6.06 ppc desktop iso size.....

classic Classic list List threaded Threaded
96 messages Options
12345
Reply | Threaded
Open this post in threaded view
|

6.06 ppc desktop iso size.....

Matt Nicholson
forgive me if this is the wrong list, i'll be more than happy to post to
-users if someone things that would be better...

the issue is this:

so, i downloaded the ubuntu 6.06 lts ppc desktop image to my INTEL
desktop, so that i could burn it to cd and use it on my powerbook. all
sounds good. i've done it with breezy before, and the dapper betas etc.
the image downloads and its final size in 701MB (701.1 rather), which is
1.1MB bigger than most cds (at 700MB), which,is normally no problem,
lots of times these images are slightly bigger. So, i pop a blank 700MB
cd in to my drive, right click the image, and select write to disk. the
write to disk dialog pops (i'm assuming this is nautilus-burn's area),
and i take the defaults and say Write. right away i get a dialog saying:

"Reload a rewritable or blank disk

Please replace the disc in the drive with a supported disc with at least
702MiB free. The following disk types are supported: CD-R, CD-RW, DVD+R,
DVD+RW
"

everytime. thing is, in the past "oversize" images have burned fine. i
transfer the iso to my powerbook, and burn it in OSX, on the exact same
blank cd, and its not problem.

oh, and i also downloaded the iso 3 times from 3 different servers to
make sure it wasn't a problem during the transfer or anything.

CAn anyone shed any light on this? I find it funny that Ubuntu 6.06
cannot burn a Ubuntu 6.06 PPC CD.......

matt nicholson

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

signature.asc (198 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: 6.06 ppc desktop iso size.....

Vincent Trouilliez
On Wed, 2006-06-21 at 16:16 -0400, Matthew Nicholson wrote:
> So, i pop a blank 700MB cd in to my drive,
> right click the image, and select write to disk. the
> write to disk dialog pops and i take the defaults and say Write.
> right away i get a dialog saying:
>
> "Reload a rewritable or blank disk
> Please replace the disc in the drive with a supported disc with at least
> 702MiB free."

Definitely should go to -users not -devel ;-)
I used to have a similar problem 9+ month ago, so I filed a bug report
about it, and it got fixed 4 month ago. Having said that, I have not
tried burning a CD since Dapper was released, so maybe the bug is back
again. Have a look:

https://launchpad.net/distros/ubuntu/+source/nautilus-cd-burner/+bug/20879


HTH,


--
Vince


--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: 6.06 ppc desktop iso size.....

Paul Sladen-2
In reply to this post by Matt Nicholson
On Wed, 21 Jun 2006, Matthew Nicholson wrote:
> the image downloads and its final size in 701MB (701.1 rather), which is
> 1.1MB bigger than most cds (at 700MB),

An 80 minute disk is:

  80 minutes * 60 seconds * 75 sectors * 2048 bytes = 737280000 bytes

now, once you have that figure, depending on whether it is divided by
'1000', or '1024' you will get different answers for the size in "megabytes"
and that may well be the cause of the "too small" error.

        -Paul
--
High on a Spanish mountain, surrounded by howling dogs.  Roissy, Paris, FR


--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: 6.06 ppc desktop iso size.....

Robin Sonefors
In reply to this post by Matt Nicholson
I ran into the same problem when using Gnome/Nautilus. When using K3B,
however, it worked just fine.

