can we find a solution to bug #820895 (show Process Name in log files) (imaginative solution/description presented)?

[Robbie Williamson]

Sounds like nethogs can solve the problem of knowing which processes are
currently sucking down bandwidth.  As for your indicator idea, I think a
simple GUI front-end to nethogs would be the first step.  The
application could reside with other system apps, and simply be fired up
when a user wants this information.  An indicator would mean nethogs
running all the time in the background, unnecessarily consuming
resources, imho.  Anyone up for guifying nethogs? :-)

-Robbie

On 01/26/2012 11:12 PM, nick rundy wrote:
> Yes, good insights, Robbie.
> 
> Just to be clear, I'm not asking that an application-firewall (as Jason
> Todd was speaking of) be created to solve this problem. I'm totally fine
> with a solution that doesn't involve a firewall. It's just that an
> application firewall allows me to solve this problem when I use Windows,
> so it is the only base of reference I have to speak to.
> 
> I simply am asking that some way be created to give users a
> user-friendly, in-your-face way to learn/discover/record/log what
> applications and/or system-processes are making internet connections
> and/or are being blocked from making internet connections (e.g., by GUFW
> when it is set to block outgoing connections).
> 
> One way to solve this problem (as envisioned in my imagination without
> any insight into the technical feasibility of it) would be to design
> some sort of "Indicator" that appears on the titlebar of an
> application's window. For example, in the upper right corner of the
> titlebar, an internet-connection-icon would display if the app is trying
> to connect or is actually connected to the internet. If the app is not
> connecting nor trying to connect to the internet then this icon would
> change its appearance.  This Indicator would solve my problem because it
> provides a user-friendly, in-your-face, understandable way for users to
> quickly ascertain the "internet-connection-state" and
> "internet-connection-behavior" of an application.
> 
> Here's an example of how this can be directly used in the real world:
> first, say I use a Mobile Broadband internet connection that only gets
> so much GB a month. And to try to conserve bandwidth I only want
> internet connections that I deem "worthwhile" to occur. If I ONLY use
> RhythmBox to play MP3s that live on my harddrive, I do not need (nor
> want) Rhythmbox to make an internet connection when I open and use the
> application. All I'm using it for is to play MP3s from my harddrive.
> What does it need to connect to the internet for? So I need an easy and
> "in your face" way to discover if & when Rhythmbox is making an internet
> connection. If I open Rhythmbox and start playing an MP3 and notice that
> Rhythmbox is making an internet connection, then I know that I need to
> go into the Rhythmbox settings and configure it to NOT make those
> internet connections. If Rhythmbox's settings do not allow for such
> configuration, I know that I should select a different application for
> playing my music with (i.e., one that does allow such configuration).
> 
> To further support my case, I offer that with Ubuntu One and other cloud
> services growing in popularity, I think it makes sense for users to have
> a user-friendly way to be able to keep abreast of the
> "internet-connection-state" and "internet-connection-behavior" of their
> applications & system.
> 
> 
> Thank you so much for reading/listening to my concerns on this issue. I
> hope I have been clear in my descriptions :-)
> 
> 
> 
>> Date: Thu, 26 Jan 2012 15:30:52 -0600
>> From: robbie at ubuntu.com
>> To: jtodd929 at hotmail.com
>> CC: nrundy at hotmail.com; ubuntu-devel-discuss at lists.ubuntu.com
>> Subject: Re: can we find a solution to bug #820895 (show Process Name
> in log files)?
>>
>> Seems to be 2 separate issues in this thread:
>>
>> 1) Our system logging for firewall issues only logs PIDs via iptables
>> with no program name. Given other applications like netstat and nethogs
>> can do this, I think it's something we should try and work with upstream
>> to address. (my $0.02)
>>
>> 2) Users can't firewall based on applications. I could be completely
>> wrong here, but I believe AppArmor[1] provides this functionality via
>> profiles. While not as simple as adding an application to a list, it
>> might be an alternative solution until there's an easier way to do this.
>>
>> http://manpages.ubuntu.com/manpages/hardy/man5/apparmor.d.5.html
>>
>> -Robbie
>>
>> On 01/26/2012 02:51 PM, Jason Todd wrote:
>> > Nick, the package is called "acct" all by itself.
>> > IMHO it will not solve the problem you are facing. I have tried it and
>> > it is not "user-friendly" compared to what you are used to. I have
>> > watched numerous people go back to Windows largely because of user
>> > frustration/inability to discover/control what applications can and
>> > cannot internet connect. I remember reading one review of ubuntu where
>> > the reviewer hooked up some friends with 11.04 to get their opinions.
>> > One of the things the friends complained about was only having control
>> > of ports (and not applications) in the firewall. I could have swore it
>> > was at tomshardware.com. I've searched but can't find the review. It was
>> > back around the time 11.04 came out.
