ports are blocked by default by the firewall
> (https://bugzilla.redhat.com/show_bug.cgi?id=844308). It's a similar
> story with Gnome's "Media Sharing" feature, and I'
Am 10.09.2013 22:58, schrieb Heiko Adams:
> Am 10.09.2013 22:07, schrieb Peter Oliver:
>> Empathy's "People Nearby" feature doesn't work out of the box because
>> the required ports are blocked by default by the firewall
>> (https://bugzilla.redhat.com/show_bug.cgi?id=844308). It's a similar
>>
On Thu, 2011-01-06 at 18:29 -0500, seth vidal wrote:
> On Tue, 2010-12-07 at 11:19 -0500, Matthias Clasen wrote:
> > On Mon, 2010-12-06 at 14:56 -0500, seth vidal wrote:
> >
> > >
> > > ah, printing.
> > >
> > > Is there anything that's not last century?
> > >
> >
> > So you are trying to def
On Thu, 2011-01-06 at 18:29 -0500, seth vidal wrote:
> On Tue, 2010-12-07 at 11:19 -0500, Matthias Clasen wrote:
> > On Mon, 2010-12-06 at 14:56 -0500, seth vidal wrote:
> >
> > >
> > > ah, printing.
> > >
> > > Is there anything that's not last century?
> > >
> >
> > So you are trying to def
On Tue, 2010-12-07 at 11:19 -0500, Matthias Clasen wrote:
> On Mon, 2010-12-06 at 14:56 -0500, seth vidal wrote:
>
> >
> > ah, printing.
> >
> > Is there anything that's not last century?
> >
>
> So you are trying to defend the last-century firewall technology by
> calling everything that wan
On Mon, 2010-12-06 at 14:56 -0500, seth vidal wrote:
>
> ah, printing.
>
> Is there anything that's not last century?
>
So you are trying to defend the last-century firewall technology by
calling everything that wants to share data last century ?
That seems not the most constructive attitud
Monday Jeff Raber said:
> On 12/09/2010 09:00 PM, Curtis Doty wrote:
>> Why must statefull connection tracking be imposed on every Fedora user?
>>
>> Don't get me wrong. I use netfilter all the time and love it. And it's
>> good to install the userland iptables tools and a simple firewall by
>> de
On 12/09/2010 09:00 PM, Curtis Doty wrote:
> Why must statefull connection tracking be imposed on every Fedora user?
>
> Don't get me wrong. I use netfilter all the time and love it. And it's
> good to install the userland iptables tools and a simple firewall by
> default. But when I'd like to ch
2010/12/10 Kevin Kofler :
> seth vidal wrote:
>> ah, printing.
>>
>> Is there anything that's not last century?
>
> Uh, you'd be surprised how much many users out there in the real world still
> print!
>
In these days I've been printing 2+ pages, all of them different,
and I do it in a network
seth vidal wrote:
> ah, printing.
>
> Is there anything that's not last century?
Uh, you'd be surprised how much many users out there in the real world still
print!
Sure, I don't use my printer much anymore, and there might even be people
not printing anything at all anymore, you might be one
seth vidal wrote:
> what network games?
> Heck, what network games do we HAVE?
Wesnoth!
And a few others, too.
Kevin Kofler
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Chris Adams wrote:
> Congrats, you have re-invented UPnP, although a local-only version
> maybe (not that I think that is necessarily a bad thing).
Hmmm, indeed, KDE is moving towards using UPnP for more and more things,
it'd be nice if it were used throughout Fedora, or at least supported by
wh
On 12/10/2010 04:00 AM, Curtis Doty wrote:
> Yesterday Miloslav Trma said:
>
>> Curtis Doty píÿÿe v St 08. 12. 2010 v 01:02 -0800:
>>> Monday Miloslav Trma said:
>>>
Just disable the firewall and you'll get pretty much equivalent
functionality.
