Sorry, last post was sent from my wrong email address. Please use this address for replies.
Dear Fedora Team,
I recently raised this issue with security@ and it was suggested that desktop@ might be a more suitable place.
Please note that I'm talking about the average home user here. He has one computer and one printer. If he mentions networking he's talking about connecting to his ISP, and he has to be his own sysadmin with little or no knowledge.
The feature needed for home users is the ability to block programs from accessing open network ports in a very similar manner to the older 3.x series of Zone Alarm for Windows. The standard options of “accept” and “deny” are not enough, they also want the option “always ask”.
For people that live in rural areas internet access is slow and incredibly expensive, at the moment just disabling packagekitd saves $10 a month, but I don't think this is an ideal solution. People in cities don't seem to understand the inconvenience that comes with this too, Packagekit doing a 25 Mb download means the internet connection is too slow to be used for anything else until Packagekit has finished – roughly 40 minutes. It would be so much better if the firewall popped up a box saying "packagekitd is trying to access the internet. Do you wish to allow this? [y n ?]"
And it's not just software updates that are helping themselves without asking, try using Wine. These issues became important to me when Win8 first came out, people hated it so much that that one third of my community is now running Fedora. Now that I've got a little more information and feedback about Win10 I predict that number will double.
That means a wider range of devices and drivers including propriety drivers. As they become more popular they'll become more sophisticated and start including spyware. “Your Canon printer driver is trying to access the internet. Do you wish to allow this? [y n ?]” Just blocking :80 is not going to be very helpful.
Please make this topic part of your discussions, there's a lot more people living in rural areas than you might think.
Cheers,
Andrew.
On Fri, 2015-08-07 at 10:56 +0930, Andrew Walton wrote:
Please make this topic part of your discussions, there's a lot more people living in rural areas than you might think.
I see this as a problem that needs to be solved, but I will be blunt: somebody has to be interested in implementing it, and I am not sure anybody is.
I think the right place to add a new setting is the network panel: you should be able to mark a particular connection as being bandwidth -limited. Then at the *very least* that should be used to turn off automatic checks for updates, since we get complaints about that from bandwidth-limited users quite frequently. I am not sure if we want to take the route of using the firewall to prevent applications from accessing the network; it seems reasonable since it would require toggling a hard-to-find setting, but some design work would be needed to make the prompts work well.
Michael
On 08/08/15 15:39, Michael Catanzaro wrote:
I see this as a problem that needs to be solved, but I will be blunt: somebody has to be interested in implementing it, and I am not sure anybody is.
I understand this. I think that even if the issue gets discussed privately among yourselves progress has been made. A lot of people truly have no idea of the disparity between suburban and rural connectivity issues.
I think the right place to add a new setting is the network panel: you should be able to mark a particular connection as being bandwidth -limited. Then at the *very least* that should be used to turn off automatic checks for updates, since we get complaints about that from bandwidth-limited users quite frequently. I am not sure if we want to take the route of using the firewall to prevent applications from accessing the network; it seems reasonable since it would require toggling a hard-to-find setting, but some design work would be needed to make the prompts work well.
Michael
Thank you very much for your reply, Michael. In the mean time people will keep buying me beer to sort it for them.
Cheers,
Andrew.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
hi You know, I was just wondering a few days ago whether gnome supported this. I assumed it did, but because I don't have a metered connection it was hiding it from me. Here are my questions. 1, is there any standard decently reliable way to detect a metered connection? The easiest way would be if there were a flag set somewhere indicating this, but this is unlikely. 2, we'd need some way to set a cutoff. Beyond a certain point, gnome should limit network traphic or do it's best to watch and warn you if you're getting close to your limit. This brings up a host of problems though, which begins with the user knowing they have a metered connection and what the limit is. In my experience, connections aren't so much metered as in they only have so much fast data. That is, you usually get something like 3 gb of fast data. If you use it all, you can still use it, it just gets throttled, and you might get charged so much per gb. I think this should be solved but I've got no idea how. If it does, it should be in the network area. Maybe in the ipv4 or ipv6 area, and only show up if the connection is metered? Sorry I kind of jumped in in the middle. Thanks Kendell clark
Michael Catanzaro wrote:
On Fri, 2015-08-07 at 10:56 +0930, Andrew Walton wrote:
Please make this topic part of your discussions, there's a lot more people living in rural areas than you might think.