>> > The way Linux deals with applications and internet connections has not
>> > evolved to a consumer-desktop-level. In an age where privacy and
>> > security are very important, it's going to need to address this to gain
>> > more users. I was sad to see Bug 820895 marked as Won't Fix.
>> >
>> > I personally tried to get my friend to start using ubuntu. But he grew
>> > frustrated with no application firewall capabilities. He posted in the
>> > ubuntu-forums on the issue and it generated a long discussion but
>> > ultimately turned into a big mess where lots of ubuntu users were
>> > calling him an idiot and saying that Windows uses an application
>> > firewall because Windows sucks. The thread was closed and my friend went
>> > back to Windows feeling like ubuntu is only for programmers and everyone
>> > that uses Ubuntu thinks he's stupid cause he wanted an application
> firewall.
>> >
>> > ------------------------------------------------------------------------
>> > From: nrundy at hotmail.com
>> > To: psusi at ubuntu.com; ubuntu-devel-discuss at lists.ubuntu.com
>> > Subject: RE: can we find a solution to bug #820895 (show Process Name in
>> > log files)?
>> > Date: Thu, 26 Jan 2012 10:16:22 -0500
>> >
>> > Philip, thanks for your reply. I greatly appreciate it. You said,
>> >
>> >>>>If you don't like the connections a program makes, then configure it
>> > not to do so. If you can't do that, then don't run such a bad
> program.>>>
>> >
>> > This is what I'm trying to do on Ubuntu! :) if I can't log the process
>> > name, How do I learn what connections a program is making so that I can
>> > configure that program to not make those connections? You see the
> problem?
>> >
>> > For over a year I have been struggling (on Ubuntu) with a way to
>> > identify the connections programs are making so that I can do what you
>> > say: configure it not to make those connections or to uninstall the
>> > program if I deem it a "bad program." This is a non-issue on Microsoft
>> > Windows because I can easily identify connections programs are making
>> > and I can KNOW the comings and goings on my computer as it is all logged
>> > with Application Name in the firewall log. One of the criteria I use to
>> > select which applications I install and run is "internet connection
>> > behavior." It has been very difficult selecting applications I prefer in
>> > Ubuntu because I am forced to sit and watch netstat while trying to
>> > accomplish things. What I have ended up doing is (when available)
>> > installing the same program on Windows, study the firewall log in
>> > Windows and then deeming it a "good" or "bad" program for use in Ubuntu.
>> > So I am still seeking a solution on Ubuntu. If there's some other way to
>> > accomplish what I'm after (than using a Firewall Log), I will use it.
>> > But I have yet to find as reasonable a solution on Ubuntu. As others
>> > have remarked in forums etc, this is becoming an increasing priority in
>> > order to manage Mobile Broadband internet connection usage as the
>> > accounts come with bandwidth caps where users are charged a lot of extra
>> > money if they exceeds the caps.
>> >
>> > I will investigate using acct package, is this the name ("acct" or "acct
>> > package") I should search for in Synaptic? I have not tried this as a
>> > solution and really appreciate your suggestion.
>> >
>> >
>> >
>> >> Date: Wed, 25 Jan 2012 19:55:18 -0500
>> >> From: psusi at ubuntu.com
>> >> To: nrundy at hotmail.com
>> >> CC: ubuntu-devel-discuss at lists.ubuntu.com
>> >> Subject: Re: can we find a solution to bug #820895 (show Process Name
>> > in log files)?
>> >>
>> > On 01/25/2012 06:22 PM, nick rundy wrote:
>> >> Is there anything that can be done to create some way for Ubuntu
>> >> users to get the capability of having a static record of what
>> >> application/s made an outgoing connection?
>> >
>> > That would require a change to the iptables kernel module that
>> >> implements process based rules. Last I saw, it wasn't really maintained
>> >> because the whole concept is considered broken by design. In other
>> >> words, you shouldn't be setting rules based on processes.
>> >
>> > Needing an external firewall to control network activity of a program
>> >> in the first place is the result of using badly behaved closed source
>> >> programs, and so it largely a non issue for the open source community.
>> >
>> >> The capability to log "process names" has been requested by numerous
>> >> users over the years, here's some links:
>> >
>> > If you want to log what processes are run and when in general, then
>> >> you can install and configure the acct package. You could then use the
>> >> accounting information to look up what process had a given pid at a
>> >> given time.
>> >
>> >
>> > -- Ubuntu-devel-discuss mailing list
>> > Ubuntu-devel-discuss at lists.ubuntu.com Modify settings or unsubscribe at:
>> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>> >
>> >
>>
>> --
>> Robbie Williamson <robbie at ubuntu.com>
>> robbiew[irc.freenode.net]
>>
>> "Don't make me angry...you wouldn't like me when I'm angry."
>> -Bruce Banner


-- 
Robbie Williamson <robbie at ubuntu.com>
robbiew[irc.freenode.net]

"You can't be lucky all the time, but you can be smart everyday"
 -Mos Def

"Arrogance is thinking you are better than everyone else, while
Confidence is knowing no one else is better than you." -Me ;)