<html><head></head><body>I'll agree that there is sometimes undesired promiscuity of zeroconf. Still, larger networks should be segmented by workflows and security clearance with gateways proxying service discovery with filters defined by the network admin.<br>Service discovery was not invented by Poettering et al. so I object to putting avahi in the same group as systemd.<br>Something to discuss tonight :)<br><br><div class="gmail_quote">On 16 January 2019 16:13:15 GMT, Martin via Nottingham <nottingham@mailman.lug.org.uk> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">On 15/01/2019 16:54, VM via Nottingham wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;">What's wrong with avahi? Poettering's last commit was in 2012! It's<br>modular and doesn't grow like cancer...<br></blockquote><br><br>In decades, I've never needed it nor wanted it. Similarly so for such as<br>Zeroconf and UPnP... Worse still, they can cause great confusion and<br>they can expose or even be the cause of vulnerabilities. There are<br>repeated exploits "in the wild" of anything UPnP...<br><br>In any case: Whoever uses a network without DHCP?! Unless that is you're<br>already an uber-geek and you know that you are deliberately doing some<br>sort of P2P.<br><br>On home networks with few devices and only one user, that trio of<br>silliness might be benign enough. In the workplace with multiple devices<br>desperately offering services promiscuously to anything and everything<br>on a network, they can be hilariously bad for the silliness that then<br>ensues...<br><br>It is far less confusing to have the human aware and in control of what<br>connects to what, and if and when they want it to. That can still be<br>'simple' for people and without any need of dumbing things down to<br>assumed monkeys.<br><br><br>Cheers,<br>Martin<br><br><br>See:<br><br><a href="https://en.wikipedia.org/wiki/Avahi_(software)">https://en.wikipedia.org/wiki/Avahi_(software)</a><br><br><a href="https://en.wikipedia.org/wiki/Zero-configuration_networking">https://en.wikipedia.org/wiki/Zero-configuration_networking</a><br><br><a href="https://en.wikipedia.org/wiki/Universal_Plug_and_Play">https://en.wikipedia.org/wiki/Universal_Plug_and_Play</a><br><br></pre></blockquote></div><br>--<br>vadim@mankevich.co.uk PGP key fingerprint<br>0xC046022A3A91455AF0C9BB2404BF882B1905C772<br>Retrieve from <a href="https://keybase.io/vmankevich">https://keybase.io/vmankevich</a><br><br>"When we take away the right to figure out if something bad is going on in our computers, the inevitable consequence is that bad things will happen in our computers." (Cory Doctorow)</body></html>