I see this as a problem that needs to be solved, but I will be blunt: somebody has to be interested in implementing it, and I am not sure anybody is.
I think the right place to add a new setting is the network panel: you should be able to mark a particular connection as being bandwidth -limited. Then at the *very least* that should be used to turn off automatic checks for updates, since we get complaints about that from bandwidth-limited users quite frequently. I am not sure if we want to take the route of using the firewall to prevent applications from accessing the network; it seems reasonable since it would require toggling a hard-to-find setting, but some design work would be needed to make the prompts work well.
Michael
On 08/08/15 16:12, kendell clark wrote:
1, is there any standard decently reliable way to detect a metered connection? The easiest way would be if there were a flag set somewhere indicating this, but this is unlikely.
If not already in place it would be extremely difficult to get ISP's around the world to agree on a standard.
2, we'd need some way to set a cutoff. Beyond a certain point, gnome should limit network traphic or do it's best to watch and warn you if you're getting close to your limit. This brings up a host of problems though, which begins with the user knowing they have a metered connection and what the limit is. In my experience, connections aren't so much metered as in they only have so much fast data. That is, you usually get something like 3 gb of fast data. If you use it all, you can still use it, it just gets throttled, and you might get charged so much per gb. I think this should be solved but I've got no idea how.
What about simple speed test? If download speed is < 64 Kbps system asks "Do you wish me to check for updates now or should I try again later?"
If it does, it should be in the network area. Maybe in the ipv4 or ipv6 area, and only show up if the connection is metered? Sorry I kind of jumped in in the middle. Thanks Kendell clark
Thanks for your thoughts, Kendell. Forgive me if my responses are a bit lame. I have little knowledge but I do have 20 years experience of being the only one in the region that even knows that much.
Andrew.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
hi Oh I'm familiar with that. I don't know if I'm the only one in the region, but I'm certainly one of the only one in my home town that knows or cares how computers actually work. The rest are ... blase, is probably a polite way to put it. Interestingly, windows 10 is supposed to some how be able to detect when a connection is metered. I don't suppose they'd be willing to share exactly how they do this? I normally wouldn't suggest having anything to do with microsoft but if worst comes to worst this might, maybe, be an option. This is definitely a priority imo. Even though I live in the city now, I remember what it's like to live in the country where the only source of internet is dial up. We weren't ever data capped, but when you download at 4.5 kbps there's only so much you can do even if you have all night. Thanks Kendell clark
Andrew Walton wrote:
On 08/08/15 16:12, kendell clark wrote:
1, is there any standard decently reliable way to detect a metered connection? The easiest way would be if there were a flag set somewhere indicating this, but this is unlikely.
If not already in place it would be extremely difficult to get ISP's around the world to agree on a standard.
2, we'd need some way to set a cutoff. Beyond a certain point, gnome should limit network traphic or do it's best to watch and warn you if you're getting close to your limit. This brings up a host of problems though, which begins with the user knowing they have a metered connection and what the limit is. In my experience, connections aren't so much metered as in they only have so much fast data. That is, you usually get something like 3 gb of fast data. If you use it all, you can still use it, it just gets throttled, and you might get charged so much per gb. I think this should be solved but I've got no idea how.
What about simple speed test? If download speed is < 64 Kbps system asks "Do you wish me to check for updates now or should I try again later?"
If it does, it should be in the network area. Maybe in the ipv4 or ipv6 area, and only show up if the connection is metered? Sorry I kind of jumped in in the middle. Thanks Kendell clark
Thanks for your thoughts, Kendell. Forgive me if my responses are a bit lame. I have little knowledge but I do have 20 years experience of being the only one in the region that even knows that much.
Andrew.
