can we find a solution to bug #820895 (show Process Name in log files) (imaginative solution/description presented)?
nrundy at hotmail.com
Wed Feb 8 18:10:21 UTC 2012
The Network-Enhancement-Spec does NOT solve the problem of IPTables no longer supporting rules by executables.
">>>>>Is blocking outgoing connections at all useful enough to show at the top level like this? = user
is not in a position to make an informed decision on whether the
application should go onto the internet (so much of the desktop reaches
out to the internet)<<<<<"
-this is hogwash. How can the user not be in a position to make an informed decision? He is the user of the machine! Plus I might add that "so much of the desktop reaches out to the internet" UNNECASSARILY. If I want to play an MP3 music file stored on my harddrive and open my Music Player application to accomplish this, why does my Music Player application need to connect to the internet? It may indeed have "valid" reasons for connecting (e.g., trying to download album art or something), but it shouldn't HAVE to in order to play a music file (i.e., the user should be able to reconfigure it so it doesn't connect). If the user of the machine does not want the Music Player connecting to the internet when he plays an MP3 file stored on his harddrive, he/she should 1.)be able to discover/learn that this connection behavior is happening (without having to stare at a terminal window every time he deals with an application) and 2.)be able to stop/change the behavior (e.g., via reconfiguring the Music Player application itself or configuring some "third party" app like an application firewall to block it). Outgoing filtering allows both of these desirables to be met. It provides privacy and security: it apprises users of connections & gives them control over connections. Users gain knowledge & control over the comings and goings of their machine. It is an IMPORTANT capability for computer users nowadays to know the comings and goings of their machine. And to be able to LOG the internet connection behavior of applications on their machine. Ubuntu cannot (currently) perform these actions. There are tools like netstat etc but you have to literally watch them every second. If something happens and you miss it, you're out of luck.
One of the key criteria I use to base my decisions of which applications (e.g., Music player) to install on my box is their internet connection behavior. An application like VLC video player is very respectful of user's privacy. It does not make unnecessary internet connections and the ones it does make are fully configurable within the application itself. This is not the case for many other Video/Podcast/Music players. How do I know this? Because I installed the apps on a Windows machine and observed their behavior via a Windows application firewall. With an application firewall, I am informed whenever the application trys to connect to the internet OR a log can be generated that logs the internet connection attempts by an application. Ubuntu needs to provide its users a method for observing the same behavior. If not with an application firewall, then by some other means (e.g., with a GUI wrapper for apparmor & IPtables). Many Mac & Windows users speak of an application firewall. I believe this is because such an app allows them to solve these problems when using Mac & Windows. If Ubuntu doesn't want an application firewall, create something else to solve the problem (e.g., with a GUI wrapper for apparmor & IPtables).
> Date: Wed, 8 Feb 2012 18:04:58 +0100
> Subject: Re: can we find a solution to bug #820895 (show Process Name in log files) (imaginative solution/description presented)?
> From: adam at biznes.linux.pl
> To: nrundy at hotmail.com
> 08.02.2012, HSO <adam at biznes.linux.pl> napisał(a):
> > https://wiki.ubuntu.com/Networking#Firewall
> > --
> > "powiedz mi, a zapomnę, pokaż -- a zapamiętam, pozwól mi działać, a
> > zrozumiem!"
> > niebezpiecznik.pl
> "powiedz mi, a zapomnę, pokaż -- a zapamiętam, pozwól mi działać, a zrozumiem!"
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ubuntu-devel-discuss