<link>https://people.skolelinux.org/pere/blog/</link>
<atom:link href="https://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
+ <item>
+ <title>What did I learn from OpenSnitch this summer?</title>
+ <link>https://people.skolelinux.org/pere/blog/What_did_I_learn_from_OpenSnitch_this_summer_.html</link>
+ <guid isPermaLink="true">https://people.skolelinux.org/pere/blog/What_did_I_learn_from_OpenSnitch_this_summer_.html</guid>
+ <pubDate>Sun, 11 Jun 2023 08:30:00 +0200</pubDate>
+ <description><p>With yesterdays
+<a href="https://www.debian.org/News/2023/20230610">release of Debian
+12 Bookworm</a>, I am happy to know the
+<a href="https://tracker.debian.org/pkg/opensnitch">the interactive
+application firewall OpenSnitch</a> is available for a wider audience.
+I have been running it for a few weeks now, and have been surprised
+about some of the programs connecting to the Internet. Some programs
+are obviously calling out from my machine, like the NTP network based
+clock adjusting system and Tor to reach other Tor clients, but others
+were more dubious. For example, the KDE Window manager try to look up
+the host name in DNS, for no apparent reason, but if this lookup is
+blocked the KDE desktop get periodically stuck when I use it. Another
+surprise was how much Firefox call home directly to mozilla.com,
+mozilla.net and googleapis.com, to mention a few, when I visit other
+web pages. This direct connection happen even if I told Firefox to
+always use a proxy, and the proxy setting is ignored for this traffic.
+Other surprising connections come from audacity and dirmngr (I do not
+use Gnome). It took some trial and error to get a good default set of
+permissions. Without it, I would get popups asking for permissions at
+any time, also the most inconvenient ones where I am in the middle of
+a time sensitive gaming session.</p>
+
+<p>I suspect some application developers should rethink when then need
+to use network connections or DNS lookups, and recommend testing
+OpenSnitch (only <tt>apt install opensnitch</tt> away in Debian
+Bookworm) to locate and report any surprising Internet connections on
+your desktop machine.</p>
+
+<p>At the moment the upstream developer and Debian package maintainer
+is working on making the system more reliable in Debian, by enabling
+the eBPF kernel module to track processes and connections instead of
+depending in content in /proc/. This should enter unstable fairly
+soon.</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+</description>
+ </item>
+
<item>
<title>wmbusmeters, parse data from your utility meter - nice free software</title>
<link>https://people.skolelinux.org/pere/blog/wmbusmeters__parse_data_from_your_utility_meter___nice_free_software.html</link>
querying its status. I hope to start on such component once the MQTT
component is working well.</p>
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
-</description>
- </item>
-
- <item>
- <title>ONVIF IP camera management tool finally in Debian</title>
- <link>https://people.skolelinux.org/pere/blog/ONVIF_IP_camera_management_tool_finally_in_Debian.html</link>
- <guid isPermaLink="true">https://people.skolelinux.org/pere/blog/ONVIF_IP_camera_management_tool_finally_in_Debian.html</guid>
- <pubDate>Sat, 24 Dec 2022 08:00:00 +0100</pubDate>
- <description><p>Merry Christmas to you all. Here is a small gift to all those with
-IP cameras following the <a href="https://www.onvif.org/">ONVIF
-specification</a>. There is finally a nice command line and GUI tool
-in Debian to manage ONVIF IP cameras. After working with upstream for
-a few months and sponsoring the upload, I am very happy to report that
-the <a href="https://tracker.debian.org/libonvif">libonvif package</a>
-entered Debian Sid last night.</p>
-
-<p>The package provide a C library to communicate with such cameras, a
-command line tool to locate and update settings of (like password) the
-cameras and a GUI tool to configure and control the units as well as
-preview the video from the camera. Libonvif is available on Both
-Linux and Windows and the GUI tool uses the Qt library. The main
-competitors are non-free software, while libonvif is GNU GPL licensed.
-I am very glad Debian users in the future can control their cameras
-using a free software system provided by Debian. But the ONVIF world
-is full of slightly broken firmware, where the cameras pretend to
-follow the ONVIF specification but fail to set some configuration
-values or refuse to provide video to more than one recipient at the
-time, and the onvif project is quite young and might take a while
-before it completely work with your camera. Upstream seem eager to
-improve the library, so handling any broken camera might be just <a
-href="https://github.com/sr99622/libonvif/">a bug report away</a>.</p>
-
-<p>The package just cleared NEW, and need a new source only upload
-before it can enter testing. This will happen in the next few
-days.</p>
-
<p>As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
projects / homepage.git / blobdiff