On 08/08/15 16:41, kendell clark wrote:
I normally wouldn't suggest having anything to do with microsoft but if worst comes to worst this might, maybe, be an option.
After checking the facts in an email sent to me I was still a little shaken, read Microsoft's Privacy Statement then consider businesses that deal with sensitive information such as doctors and lawyers, even mining companies. I think Microsoft just committed Sepuku.
We weren't ever data capped, but when you download at 4.5 kbps there's only so much you can do even if you have all night.
Where I live a lot of us have wifi and the rest use satellite. The satellite's not so bad, it's not quick but it's reliable. But as for the wifi, this is one of the world's première sports fishing destinations and when we get a heap of tourists here with their mobile phones and touch pads we basically have no internet. The wifi is also incredibly expensive compared to suburbia, I use a pre-paid plan and I get get it as cheap as $15/Gb if I buy $180 worth at a time.
Cheers,
Andrew.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
hi Couldn't agree with you more about microsoft. I'm sure you'll have your holdouts that will stick with the old favorite, but I'm focused on improving linux, not windows. I'm trying to find some stuff out on the internet about a metered internet plan standard, so far no luck. It looks like some IT guy sets a limit in his company's configuration somewhere and then charges people if they go over that. This is going to be a lot harder than it should be if there's no formal standard. We'll have to watch network traphic and try to figure out if there's a limit. From all I've been able to find there's no indication that there is until you get your bill, so I'm not sure what to do now. I'll keep looking Thanks Kendell clark
Andrew Walton wrote:
On 08/08/15 16:41, kendell clark wrote:
I normally wouldn't suggest having anything to do with microsoft but if worst comes to worst this might, maybe, be an option.
After checking the facts in an email sent to me I was still a little shaken, read Microsoft's Privacy Statement then consider businesses that deal with sensitive information such as doctors and lawyers, even mining companies. I think Microsoft just committed Sepuku.
We weren't ever data capped, but when you download at 4.5 kbps there's only so much you can do even if you have all night.
Where I live a lot of us have wifi and the rest use satellite. The satellite's not so bad, it's not quick but it's reliable. But as for the wifi, this is one of the world's première sports fishing destinations and when we get a heap of tourists here with their mobile phones and touch pads we basically have no internet. The wifi is also incredibly expensive compared to suburbia, I use a pre-paid plan and I get get it as cheap as $15/Gb if I buy $180 worth at a time.
Cheers,
Andrew.
On 08/08/15 17:00, kendell clark wrote:
It looks like some IT guy sets a limit in his company's configuration somewhere and then charges people if they go over that.
This is why I use the pre-paid plan. Our only service provider cuts you back to 64 kbps if you go over the monthly limit and they don't give you the option of buying more. Not a suitable choice for someone doing installs all the time.
Then again, it's not all that often that we can rely on speeds over 64 kbps anyway, except in the wet season maybe.
Cheers,
Andrew.
Just another quick thought, a different strategy.
What if packagekit just waited half an hour before stealing their bandwidth? At least they'd get a chance to check their emails.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
hi This is maybe a stupid question, but why have we not made it possible to configure this? At least some of it. While I'm on the subject of configurability, this is probably a totally different subject, but why haven't we moved some or most of the items that currently reside in gnome tweak tool into the control center? The more important thing is software, but just curious since I just thought about it. Thanks Kendell clark
Andrew Walton wrote:
Just another quick thought, a different strategy.
What if packagekit just waited half an hour before stealing their bandwidth? At least they'd get a chance to check their emails.
On 08/08/15 17:38, kendell clark wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
hi This is maybe a stupid question, but why have we not made it possible to configure this? At least some of it. While I'm on the subject of configurability, this is probably a totally different subject, but why haven't we moved some or most of the items that currently reside in gnome tweak tool into the control center? The more important thing is software, but just curious since I just thought about it. Thanks Kendell clark
It used to be there but it didn't work. I must admit I lost control and embarrassed myself on an independent forum at the time because the option was there but it didn't work. When people complained the quick and easy answer was to remove the option. Fedora 16 Verne. Still got a copy of that wallpaper somewhere, loved it.