On Wed, 2006-06-21 at 16:16 -0400, Matthew Nicholson wrote:

> forgive me if this is the wrong list, i'll be more than happy to post to
> -users if someone things that would be better...
>
> the issue is this:
>
> so, i downloaded the ubuntu 6.06 lts ppc desktop image to my INTEL
> desktop, so that i could burn it to cd and use it on my powerbook. all
> sounds good. i've done it with breezy before, and the dapper betas etc.
> the image downloads and its final size in 701MB (701.1 rather), which is
> 1.1MB bigger than most cds (at 700MB), which,is normally no problem,
> lots of times these images are slightly bigger. So, i pop a blank 700MB
> cd in to my drive, right click the image, and select write to disk. the
> write to disk dialog pops (i'm assuming this is nautilus-burn's area),
> and i take the defaults and say Write. right away i get a dialog saying:
>
> "Reload a rewritable or blank disk
>
> Please replace the disc in the drive with a supported disc with at least
> 702MiB free. The following disk types are supported: CD-R, CD-RW, DVD+R,
> DVD+RW
> "
>
> everytime. thing is, in the past "oversize" images have burned fine. i
> transfer the iso to my powerbook, and burn it in OSX, on the exact same
> blank cd, and its not problem.
>
> oh, and i also downloaded the iso 3 times from 3 different servers to
> make sure it wasn't a problem during the transfer or anything.
>
> CAn anyone shed any light on this? I find it funny that Ubuntu 6.06
> cannot burn a Ubuntu 6.06 PPC CD.......
>
> matt nicholson

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

signature.asc (198 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

ZeroConf in Ubuntu Edgy

Krishna Sankar
Hi all,

        I have been following the ZeroConf for Kubuntu
https://launchpad.net/distros/ubuntu/+spec/kubuntu-easy-zeroconf.

        Where do we stand in terms of Ubuntu ? Would it be available in the
default install ? Will it be turned on ? Naturally, before Ian jumps in, how
will we handle the security issues ?

Cheers
</k>


--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

RE: ZeroConf in Ubuntu Edgy

Krishna Sankar
There have been questions around turning it on for current session and
turning it off.

How does Apple handle this ? What is Apple's Rendezvous/Bonjour security
model ? Couldn't we look at it and get inspirations ? ;o)

Cheers
<k/>

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> Krishna Sankar
> Sent: Thursday, June 22, 2006 10:09 AM
> To: [hidden email]
> Subject: ZeroConf in Ubuntu Edgy
>
> Hi all,
>
> I have been following the ZeroConf for Kubuntu
> https://launchpad.net/distros/ubuntu/+spec/kubuntu-easy-zeroconf.
>
> Where do we stand in terms of Ubuntu ? Would it be
> available in the default install ? Will it be turned on ?
> Naturally, before Ian jumps in, how will we handle the
> security issues ?
>
> Cheers
> </k>
>
>
> --
> ubuntu-devel mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel


--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: ZeroConf in Ubuntu Edgy

Trent Lloyd
Ubuntu has a no-open-ports by-default policy, which means that any
mDNS/DNS-SD based discovery cannot be enabled by default.

There are discussions of an easy GUI to turn this functionality on,
and I would like to see that in edgy (both in Ubuntu & Kubuntu)
(as the spec below is talking about)

Avahi is relatively secure (or so I'd like to think :), but nothing
is perfect, and we have had a couple problems to date that I am aware of
where the daemon could be crashed remotely, in addition
it runs inside a chroot environment as a non-priviledged (avahi) user,
so any exploits are unlikely to get you too far, but obviously
still have the potential to be problematic.

As for the other side of zeroconf, network-manager handles dynamic
address assignments, however since we're still not using that 'zeroconf'
may be worth a look, however I beleive it also has some problems and may
be something that the dhcp client needs to hook to.

Trent

On Thu, Jun 22, 2006 at 10:36:06AM -0700, Krishna Sankar wrote:

