[Nottingham] Avahi, Zeroconf, UPnP

Martin martin at ml1.co.uk
Thu Jan 17 15:46:58 UTC 2019 

Vadim,

Indeed, good to discuss tonight - see you there!


Note that the demi-god Poettering is on record as considering the
decades of proven unix philosophy as something to be ignored and that of
maintaining compatibility with other services and systems outside of the
Poettering world as something that is of no concern to him. The rest of
the world are supposedly to reshape themselves around His System
Image... Regardless of how that Image might arbitrarily change.

Just one example of that for Avahi (+ the Zeroconf/UPnP system) is that
multicast messaging can become borked...

Also note that supposedly, as was told to me upon many an occasion by
various MSCE people, that "Microsoft Best Practice" is to have
everything on a single unrestricted network... That does seem to be the
case considering the workarounds we needed to use a segmented set of
networks with Windows servers!...

(The Linux servers were perfectly fine about whatever networking :-) )

Fun to be discussed over a few beers ;-)


See ya there,

Cheers,
Martin


MCSE: https://en.wikipedia.org/wiki/Microsoft_certifications


On 17/01/2019 12:41, VM via Nottingham wrote:
> I'll agree that there is sometimes undesired promiscuity of zeroconf.
> Still, larger networks should be segmented by workflows and security
> clearance with gateways proxying service discovery with filters defined
> by the network admin.
> Service discovery was not invented by Poettering et al. so I object to
> putting avahi in the same group as systemd.
> Something to discuss tonight :)
> 
> On 16 January 2019 16:13:15 GMT, Martin via Nottingham
> <nottingham at mailman.lug.org.uk> wrote:
> 
>     On 15/01/2019 16:54, VM via Nottingham wrote:
> 
>         What's wrong with avahi? Poettering's last commit was in 2012! It's
>         modular and doesn't grow like cancer...
> 
> 
> 
>     In decades, I've never needed it nor wanted it. Similarly so for such as
>     Zeroconf and UPnP... Worse still, they can cause great confusion and
>     they can expose or even be the cause of vulnerabilities. There are
>     repeated exploits "in the wild" of anything UPnP...
> 
>     In any case: Whoever uses a network without DHCP?! Unless that is you're
>     already an uber-geek and you know that you are deliberately doing some
>     sort of P2P.
> 
>     On home networks with few devices and only one user, that trio of
>     silliness might be benign enough. In the workplace with multiple devices
>     desperately offering services promiscuously to anything and everything
>     on a network, they can be hilariously bad for the silliness that then
>     ensues...
> 
>     It is far less confusing to have the human aware and in control of what
>     connects to what, and if and when they want it to. That can still be
>     'simple' for people and without any need of dumbing things down to
>     assumed monkeys.
> 
> 
>     Cheers,
>     Martin
> 
> 
>     See:
> 
>     https://en.wikipedia.org/wiki/Avahi_(software)
> 
>     https://en.wikipedia.org/wiki/Zero-configuration_networking
> 
>     https://en.wikipedia.org/wiki/Universal_Plug_and_Play
> 
> 
> --
> vadim at mankevich.co.uk PGP key fingerprint
> 0xC046022A3A91455AF0C9BB2404BF882B1905C772
> Retrieve from https://keybase.io/vmankevich
> 
> "When we take away the right to figure out if something bad is going on
> in our computers, the inevitable consequence is that bad things will
> happen in our computers." (Cory Doctorow)

More information about the Nottingham mailing list