If someone decides to try and reinstate that option it's going to need a little checking, and although I'm not very technologically advanced I think I might know where people keep skipping past the problem.
Quite a few people have told me that packagekit doesn't do it's own downloads but here's a quick experiment you can try that says this is not entirely accurate.
Clean install of Fedora 21 # yum install yumex Open yumex, (I make too many "Fat Finger" errors to use command line with confidence) Uninstall gnome-packagekit and gnomesoftware-installer Reboot and watch your internet connection be useless until 'something' has it's 26 Mb
When you're ready # systemctl disable packagekitd Reboot, no more download.
Cheers,
Andrew.
On Sat, 2015-08-08 at 17:54 +0930, Andrew Walton wrote:
Quite a few people have told me that packagekit doesn't do it's own downloads but here's a quick experiment you can try that says this is not entirely accurate.
Of course it does its own downloads! And even if it didn't, it would still be harsh on bandwidth: simply checking for updates requires downloading new repo metadata, which can be big on its own.
On 08/08/2015 10:18 PM, Michael Catanzaro wrote:
On Sat, 2015-08-08 at 17:54 +0930, Andrew Walton wrote:
Quite a few people have told me that packagekit doesn't do it's own downloads but here's a quick experiment you can try that says this is not entirely accurate.
Of course it does its own downloads! And even if it didn't, it would still be harsh on bandwidth: simply checking for updates requires downloading new repo metadata, which can be big on its own.
To clear this up, the above is both true and untrue in a way :)
It's gnome-software that drives the periodic downloads, but the actual downloading is done through PackageKit.
The daily metadata downloading can be currently turned off with a super-secret gsettings key. It was originally only meant for the live cd use case where we needed to turn off metadata downloads in order to avoid filling up the ramdisk, but I have heard that people have found this useful for other cases as well.
Periodic metadata downloads can be disabled with: gsettings set org.gnome.software download-updates false
and reset to the default value (re-enabled) with: gsettings reset org.gnome.software download-updates
Furthermore, there's a new NetworkManager API in the works that allows apps to determine if connections are 'metered' to avoid downloading updates. This API actually landed in NetworkManager a few weeks ago, and there's a plan to make use of it in gnome-software.
Look out for improvements in this area :)
Hope this clears things up, Kalev
On Sat, Aug 08, 2015 at 10:40:53PM +0200, Kalev Lember wrote:
The daily metadata downloading can be currently turned off with a super-secret gsettings key. It was originally only meant for the live cd use case where we needed to turn off metadata downloads in order to avoid filling up the ramdisk, but I have heard that people have found this useful for other cases as well.
Yeah - I had to do it, because I often use a tethered cell connection, and it was chewing through my data like crazy.
Furthermore, there's a new NetworkManager API in the works that allows apps to determine if connections are 'metered' to avoid downloading updates. This API actually landed in NetworkManager a few weeks ago, and there's a plan to make use of it in gnome-software.
That's great to hear. Is there any chance of this hitting F23? Definitely worth advertising as a feature (even if we're awfully late for the changes process).
On 08/08/2015 10:46 PM, Matthew Miller wrote:
Furthermore, there's a new NetworkManager API in the works that allows apps to determine if connections are 'metered' to avoid downloading updates. This API actually landed in NetworkManager a few weeks ago, and there's a plan to make use of it in gnome-software.
That's great to hear. Is there any chance of this hitting F23? Definitely worth advertising as a feature (even if we're awfully late for the changes process).
I am not sure. F24 is probably a more realistic target at this point, mostly because nobody has started the work on the gnome-software side of it yet. But if this happens to be ready before F23, I'll make sure that it gets a nice feature page.
On 09/08/15 06:10, Kalev Lember wrote:
requires downloading new repo metadata, which can be big on its own.
Roughly 26 Mb if rpmfusion is included.
