On Tue, 2014-12-09 at 10:19 -0500, Bastien Nocera wrote: > > ----- Original Message ----- > > Hi, > > > > > > I also thought that the whole points of having Zones etc, was so that > > > > we could pick a different zone per network connection, > > > > /me too. > > > > > > so if I'm in the office or at home I can say use this zone, if I'm > > > > at a coffee shop I can pick a different one etc. > > > > > > > > Or was this consider too much UI for the normal user? Surely > > > > OSX has something to copy from, since they seem to define what > > > > a normal user expects. > > > > > > OSX has a firewall integration that I would rank as "awful". It's not > > > any better than what we had in Fedora 20 (blocking firewall and a tool > > > to open up ports). > > > > Have a look at Windows then. Each time you hook a windows machine to a > > new network it asks what network this is. Used to be "public", "home", > > "work". Recently they simplified that and kicked the "home" / "work" > > separation, so it's only public / non-public now. With some explanation > > along the lines of "use public for hotspots, use home for your private > > network where you want share stuff". > > > > Why we can't have something like this? And if you don't want a popup > > asking, have something in the NetworkManager applet menu, where people > > can easily find the switch without having to search for it? A "[x] > > allow sharing" checkbox? A firewall zone selector? > > > > Side Note: For the latter we need to cleanup the zones though. There > > are *way* to many to choose from, and the names suck big > > time. WTF is a "Fedora$product" zone? And wasn't that > > discussed before on this list? Why do we *still* have this > > mess? > > This isn't a side note, IMO. It was one of the major reasons why we chose > not to expose users to the concept of zones. In addition to the names being > obscure in firewalld (there's a bug filed about that), they also are obscure > in Windows. > > What configuration difference is there between home and work, and how do you > explain them without going deeper into technical details? Are there cases > where I want to share things in a work environment and not a home environment? > > > IMO there is simply no way around asking the user. > > Instead of asking the user, we're getting the user to tell us they want to share > things. This avoids unnecessary nagging. > > > Make sharing stuff > > easy (so you can watch your dnla-exported photo/video collection at your > > smart tv) is a reasonable request. But enabling that by allowing > > everybody fetch your private photo collection via dnla while you are > > surfing @ starbucks is a non-starter. > > This isn't what was implemented. DLNA share will be turned off by default on > new networks. In fact, we won't allow any unencrypted services to run when > on unencrypted Wi-Fi. > > > cheers, > > Gerd > > > > PS: Seems windows can even identify different wired networks. I've > > switched my router recently, and windows re-asked what network > > I'm on. Probably they remember the mac address of the default > > gateway or something like that. > > This will be implemented as soon as NetworkManager makes it easier for us > to detect different wired connections. For now, all wired connections are considered > to be the same one, which could be a problem. Just a reminder that wired detection is always best-effort, unless the switch is using 802.1x (which few do outside of highly secure enterprises). It's trivial for somebody to spoof any mechanism for wired network detection. Dan -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