> There have been questions around turning it on for current session and
> turning it off.
>
> How does Apple handle this ? What is Apple's Rendezvous/Bonjour security
> model ? Couldn't we look at it and get inspirations ? ;o)
>
> Cheers
> <k/>
>
> > -----Original Message-----
> > From: [hidden email]
> > [mailto:[hidden email]] On Behalf Of
> > Krishna Sankar
> > Sent: Thursday, June 22, 2006 10:09 AM
> > To: [hidden email]
> > Subject: ZeroConf in Ubuntu Edgy
> >
> > Hi all,
> >
> > I have been following the ZeroConf for Kubuntu
> > https://launchpad.net/distros/ubuntu/+spec/kubuntu-easy-zeroconf.
> >
> > Where do we stand in terms of Ubuntu ? Would it be
> > available in the default install ? Will it be turned on ?
> > Naturally, before Ian jumps in, how will we handle the
> > security issues ?
> >
> > Cheers
> > </k>
> >
> >
> > --
> > ubuntu-devel mailing list
> > [hidden email]
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
>
>
> --
> ubuntu-devel mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

--
Trent Lloyd <[hidden email]>
Bur.st Networking Inc.

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: ZeroConf in Ubuntu Edgy

John Nilsson
On Fri, 2006-06-23 at 09:15 +0800, Trent Lloyd wrote:
> Ubuntu has a no-open-ports by-default policy, which means that any
> mDNS/DNS-SD based discovery cannot be enabled by default.

How about a semi-closed policy? I.e. having a iptables configuration
that is a bit more trusting of private networks.

Regards,
John


--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: ZeroConf in Ubuntu Edgy

Matt Zimmerman-2
On Wed, Jun 28, 2006 at 10:47:58PM +0200, John Nilsson wrote:
> On Fri, 2006-06-23 at 09:15 +0800, Trent Lloyd wrote:
> > Ubuntu has a no-open-ports by-default policy, which means that any
> > mDNS/DNS-SD based discovery cannot be enabled by default.
>
> How about a semi-closed policy? I.e. having a iptables configuration
> that is a bit more trusting of private networks.

That's an interesting idea.  But are enough ISPs and corporate networks
doing proper filtering these days for that to be safe?

--
 - mdz

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: ZeroConf in Ubuntu Edgy

Soren Hansen
In reply to this post by Krishna Sankar

Clearly, I'm too stupid to reply to the list, and mutt is not quite
clever enough to obey the mail-followup-to header..

----- Forwarded message from Soren Hansen <[hidden email]> -----

From: Soren Hansen <[hidden email]>
To: Matt Zimmerman <[hidden email]>
Subject: Re: ZeroConf in Ubuntu Edgy

On Wed, Jun 28, 2006 at 02:18:59PM -0700, Matt Zimmerman wrote:
> > > Ubuntu has a no-open-ports by-default policy, which means that any
> > > mDNS/DNS-SD based discovery cannot be enabled by default.
> > How about a semi-closed policy? I.e. having a iptables configuration
> > that is a bit more trusting of private networks.
> That's an interesting idea.  But are enough ISPs and corporate
> networks doing proper filtering these days for that to be safe?

I'm not sure "enough" is quite enough in this case. I believe we really
should build security policies on worst case and not assumptions about
the majority of users.

Besides, taking the current state of affairs in the wifi security area
into account, the problem is currently much closer than the ISP.

--
| Soren Hansen    | Linux2Go                  | http://Linux2Go.dk/ |
| Seniorkonsulent | Lindholmsvej 42, 2. TH    | +45 46 90 26 42     |
| [hidden email]  | 9400 Norresundby, Denmark | GPG key: E8BDA4E3   |



----- End forwarded message -----

--
| Soren Hansen    | Linux2Go                  | http://Linux2Go.dk/ |
| Seniorkonsulent | Lindholmsvej 42, 2. TH    | +45 46 90 26 42     |
| [hidden email]  | 9400 Norresundby, Denmark | GPG key: E8BDA4E3   |

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

signature.asc (198 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: ZeroConf in Ubuntu Edgy

Matthew Palmer-2
On Thu, Jun 29, 2006 at 04:03:15AM +0200, Soren Hansen wrote:
> Clearly, I'm too stupid to reply to the list, and mutt is not quite
> clever enough to obey the mail-followup-to header..

It works fine for me.  Could the header have been malformed or otherwise
unhappy?