>>>
>>> How? Now that the filter table and s
Yesterday Miloslav Trma said:
Curtis Doty píÿÿe v St 08. 12. 2010 v 01:02 -0800:
Monday Miloslav Trma said:
Just disable the firewall and you'll get pretty much equivalent
functionality.
How? Now that the filter table and stateful connection tracking, aren't
modules anymore. They now appear
On Tue, 2010-12-07 at 11:18 -0500, Matthew Miller wrote:
> Is there a compelling reason for this not to be:
>
> - cups snmp backend says to "the firewall", "hey, please allow
> responses on this port I've got"
> - cups snmp backend listens for responses until timeout
> - cups snmp backend says t
Curtis Doty píše v St 08. 12. 2010 v 01:02 -0800:
> Monday Miloslav Trma said:
>
> > Just disable the firewall and you'll get pretty much equivalent
> > functionality.
>
> How? Now that the filter table and stateful connection tracking, aren't
> modules anymore. They now appear to be built monol
On Wed, Dec 08, 2010 at 03:53:34AM +0100, Matej Cepl wrote:
> Dne 7.12.2010 22:30, Richard W.M. Jones napsal(a):
> > The issue we face with libvirt is it needs to be able to add extra
> > rules to the existing firewall, and have those rules added in the
> > right place, and preserved across firewal
Monday Miloslav Trma said:
> Just disable the firewall and you'll get pretty much equivalent
> functionality.
How? Now that the filter table and stateful connection tracking, aren't
modules anymore. They now appear to be built monolithic into the Fedora
kernel.
../C
--
devel mailing list
dev
Dne 7.12.2010 22:30, Richard W.M. Jones napsal(a):
> The issue we face with libvirt is it needs to be able to add extra
> rules to the existing firewall, and have those rules added in the
> right place, and preserved across firewall restarts, reboots and so
> on. There are other services which nee
On Mon, 2010-12-06 at 14:53 -0500, Bill Nottingham wrote:
> > One thing is e.g notifications to users when some service/app requests
> > to open a port. First version won't have network zones yet, but he and
> > Dan Williams are working on that for the next generation which will then
> > basica
On Tue, Dec 07, 2010 at 08:16:11PM +0100, Matej Cepl wrote:
> Dne 7.12.2010 19:57, Stephen John Smoogen napsal(a):
> > Or something like that. I do remember a lot of over-engineering and
> > then a very simple it does this from Alan. And I remember a lot of
> > issues we were having with customers
On Mon, Dec 06, 2010 at 09:01:26PM +0100, Tomasz Torcz wrote:
> Yeah, general discovery. From the top of my head:
> - Pulseaudio sinks and sources
> - libvirt instances for virt-manager
> - VNC desktops for Vinagre
> - local web pages (think SOHO router config page) for zeroconf
> enabled Web
Dne 7.12.2010 19:57, Stephen John Smoogen napsal(a):
> Or something like that. I do remember a lot of over-engineering and
> then a very simple it does this from Alan. And I remember a lot of
> issues we were having with customers going away after having them run
> it.
There is something weird abo
On Tue, Dec 7, 2010 at 09:24, Jesse Keating wrote:
> On 12/07/2010 08:03 AM, Richard W.M. Jones wrote:
>> There's also more to life than TCP ports. UDP ports, ICMP, other
>> protocols, other unrecognized protocols, packets containing completely
>> random stuff ... Having a firewall that lets thr
On 12/07/2010 08:03 AM, Richard W.M. Jones wrote:
> There's also more to life than TCP ports. UDP ports, ICMP, other
> protocols, other unrecognized protocols, packets containing completely
> random stuff ... Having a firewall that lets through every TCP port
> does still give you protection from
On Tue, 2010-12-07 at 11:12 -0500, seth vidal wrote:
>
> dude, read to the end of the thread. I walked away - I conceded the
> point about disabling the firewall.
Sorry, sent too early (and twice, to add insult to injury).
