On Tue, Aug 27, 2019 at 5:24 PM John Harris <johnmh(a)splentity.com> wrote:
On Tuesday, August 27, 2019 8:23:01 AM MST Chris Murphy wrote:
> Windows is enable by default with two "zones" or
"policies" (I can't
> even tell from their own UI what to call this), one for private
> networks, and another for guest/public networks.
I don't have a mac, so I can't confirm this, but Apple suggests that there's
nothing bound to listen by default.
There are no services enabled by default either. No ssh, no file
sharing, no VNC, no printer sharing, etc. macOS does have Bonjour
(mDNS) enabled by default, and while it's not self announcing, it is
listening for other device/services that are.
That's similar to Workstation.
If that's the case, and I imagine it's
difficult to run real software on Mac which might bind stuff (because of those
"app" things they've got, I presume), that might be a legitimate thing for
Macs. We're not Apple, and we're not rolling out MacOS. I personally believe
that's a horrible idea for Mac systems as well, even if they don't bind
anything by default, which we do.
Difficult to run real software ... I don't understand what that means
or how it manifests. I run all kinds of real software on macOS and it
works fine.
This sounds like a misunderstanding as to what firewalls, and the
various
types of firewalls, are. By default, Fedora uses firewalld, which is not an
application firewall, which is what you've described. "I dunno if this network
is trustworthy! Do you know if it's trustworthy?!" is a legitimate decision
for the end user or sysadmin to make. It is not "a buck passing interface",
the Fedora install has no possible way to know. The end user or sysadmin
would.
That actually isn't clear at all. And I am the end user and sysadmin.
I'm at home, I have my own AP, but none of the equipment is under my
direct control, it's centrally managed by a company I don't even pay.
So, is it trustworthy? Maybe. Maybe not. I have no practical way of
knowing without digging into Fedora Security spin and learning a bunch
of things I don't presently know - which for sure sounds really
fascinating, and I like that this spin exists, but there are only so
many hours in the day!
--
Chris Murphy