- Matt

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: ZeroConf in Ubuntu Edgy

Trent Lloyd
In reply to this post by Matt Zimmerman-2
On Wed, Jun 28, 2006 at 02:18:59PM -0700, Matt Zimmerman wrote:

> On Wed, Jun 28, 2006 at 10:47:58PM +0200, John Nilsson wrote:
> > On Fri, 2006-06-23 at 09:15 +0800, Trent Lloyd wrote:
> > > Ubuntu has a no-open-ports by-default policy, which means that any
> > > mDNS/DNS-SD based discovery cannot be enabled by default.
> >
> > How about a semi-closed policy? I.e. having a iptables configuration
> > that is a bit more trusting of private networks.
>
> That's an interesting idea.  But are enough ISPs and corporate networks
> doing proper filtering these days for that to be safe?

I'm not sure this is really right, this still means if I'm at a
conference, someone can hack my PC, not just if I'm on the internet (in
fact your often arguably *safer* on the internet where your behind NAT
[at least that is often the case in .au])

Trent

>
> --
>  - mdz
>
> --
> ubuntu-devel mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

--
Trent Lloyd <[hidden email]>
Bur.st Networking Inc.

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: ZeroConf in Ubuntu Edgy

John Nilsson
On Thu, 2006-06-29 at 13:17 +0800, Trent Lloyd wrote:

> On Wed, Jun 28, 2006 at 02:18:59PM -0700, Matt Zimmerman wrote:
> > On Wed, Jun 28, 2006 at 10:47:58PM +0200, John Nilsson wrote:
> > > On Fri, 2006-06-23 at 09:15 +0800, Trent Lloyd wrote:
> > > > Ubuntu has a no-open-ports by-default policy, which means that any
> > > > mDNS/DNS-SD based discovery cannot be enabled by default.
> > >
> > > How about a semi-closed policy? I.e. having a iptables configuration
> > > that is a bit more trusting of private networks.
> >
> > That's an interesting idea.  But are enough ISPs and corporate networks
> > doing proper filtering these days for that to be safe?
>
> I'm not sure this is really right, this still means if I'm at a
> conference, someone can hack my PC, not just if I'm on the internet (in
> fact your often arguably *safer* on the internet where your behind NAT
> [at least that is often the case in .au])

Would it be possible to automatically maintain list of MAC-addresses for
trusted networks?

Depending on policy either all NICs joining the network would
automatically be added to iptables-rules or queued-up for manual
authorization by the user.

Regards,
John


--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: ZeroConf in Ubuntu Edgy

Trent Lloyd
Hi John,

On Thu, Jun 29, 2006 at 02:53:28PM +0200, John Nilsson wrote:

> On Thu, 2006-06-29 at 13:17 +0800, Trent Lloyd wrote:
> > On Wed, Jun 28, 2006 at 02:18:59PM -0700, Matt Zimmerman wrote:
> > > On Wed, Jun 28, 2006 at 10:47:58PM +0200, John Nilsson wrote:
> > > > On Fri, 2006-06-23 at 09:15 +0800, Trent Lloyd wrote:
> > > > > Ubuntu has a no-open-ports by-default policy, which means that any
> > > > > mDNS/DNS-SD based discovery cannot be enabled by default.
> > > >
> > > > How about a semi-closed policy? I.e. having a iptables configuration
> > > > that is a bit more trusting of private networks.
> > >
> > > That's an interesting idea.  But are enough ISPs and corporate networks
> > > doing proper filtering these days for that to be safe?
> >
> > I'm not sure this is really right, this still means if I'm at a
> > conference, someone can hack my PC, not just if I'm on the internet (in
> > fact your often arguably *safer* on the internet where your behind NAT
> > [at least that is often the case in .au])
>
> Would it be possible to automatically maintain list of MAC-addresses for
> trusted networks?
>
> Depending on policy either all NICs joining the network would
> automatically be added to iptables-rules or queued-up for manual
> authorization by the user.

