New ZeroConf Spec
Patrick McFarland
diablod3 at gmail.com
Fri Jul 14 00:57:26 BST 2006
On Thursday 13 July 2006 08:44, Scott James Remnant wrote:
> On Thu, 2006-07-13 at 11:50 +0100, Ian Jackson wrote:
> > Scott James Remnant writes ("Re: New ZeroConf Spec"):
> > > ... ah, I believe we have reached the middle of this conversation ...
> >
> > I should have known better than to get into a discussion about
> > `security'. The very word seems to blank people's brains.
>
> What do you mean?
>
> That almost sounds like it was intended to be insulting.
It probably was meant to be, but he's right. You have people clinging on to
old outdated ways of thought (such as the no port open policy, which effects
the development of the Linux desktop in negative ways), and you have people
putting insane security policies before basic and required usability.
If a computer is to be used in a secure environment, the /user and owner of
the machine/ has to understand security, we cannot force security on them.
This has been tried before, and users just turn everything off because it
gets in their way.
mDNS on most machines is not a security hazard. If you're worried about
various daemons and programs having security flaws, then audit them. If
you're just paranoid about other computers maliciously hacking you, then
build a firewall app that has a prominent feature: "Click here to disable
mDNS."
Otherwise, I'm going to go with what Apple currently does, who has invested
far more much money in research into such issues than we have... Apple allows
incoming mDNS and doesn't share files/information by default. Until they
change their policy, I think we should do what they do.
--
Patrick McFarland || www.AdTerrasPerAspera.com
"Computer games don't affect kids; I mean if Pac-Man affected us as kids,
we'd all be running around in darkened rooms, munching magic pills and
listening to repetitive electronic music." -- Kristian Wilson, Nintendo,
Inc, 1989
More information about the ubuntu-devel
mailing list