Re: Disable ZeroConf: how to ?
On Fri, Mar 04, 2011 at 01:47:35PM +0100, Yves-Alexis Perez wrote:
> On Fri, 2011-03-04 at 12:24 +0100, Wouter Verhelst wrote:
> > If you're unfamiliar with computers, on the other hand, chances that
> > you'll be able to figure out how to enable convenience services are
> > slim, at best. Since home users typically use computers in a desktop
> > environment, I therefore think it's perfectly okay to have the default
> > desktop installation enable such convenience services.
> Note that if you're unfamiliar with computers, it's helpful to be able
> to trust the default install to “do the right thing” too wrt. security.
> Even if “home user” might not have security concerns as high as
> “business users”, I think they'd prefer their private stuff to stay
> private, wether it's their family pictures, their bank account stuff, or
> something else. It applies to various other threats too.
Certainly; if my mail gave you the impression that I was suggesting that
security is not at all important for the home user, then the intended
message failed to come across.
What I meant to say is that the trade-off is vastly different; whereas
'if in doubt, choose the option that is more secure but requires (much)
more manual maintenance' is the right choice for corporate environments,
the same is certainly not true for home users.
I'm not at all suggesting that we change the default sshd configuration
to have the equivalent of 'PermitEmptyPasswords yes', for instance. But
announcing hostnames is not quite in the same ballpark.
The biometric identification system at the gates of the CIA headquarters
works because there's a guard with a large gun making sure no one is
trying to fool the system.