[Nottingham] Avahi, Zeroconf, UPnP

VM vadim at mankevich.co.uk
Thu Jan 17 12:41:30 UTC 2019


I'll agree that there is sometimes undesired promiscuity of zeroconf. Still, larger networks should be segmented by workflows and security clearance with gateways proxying service discovery with filters defined by the network admin.
Service discovery was not invented by Poettering et al. so I object to putting avahi in the same group as systemd.
Something to discuss tonight :)

On 16 January 2019 16:13:15 GMT, Martin via Nottingham <nottingham at mailman.lug.org.uk> wrote:
>On 15/01/2019 16:54, VM via Nottingham wrote:
>> What's wrong with avahi? Poettering's last commit was in 2012! It's
>> modular and doesn't grow like cancer...
>
>
>In decades, I've never needed it nor wanted it. Similarly so for such
>as
>Zeroconf and UPnP... Worse still, they can cause great confusion and
>they can expose or even be the cause of vulnerabilities. There are
>repeated exploits "in the wild" of anything UPnP...
>
>In any case: Whoever uses a network without DHCP?! Unless that is
>you're
>already an uber-geek and you know that you are deliberately doing some
>sort of P2P.
>
>On home networks with few devices and only one user, that trio of
>silliness might be benign enough. In the workplace with multiple
>devices
>desperately offering services promiscuously to anything and everything
>on a network, they can be hilariously bad for the silliness that then
>ensues...
>
>It is far less confusing to have the human aware and in control of what
>connects to what, and if and when they want it to. That can still be
>'simple' for people and without any need of dumbing things down to
>assumed monkeys.
>
>
>Cheers,
>Martin
>
>
>See:
>
>https://en.wikipedia.org/wiki/Avahi_(software)
>
>https://en.wikipedia.org/wiki/Zero-configuration_networking
>
>https://en.wikipedia.org/wiki/Universal_Plug_and_Play
>
>
>-- 
>Nottingham mailing list
>Nottingham at mailman.lug.org.uk
>https://mailman.lug.org.uk/mailman/listinfo/nottingham

--
vadim at mankevich.co.uk PGP key fingerprint
0xC046022A3A91455AF0C9BB2404BF882B1905C772
Retrieve from https://keybase.io/vmankevich

"When we take away the right to figure out if something bad is going on in our computers, the inevitable consequence is that bad things will happen in our computers." (Cory Doctorow)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20190117/43c8e358/attachment.html>


More information about the Nottingham mailing list