Anyway, to put a more positive note on this, I'm looking forward to
On Mon, 2010-12-06 at 14:56 -0500, seth vidal wrote:
>
> ah, printing.
>
> Is there anything that's not last century?
>
So you are trying to defend the last-century firewall technology by
calling everything that wants to share data last century ?
That seems not the most constructive attitud
On Tue, Dec 07, 2010 at 09:50:22AM +, Tim Waugh wrote:
> If the CUPS snmp backend could say to "the firewall", "hey, please allow
> responses on this port I've got for the next few seconds" -- which can
> be controlled using PolicyKit -- then this network discovery would
> finally work.
Is the
On Tue, 2010-12-07 at 11:10 -0500, Matthias Clasen wrote:
> On Mon, 2010-12-06 at 14:56 -0500, seth vidal wrote:
>
> >
> > ah, printing.
> >
> > Is there anything that's not last century?
> >
>
> So you are trying to defend the last-century firewall technology by
> calling everything that wan
On Mon, 2010-12-06 at 14:56 -0500, seth vidal wrote:
>
> ah, printing.
>
> Is there anything that's not last century?
>
So you are trying to defend the last-century firewall technology by
calling everything that wants to share data last century ?
That seems not the most constructive attitud
On Mon, Dec 06, 2010 at 03:25:30PM -0800, Jesse Keating wrote:
> On 12/06/2010 12:18 PM, Tom Lane wrote:
> > Jesse Keating writes:
> >> The argument of default firewall or not would probably quiet down quite
> >> a bit if we had any sort of decent UI to help users get the firewall out
> >> of thei
On Tue, Dec 07, 2010 at 08:44:02AM +0100, Matej Cepl wrote:
> Dne 7.12.2010 00:21, Jesse Keating napsal(a):
> > Actually bittorrents that have upnp work. Routers I've seen come
> > pre-configured to allow upnp, so an app on a computer, or a game
> > console, sends out a upnp request to open up/for
On 12/07/2010 04:28 PM, Richard W.M. Jones wrote:
> On Tue, Dec 07, 2010 at 09:50:22AM +, Tim Waugh wrote:
>> On Mon, 2010-12-06 at 21:50 +, Richard W.M. Jones wrote:
>>> Still not seeing how /etc/iptables.d wouldn't work ...
>>
>> Here is how:
>>
>> When I ask CUPS for a list of network pr
On Tue, Dec 07, 2010 at 09:50:22AM +, Tim Waugh wrote:
> On Mon, 2010-12-06 at 21:50 +, Richard W.M. Jones wrote:
> > Still not seeing how /etc/iptables.d wouldn't work ...
>
> Here is how:
>
> When I ask CUPS for a list of network printers, it runs the backends
> in /usr/lib/cups/backend
Once upon a time, Bill Nottingham said:
> Chris Adams (cmad...@hiwaay.net) said:
> > > a) binds to a local unprivileged UDP port
> > > b) sends a broadcast SNMP request
> > > c) listens for (unicast) responses to that request
> > >
> > > We don't hear any of those responses because they are not
Chris Adams (cmad...@hiwaay.net) said:
> > a) binds to a local unprivileged UDP port
> > b) sends a broadcast SNMP request
> > c) listens for (unicast) responses to that request
> >
> > We don't hear any of those responses because they are not recognised as
> > "related" by the kernel. The iptab
Once upon a time, Tim Waugh said:
> When I ask CUPS for a list of network printers, it runs the backends
> in /usr/lib/cups/backend. One of those is /usr/lib/cups/backend/snmp,
> which:
>
> a) binds to a local unprivileged UDP port
> b) sends a broadcast SNMP request
> c) listens for (unicast) r
On 12/07/2010 02:41 AM, Matej Cepl wrote:
> Dne 7.12.2010 04:50, Genes MailLists napsal(a):
>> * Will fedora bring app-armor (and GUI's tools perhaps) as an selinux
>> partner for f15 now that its accepted in upstream kernel too ?
