On Tue, 2014-12-09 at 16:04 +0100, Reindl Harald wrote: > Am 09.12.2014 um 15:57 schrieb Christian Schaller: > > Well I think it is hard for anyone to guess what would be reasonable defaults for > > you specifically, any default is by its nature just targeting an generic > > person, which might or might not be a lot like you. > > > > But if you are aware and understand the finer details here then it isn't that > > big a job to change it, you should be able to go into the network manager, choose your > > connection, choose 'identity' (should probably be moved to be under security?) and change > > the zone for your network to whatever suits you better. > > and why can't you do the same if you want it open instead start > wide-open and expect from people to secure their system > > how long do you think does it take until someone is so audacious and > installs mysql and apache with the intention just to develop some > webscripts on his workstation *beause* he want only play around with it > not imaging that his mysqld is open to the world and not just localhost? > > the same applies for *any* other service in /etc/services with a port > number above 1024 - ship unsecure defaults and expect users to secure > their machines is pervert - that won't happen, sooner or later damage > will happen and nobody feels responsible > > Well said Reindl. I don't know if this is the issue or it is just coincidence, but since Microsoft has been injecting Linux with their engineers, there appears to be a slide in security, efficiency, and a general ignoring of the Unix roots of Linux. I know Linux is not unix... but the influence was there and was a great contributor to the stability, usability and security of the system. The switch to systemd, is but one very strong example of this slide. Now open ports? Really, with the world under threat of cyber attack, this is reasonable? I can see from the many posts that I am not the only one with concerns. My own background is deep, going back to the 1970's. I can tell that many of those defending this don't realize the issue. So, maybe a bit of a wake up call would point to the Sony debacle, and the potential of Worm's. Or the issues of man in the middle where once you initiate a connection, those open ports become a door into your system? The software is out there on the dark net, and most of the server folks on here know that. Please rethink this process. Revert to text control software, rely on encryption and net control as the first phase of system defense. Then layer it with secure routers, filtering, and possibly dual authentication. Make the bad guys work for it. Just my opinion. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