This seems completely far too complicated to me, and far more
complicated than a simple on/off switch...

Trent

> Regards,
> John
>
>
> --
> ubuntu-devel mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

--
Trent Lloyd <[hidden email]>
Bur.st Networking Inc.

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: ZeroConf in Ubuntu Edgy

John Nilsson
On Fri, 2006-06-30 at 00:34 +0800, Trent Lloyd wrote:
> > Would it be possible to automatically maintain list of MAC-addresses for
> > trusted networks?
> >
> > Depending on policy either all NICs joining the network would
> > automatically be added to iptables-rules or queued-up for manual
> > authorization by the user.
>
> This seems completely far too complicated to me, and far more
> complicated than a simple on/off switch...

If you mean complicated for the users I don't really agree. It would be
a simple on/off switch, only it would be smart enough that the user
wouldn't have to remember to press it all the time.

Regards,
John


--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: ZeroConf in Ubuntu Edgy

Daniel Pittman
In reply to this post by Matt Zimmerman-2
Matt Zimmerman <[hidden email]> writes:

> On Wed, Jun 28, 2006 at 10:47:58PM +0200, John Nilsson wrote:
>> On Fri, 2006-06-23 at 09:15 +0800, Trent Lloyd wrote:
>> > Ubuntu has a no-open-ports by-default policy, which means that any
>> > mDNS/DNS-SD based discovery cannot be enabled by default.
>>
>> How about a semi-closed policy? I.e. having a iptables configuration
>> that is a bit more trusting of private networks.
>
> That's an interesting idea.  But are enough ISPs and corporate networks
> doing proper filtering these days for that to be safe?

I would strongly advise against a policy that assumes private IP ranges
are somehow safer than public IP ranges.  Around five percent of my
clients, here in .au, are supplied an IP from a private range that can
communicate directly with the Internet[1].

At the very least your system would be assuming that the rest of the ISP
is trustworthy, if not the entire Internet.

Regards,
        Daniel

Footnotes:
[1]  For some values of, including through the UPnP protocol for opening
     Internet facing ports.

--
Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707        email: [hidden email]
http://digital-infrastructure.com.au/


--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: ZeroConf in Ubuntu Edgy

Dan Kegel-2
Zeroconf is simply too scary to enable by default, but
I can imagine that an admin who was into it
could easily enable it when rolling out workstations...

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

RE: ZeroConf in Ubuntu Edgy

Krishna Sankar
In reply to this post by Krishna Sankar
> Zeroconf is simply too scary to enable by default, but I can
<KS>
If so, how is apple mitigating the risk ? If it is OK for Apple, why not for Ubuntu ?

Also, in case of home users, no admin exists and no workstation rollouts.

We can always give a warning, and allow ZeroConf to be opened. But that does not solve any problem - just shifting the responsibilities. What would a poor home user know or can do about firewalls and ports that we cannot do ?

IMHO, we should find a way to enable ZeroConf, make proper assumptions and add the right amount of safety, which I think is what Apple does. I still haven't gotten a well rounded answer as to Apple's setup in this regard, so don't know if it is true.

We can still get the user's permission to open it, but not as a way of shifting the burden. We should do this only IF we are comfortable enabling ZeroConf. An anemic "we are not OK with it, but if you want we will open it for you" is not a solution.
</KS>
Cheers
<k/>

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Dan Kegel
> Sent: Sunday, July 02, 2006 8:27 PM
> To: Daniel Pittman
> Cc: [hidden email]
> Subject: Re: ZeroConf in Ubuntu Edgy
>
> Zeroconf is simply too scary to enable by default, but I can
> imagine that an admin who was into it could easily enable it
> when rolling out workstations...
>


--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: ZeroConf in Ubuntu Edgy

Trent Lloyd
Hi Krishna,

On Sun, Jul 02, 2006 at 11:02:05PM -0500, Krishna Sankar wrote:

