On Tue, Aug 27, 2019 at 5:24 PM John Harris <johnmh@xxxxxxxxxxxxx> wrote: > > On Tuesday, August 27, 2019 8:23:01 AM MST Chris Murphy wrote: > > Windows is enable by default with two "zones" or "policies" (I can't > > even tell from their own UI what to call this), one for private > > networks, and another for guest/public networks. > > I don't have a mac, so I can't confirm this, but Apple suggests that there's > nothing bound to listen by default. There are no services enabled by default either. No ssh, no file sharing, no VNC, no printer sharing, etc. macOS does have Bonjour (mDNS) enabled by default, and while it's not self announcing, it is listening for other device/services that are. That's similar to Workstation. > If that's the case, and I imagine it's > difficult to run real software on Mac which might bind stuff (because of those > "app" things they've got, I presume), that might be a legitimate thing for > Macs. We're not Apple, and we're not rolling out MacOS. I personally believe > that's a horrible idea for Mac systems as well, even if they don't bind > anything by default, which we do. Difficult to run real software ... I don't understand what that means or how it manifests. I run all kinds of real software on macOS and it works fine. > This sounds like a misunderstanding as to what firewalls, and the various > types of firewalls, are. By default, Fedora uses firewalld, which is not an > application firewall, which is what you've described. "I dunno if this network > is trustworthy! Do you know if it's trustworthy?!" is a legitimate decision > for the end user or sysadmin to make. It is not "a buck passing interface", > the Fedora install has no possible way to know. The end user or sysadmin > would. That actually isn't clear at all. And I am the end user and sysadmin. I'm at home, I have my own AP, but none of the equipment is under my direct control, it's centrally managed by a company I don't even pay. So, is it trustworthy? Maybe. Maybe not. I have no practical way of knowing without digging into Fedora Security spin and learning a bunch of things I don't presently know - which for sure sounds really fascinating, and I like that this spin exists, but there are only so many hours in the day! -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