>
> Gosh, I hope not, but I have my doubts.
>
> Matěj
>
Oh w
On Mon, Dec 06, 2010 at 11:00:53AM -0800, Jesse Keating wrote:
> On 12/06/2010 10:07 AM, Miloslav Trmač wrote:
> > Richard W.M. Jones píše v Po 06. 12. 2010 v 18:04 +:
> >> On Mon, Dec 06, 2010 at 11:04:39AM -0500, Matt McCutchen wrote:
> >>> On Mon, 2010-12-06 at 10:54 +0100, Michał Piotrowski
On Mon, 2010-12-06 at 21:50 +, Richard W.M. Jones wrote:
> Still not seeing how /etc/iptables.d wouldn't work ...
Here is how:
When I ask CUPS for a list of network printers, it runs the backends
in /usr/lib/cups/backend. One of those is /usr/lib/cups/backend/snmp,
which:
a) binds to a loca
Dne 7.12.2010 00:21, Jesse Keating napsal(a):
> Actually bittorrents that have upnp work. Routers I've seen come
> pre-configured to allow upnp, so an app on a computer, or a game
> console, sends out a upnp request to open up/forward a port and the
> router complies.
And I really hope this will
Dne 7.12.2010 04:50, Genes MailLists napsal(a):
> * Will fedora bring app-armor (and GUI's tools perhaps) as an selinux
> partner for f15 now that its accepted in upstream kernel too ?
Gosh, I hope not, but I have my doubts.
Matěj
--
devel mailing list
devel@lists.fedoraproject.org
https://ad
On 12/06/2010 06:40 PM, seth vidal wrote:
> On Mon, 2010-12-06 at 16:10 -0700, Orion Poplawski wrote:
>
>> But once we're talking about OVERWHELMINGLY LARGE NUMBER OF SERVER INSTALLS,
>> aren't we also talking about kickstart and other automated management tools
>> with which configuring things
On Mon, Dec 6, 2010 at 19:10, Chris Adams wrote:
> Once upon a time, Adam Williamson said:
>> I use it as a safety net for much this reason. I am not comfortable with
>> 100% guaranteeing that 'helpful' services we install by default like
>> Avahi are not doing things I really wouldn't want them
On Mon, 2010-12-06 at 21:31 -0500, seth vidal wrote:
> > That's not the question you asked. You asked what the use cases of Avahi
> > are, and people told you. You can't ask a question, get a bunch of very
> > good answers to it, and then say 'but those answers don't address this
> > different con
On Mon, 2010-12-06 at 18:23 -0800, Adam Williamson wrote:
> On Mon, 2010-12-06 at 18:04 -0500, seth vidal wrote:
> > On Mon, 2010-12-06 at 17:54 -0500, Adam Jackson wrote:
> >
> > > And every time I do, I think "there's no reason it needs to be this
> > > hard". All I want to do is make movies on
On Mon, 2010-12-06 at 18:07 -0800, Jesse Keating wrote:
> On 12/06/2010 06:04 PM, Adam Williamson wrote:
> > On Mon, 2010-12-06 at 19:05 +, Daniel P. Berrange wrote:
> >
> >> The other benefit would be if the user only intended the
> >> service to be accessible to localhost, or a UNIX domain
>
On Mon, 2010-12-06 at 18:04 -0500, seth vidal wrote:
> On Mon, 2010-12-06 at 17:54 -0500, Adam Jackson wrote:
>
> > And every time I do, I think "there's no reason it needs to be this
> > hard". All I want to do is make movies on my hard drive visible to my
> > PS3. Why is this harder than click
On Mon, 2010-12-06 at 15:06 -0500, seth vidal wrote:
> > Yeah, general discovery. From the top of my head:
> > - Pulseaudio sinks and sources
> > - libvirt instances for virt-manager
> > - VNC desktops for Vinagre
> > - local web pages (think SOHO router config page) for zeroconf
> > enabled
On Mon, 2010-12-06 at 14:53 -0500, seth vidal wrote:
> what are the use cases of zeroconf-enabled apps that we're targetting?
