Re: [syndic8] Feed Actions
- Yes that might be good for people like me without newsreaders. But most
people that browse Syndic8 probably have them. I just put all my news I like
on my Web pages or else read them through Bloglines.
Thanks for explaining it.
----- Original Message -----
From: "Bill Kearney" <ml_yahoo@...>
Sent: Friday, August 20, 2004 7:36 AM
Subject: Re: [syndic8] Feed Actions
> > ... It's possible there could be some better explanation of
> this on the s8 pages.
> -Bill Kearney
> In theory, yes. It depends on whether the newsreader listensThat ZoneAlarm screws it up is not exactly a ringing endorsement to the idea
> only on localhost (as it ought to, IMO) and how smart the firewall is.
> (As an example: On Windows, Mozilla uses a pair of local TCP
> sockets to manage some interprocess communication. This used
> to trigger ZoneAlarm's "program is requesting server rights"
> alert, despite the sockets being bound to 127.0.0.1. For the curious,
> http://bugzilla.mozilla.org/show_bug.cgi?id=100154 has details.)
of managing local ports. ZA has been such a horrible mess of screwups that
I find it's more trouble that it's worth most of the time.
An app can and, as you suggest, should control what IP address it listens
on. Most of the time there's not much reason to be listening to these
requests from other IP addresses. However, I use an aggregator on another
machine (it's a horrible resource pig) and access it via HTML from another
box. The 127.0.0.1 links won't work, of course but I'd still like to 'push'
them over to that box. I've got a tiny .Net app that does this. So I'd
need my remote aggregator to understand how to listen on more than just the
Forutnately XPsp2 does allow limiting what subnets can access a given port.
So you can go into it's configs and select whether it's just localhost, the
local subnet, others or everything. This is a NICE new feature in XPsp2.
As a developer myself I can understand how the complexities of secure
programming are a pain in the ass. It's often a lot easier to just 'get it
running' and leave out security issues. Sometimes it's hard enough just
getting the code to WORK! But fortunately more people are starting to
understand why security needs to be 'baked in' from the start. Let's hope
the various apps get updated to handle it. This as opposed to the whiners
bitching about sp2 being at fault.
- An app can and, as you suggest, should control what IP address it
listens on. Most of the time there's not much reason to be listening
to these requests from other IP addresses.
Actually, a good firewall not only cares what the IP is but from
WHERE the packet is coming from. A 127.0.0.1 packet coming IN the
ethernet port should be a solid indication that it is bogus. If
newsreader software is doing this, by default, the packets should be
banned. That would be like a 192.168.... or a 10.x.x.x packet
coming in from the Internet. Those are private/local net addresses
and should never be present on the Internet.
Zone Alarm is a poor choice as it doesn't check these kinds of rules
very carefully. I just wish Gauntlet was a lot less money but it
sure is secure.