<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 12/08/2014 06:41 PM, Reindl Harald
wrote:<br>
</div>
<blockquote cite="mid:5486373F.5080406@thelounge.net" type="cite">the
security community is usually very clear:
<br>
<br>
* forbid as much as you can by default
<br>
* allow only what <b class="moz-txt-star"><span
class="moz-txt-tag">*</span>really<span class="moz-txt-tag">*</span></b>
is needed to get the work done
<br>
</blockquote>
...and this is the tricky part---you want tightly defined
functionality, and other people want to install a photo-sharing that
just works with their off-the-shelf smart TV. In principle, both
could be accomplished with a combination of well-written,
good-looking pop-up dialogs and a smart, dynamic firewall, but the
required software doesn't exit yet. <br>
<br>
I think that we should start with the low hanging fruit and simplify
the firewall zones to two : a public, restricted one and a
home/private with more ports open; selected by user for each new
interface.<br>
</body>
</html>