GNOME uses avahi to find other linux systems on the local network it can
browse via scp.
(well, it's supposed to. this hasn't worked for me for a while, though
it seems t
Once upon a time, Adam Williamson said:
> I use it as a safety net for much this reason. I am not comfortable with
> 100% guaranteeing that 'helpful' services we install by default like
> Avahi are not doing things I really wouldn't want them to do when I
> connect to some open wifi network.
So,
On 12/06/2010 06:04 PM, Adam Williamson wrote:
> On Mon, 2010-12-06 at 19:05 +, Daniel P. Berrange wrote:
>
>> The other benefit would be if the user only intended the
>> service to be accessible to localhost, or a UNIX domain
>> socket but for some reason screwed up their service's
>> config
On Mon, 2010-12-06 at 19:05 +, Daniel P. Berrange wrote:
> The other benefit would be if the user only intended the
> service to be accessible to localhost, or a UNIX domain
> socket but for some reason screwed up their service's
> config & opened it to the world.
I use it as a safety net for
On 12/06/2010 03:42 PM, Stephen John Smoogen wrote:
> Ports that you don't know are open to the network but are somehow available.
>
> Let us put this conversation slightly different... how many of us
> remember password-less package install? It all sounded like a good
> idea with people who are g
On Mon, Dec 6, 2010 at 16:25, Jesse Keating wrote:
> On 12/06/2010 12:18 PM, Tom Lane wrote:
>> Jesse Keating writes:
>>> The argument of default firewall or not would probably quiet down quite
>>> a bit if we had any sort of decent UI to help users get the firewall out
>>> of their way when they
On Mon, 2010-12-06 at 16:10 -0700, Orion Poplawski wrote:
> But once we're talking about OVERWHELMINGLY LARGE NUMBER OF SERVER INSTALLS,
> aren't we also talking about kickstart and other automated management tools
> with which configuring things away from their default values is a standard
> a
On 12/06/2010 12:18 PM, Tom Lane wrote:
> Jesse Keating writes:
>> The argument of default firewall or not would probably quiet down quite
>> a bit if we had any sort of decent UI to help users get the firewall out
>> of their way when they're really trying to do something.
>
> +1. In today's en
On 12/06/2010 11:53 AM, seth vidal wrote:
> On Mon, 2010-12-06 at 11:48 -0800, Jesse Keating wrote:
>> Bittorrent, network games, zero conf come to mind.
>>
>
> Bittorrent won't work through many/most wireless routers unless they are
> not natted and/or not explicitly configured.
Actually bittorr
On 12/06/2010 04:04 PM, seth vidal wrote:
> On Mon, 2010-12-06 at 17:54 -0500, Adam Jackson wrote:
>
>> And every time I do, I think "there's no reason it needs to be this
>> hard". All I want to do is make movies on my hard drive visible to my
>> PS3. Why is this harder than clicking "share"? A
On Mon, 2010-12-06 at 17:54 -0500, Adam Jackson wrote:
> And every time I do, I think "there's no reason it needs to be this
> hard". All I want to do is make movies on my hard drive visible to my
> PS3. Why is this harder than clicking "share"? All I want to do is
> plug the NAS drive I just b
On Mon, 2010-12-06 at 15:06 -0500, seth vidal wrote:
> On Mon, 2010-12-06 at 21:01 +0100, Tomasz Torcz wrote:
> > Yeah, general discovery. From the top of my head:
> > - Pulseaudio sinks and sources
> > - libvirt instances for virt-manager
> > - VNC desktops for Vinagre
> > - local web pages (t
1 - 100 of 156 matches
Mail list logo