> > Zeroconf is simply too scary to enable by default, but I can
> <KS>
> If so, how is apple mitigating the risk ? If it is OK for Apple, why not for Ubuntu ?
>
> Also, in case of home users, no admin exists and no workstation rollouts.
>
> We can always give a warning, and allow ZeroConf to be opened. But that does not solve any problem - just shifting the responsibilities. What would a poor home user know or can do about firewalls and ports that we cannot do ?
>
> IMHO, we should find a way to enable ZeroConf, make proper assumptions and add the right amount of safety, which I think is what Apple does. I still haven't gotten a well rounded answer as to Apple's setup in this regard, so don't know if it is true.
>
> We can still get the user's permission to open it, but not as a way of shifting the burden. We should do this only IF we are comfortable enabling ZeroConf. An anemic "we are not OK with it, but if you want we will open it for you" is not a solution.

As far as I can see, there are two potential security concerns with
zeroconf

 1) Information Disclosure
 2) Application Secrurity Vulnerability

1)

The former is clear cut, zeroconf publishes information about you on a
network, in a standard avahi setup it's quite easy to see that your
computer is on the network, what you have named it, and what your MAC
address is.

Further from that particular applications may choose to publish
information, your music collection, or a shared document etc.

Obviously there are various concerns here, number 1 they might get to
knwo my name because by computer is called 'trentlloyd-laptop' by
default with the new dapper installer.

Secondly the RIAA might find out that I'm sharing 1000's of illegal
music files and sue me (and then I sue ubuntu or something silly :)

====

2)

Totally separately, as with every application, Avahi may have a security
vulnerability, with it listening on the network (as required for
zeroconf) this could be exposed and allow an attacker access to my
system.

Avahi has been pretty good so far, there have been a couple problems,
nothing that has come out as exploit thus far.

We also take reasonable measures to secure ourselves against these, such
as having the avahi daemon chroot()d into a relatively useless
directory, and having it run as the 'avahi' user and not root.

Which brings us to the no open ports policy, having this policy means
that, out of the box, no ubuntu system is vulnerable, which is a good
albeit somewhat prohibitive policy.

As far as I am aware the no open port policy is not up for debate, what
we need to be concentrating on is an _easy_ way to enable zeroconf, I
think that firewalls or allowing private iPs or MACs, etc are all silly,
and that at the very basic level zeroconf should just me a

[X] Enable network service discovery

in the network settings applet.

The former issue about information disclosure is also very relevant, and
we should be fully aware of the information that is published by
default, and easily published with the most common (or even all)
zeroconf-using applications.

Cheers,
Trent


> </KS>
> Cheers
> <k/>
>
> > -----Original Message-----
> > From: [hidden email]
> > [mailto:[hidden email]] On Behalf Of Dan Kegel
> > Sent: Sunday, July 02, 2006 8:27 PM
> > To: Daniel Pittman
> > Cc: [hidden email]
> > Subject: Re: ZeroConf in Ubuntu Edgy
> >
> > Zeroconf is simply too scary to enable by default, but I can
> > imagine that an admin who was into it could easily enable it
> > when rolling out workstations...
> >
>
>
> --
> ubuntu-devel mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

--
Trent Lloyd <[hidden email]>
Bur.st Networking Inc.

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: ZeroConf in Ubuntu Edgy

Dan Kegel-2
In reply to this post by Krishna Sankar
On 7/2/06, Krishna Sankar <[hidden email]> wrote:
> > Zeroconf is simply too scary to enable by default, but I can
> <KS>
> If so, how is apple mitigating the risk ?

They're not, as far as I know.   Their xcode IDE,
for instance, uses distcc in an extremely convenient but insecure
mode.  Ho hum, let's see, was this vulnerability exploited yet?
Yes: http://seclists.org/lists/bugtraq/2005/Mar/0197.html
Basically, they're complete idiots when it comes to security.

> If it is OK for Apple, why not for Ubuntu ?

Because Ubuntu isn't run by a bunch of idiots?
- Dan

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
12345