1 <?xml version=
"1.0" encoding=
"ISO-8859-1"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/'
>
4 <title>Petter Reinholdtsen - Entries from June
2023</title>
5 <description>Entries from June
2023</description>
6 <link>http://www.hungry.com/~pere/blog/
</link>
10 <title>What did I learn from OpenSnitch this summer?
</title>
11 <link>http://www.hungry.com/~pere/blog/What_did_I_learn_from_OpenSnitch_this_summer_.html
</link>
12 <guid isPermaLink=
"true">http://www.hungry.com/~pere/blog/What_did_I_learn_from_OpenSnitch_this_summer_.html
</guid>
13 <pubDate>Sun,
11 Jun
2023 08:
30:
00 +
0200</pubDate>
14 <description><p
>With yesterdays
15 <a href=
"https://www.debian.org/News/
2023/
20230610">release of Debian
16 12 Bookworm
</a
>, I am happy to know the
17 <a href=
"https://tracker.debian.org/pkg/opensnitch
">the interactive
18 application firewall OpenSnitch
</a
> is available for a wider audience.
19 I have been running it for a few weeks now, and have been surprised
20 about some of the programs connecting to the Internet. Some programs
21 are obviously calling out from my machine, like the NTP network based
22 clock adjusting system and Tor to reach other Tor clients, but others
23 were more dubious. For example, the KDE Window manager try to look up
24 the host name in DNS, for no apparent reason, but if this lookup is
25 blocked the KDE desktop get periodically stuck when I use it. Another
26 surprise was how much Firefox call home directly to mozilla.com,
27 mozilla.net and googleapis.com, to mention a few, when I visit other
28 web pages. This direct connection happen even if I told Firefox to
29 always use a proxy, and the proxy setting is ignored for this traffic.
30 Other surprising connections come from audacity and dirmngr (I do not
31 use Gnome). It took some trial and error to get a good default set of
32 permissions. Without it, I would get popups asking for permissions at
33 any time, also the most inconvenient ones where I am in the middle of
34 a time sensitive gaming session.
</p
>
36 <p
>I suspect some application developers should rethink when then need
37 to use network connections or DNS lookups, and recommend testing
38 OpenSnitch (only
<tt
>apt install opensnitch
</tt
> away in Debian
39 Bookworm) to locate and report any surprising Internet connections on
40 your desktop machine.
</p
>
42 <p
>At the moment the upstream developer and Debian package maintainer
43 is working on making the system more reliable in Debian, by enabling
44 the eBPF kernel module to track processes and connections instead of
45 depending in content in /proc/. This should enter unstable fairly
48 <p
>As usual, if you use Bitcoin and want to show your support of my
49 activities, please send Bitcoin donations to my address
50 <b
><a href=
"bitcoin:
15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b
">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b
</a
></b
>.
</p
>
52 <p
><strong
>Update
2023-
06-
12</strong
>: I got a tip about
53 <a href=
"https://wiki.debian.org/PrivacyIssues
">a list of privacy
54 issues in Free Software
</a
> and the
55 <a href=
"irc://irc.debian.org/%
23debian-privacy
">#debian-privacy IRC
56 channel
</a
> discussing these topics.
</p
>
projects / homepage.git / blob