can we find a solution to bug #820895 (show Process Name in log files)?

Thu Jan 26 20:51:38 UTC 2012

Nick, the package is called "acct" all by itself.
IMHO it will not solve the problem you are facing. I have tried it and it is not "user-friendly" compared to what you are used to. I have watched numerous people go back to Windows largely because of user frustration/inability to discover/control what applications can and cannot internet connect.  I remember reading one review of ubuntu where the reviewer hooked up some friends with 11.04 to get their opinions. One of the things the friends complained about was only having control of ports (and not applications) in the firewall. I could have swore it was at tomshardware.com. I've searched but can't find the review. It was back around the time 11.04 came out. 
The way Linux deals with applications and internet connections has not evolved to a consumer-desktop-level. In an age where privacy and security are very important, it's going to need to address this to gain more users. I was sad to see Bug 820895 marked as Won't Fix.

I personally tried to get my friend to start using ubuntu. But he grew frustrated with no application firewall capabilities. He posted in the ubuntu-forums on the issue and it generated a long discussion but ultimately turned into a big mess where lots of ubuntu users were calling him an idiot and saying that Windows uses an application firewall because Windows sucks. The thread was closed and my friend went back to Windows feeling like ubuntu is only for programmers and everyone that uses Ubuntu thinks he's stupid cause he wanted an application firewall.

From: nrundy at hotmail.com
To: psusi at ubuntu.com; ubuntu-devel-discuss at lists.ubuntu.com
Subject: RE: can we find a solution to bug #820895 (show Process Name in log	files)?
Date: Thu, 26 Jan 2012 10:16:22 -0500

Philip, thanks for your reply. I greatly appreciate it. You said,

>>>If you don't like the connections a program makes, then configure it not
 to do so.  If you can't do that, then don't run such a bad program.>>>

This is what I'm trying to do on Ubuntu! :)   if I can't log the process name, How do I learn what connections a program is making so that I can configure that program to not make those connections? You see the problem? 

For over a year I have been struggling (on Ubuntu) with a way to identify the connections programs are making so that I can do what you say: configure it not to make those connections or to uninstall the program if I deem it a "bad program." This is a non-issue on Microsoft Windows because I can easily identify connections programs are making and I can KNOW the comings and goings on my computer as it is all logged with Application Name in the firewall log. One of the criteria I use to select which applications I install and run is "internet connection behavior." It has been very difficult selecting applications I prefer in Ubuntu because I am forced to sit and watch netstat while trying to accomplish things. What I have ended up doing is (when available) installing the same program on Windows, study the firewall log in Windows and then deeming it a "good" or "bad" program for use in Ubuntu. So I am still seeking a solution on Ubuntu. If there's some other way to accomplish what I'm after (than using a Firewall Log), I will use it. But I have yet to find as reasonable a solution on Ubuntu. As others have remarked in forums etc, this is becoming an increasing priority in order to manage Mobile Broadband internet connection usage as the accounts come with bandwidth caps where users are charged a lot of extra money if they exceeds the caps.

I will investigate using acct package, is this the name ("acct" or "acct package") I should search for in Synaptic? I have not tried this as a solution and really appreciate your suggestion.

> Date: Wed, 25 Jan 2012 19:55:18 -0500
> From: psusi at ubuntu.com
> To: nrundy at hotmail.com
> CC: ubuntu-devel-discuss at lists.ubuntu.com
> Subject: Re: can we find a solution to bug #820895 (show Process Name in log files)?
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 01/25/2012 06:22 PM, nick rundy wrote:
> > Is there anything that can be done to create some way for Ubuntu
> > users to get the capability of having a static record of what
> > application/s made an outgoing connection?
> 
> That would require a change to the iptables kernel module that implements process based rules.  Last I saw, it wasn't really maintained because the whole concept is considered broken by design.  In other words, you shouldn't be setting rules based on processes.  
> 
> Needing an external firewall to control network activity of a program in the first place is the result of using badly behaved closed source programs, and so it largely a non issue for the open source community.
> 
> > The capability to log "process names" has been requested by numerous
> > users over the years, here's some links:
> 
> If you want to log what processes are run and when in general, then you can install and configure the acct package.  You could then use the accounting information to look up what process had a given pid at a given time.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iQEcBAEBAgAGBQJPIKR1AAoJEJrBOlT6nu756PcIAIHnAJ1jJYX9Sar62AYitrFK
> MyGj6xrVIGc+GLMxK9Nh7rGC+jS+YB3l6oFc+Mo0PJK7Z3c88Akc6TAfZX56dJQY
> JNoQqKEwat43BBAU100rRehwtsMU5zG39GkHrt/kaarQu40e4yh1Qx+TIL2IYAq3
> 76MA7FpqH4YhpjcVAek1pCrodQEZ8KrX0VR6sXHe5pqJcH9xqJHoNdLT58Ik3y4W
> OdEMs6YLvKnQ+dJEzy8COoDFYOy+QQG1uQILu3qbuOauVcSE2KX8PBwBKGOnxH/r
> DgvrUyfBsA8NOU+ml2FgSABlvuhyTrbZM96oZ+fcTwtPSNUEqBVVBsKGHiNqPfQ=
> =Lq5r
> -----END PGP SIGNATURE-----

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20120126/b832527a/attachment.html>