Furthermore, there's a new NetworkManager API in the works that allows apps to determine if connections are 'metered' to avoid downloading updates. This API actually landed in NetworkManager a few weeks ago, and there's a plan to make use of it in gnome-software. Look out for improvements in this area :) Hope this clears things up, Kalev
This is very good news, thank you. In the mean time my locals seem to be happy with nothing but Yumex checking for updates. This means a lot of them don't do updates very often but at least if they decide to they can start it running before they go to bed at night.
Cheers,
Andrew
On 09/08/15 08:37, Andrew Walton wrote:
In the mean time my locals seem to be happy with nothing but Yumex checking for updates. This means a lot of them don't do updates very often but at least if they decide to they can start it running before they go to bed at night.
Just thought I'd better add to that - remember these are country people and most have the attitude "if it ain't broke don't fix it" so trying to explain to them why they should do updates is not always easy.
And telling an Aussie that "he has to" is a quick and easy way to start a private war.
Cheers.
On Sun, Aug 09, 2015 at 10:10:46AM +0930, Andrew Walton wrote:
Just thought I'd better add to that - remember these are country people and most have the attitude "if it ain't broke don't fix it" so trying to explain to them why they should do updates is not always easy.
It's software -- it's all broke... we just don't know exactly how yet. :)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
hi You guys are awesome! If all I've heard is true, gnome 3.18 will be a milestone, both in terms of accessibility and in terms of new functionality. I can't wait! Thanks Kendell clark
Kalev Lember wrote:
On 08/08/2015 10:18 PM, Michael Catanzaro wrote:
On Sat, 2015-08-08 at 17:54 +0930, Andrew Walton wrote:
Quite a few people have told me that packagekit doesn't do it's own downloads but here's a quick experiment you can try that says this is not entirely accurate.
Of course it does its own downloads! And even if it didn't, it would still be harsh on bandwidth: simply checking for updates requires downloading new repo metadata, which can be big on its own.
To clear this up, the above is both true and untrue in a way :)
It's gnome-software that drives the periodic downloads, but the actual downloading is done through PackageKit.
The daily metadata downloading can be currently turned off with a super-secret gsettings key. It was originally only meant for the live cd use case where we needed to turn off metadata downloads in order to avoid filling up the ramdisk, but I have heard that people have found this useful for other cases as well.
Periodic metadata downloads can be disabled with: gsettings set org.gnome.software download-updates false
and reset to the default value (re-enabled) with: gsettings reset org.gnome.software download-updates
Furthermore, there's a new NetworkManager API in the works that allows apps to determine if connections are 'metered' to avoid downloading updates. This API actually landed in NetworkManager a few weeks ago, and there's a plan to make use of it in gnome-software.
Look out for improvements in this area :)
Hope this clears things up, Kalev
On 08/08/15 16:41, kendell clark wrote:
hi Oh I'm familiar with that. I don't know if I'm the only one in the region, but I'm certainly one of the only one in my home town that knows or cares how computers actually work. The rest are ... blase, is probably a polite way to put it.
My own situation is a little more rural than that, we've only had electricity for 12 years now. And there is no town, just 2 pubs 40 Km apart. Except for a small estate down near the beach (mostly for rental homes for tourists) the minimum block size is 20 acres, most are considerably larger than that. 250 permanent residents spread over 17500 square kilometres.
And the truly ridiculous thing about this? As the crow flies we're only 70 Km from the state's capital city.
Cheers.
----- Original Message -----
On Fri, 2015-08-07 at 10:56 +0930, Andrew Walton wrote:
Please make this topic part of your discussions, there's a lot more people living in rural areas than you might think.
I see this as a problem that needs to be solved, but I will be blunt: somebody has to be interested in implementing it, and I am not sure anybody is.
I think the right place to add a new setting is the network panel: you should be able to mark a particular connection as being bandwidth -limited.
This is bug: https://bugzilla.gnome.org/show_bug.cgi?id=745747
And is only likely to be implemented for GNOME 3.20 (hopefully early in the cycle so that we can make changes to the applications to respect that setting).
Then at the *very least* that should be used to turn off automatic checks for updates, since we get complaints about that from bandwidth-limited users quite frequently. I am not sure if we want to take the route of using the firewall to prevent applications from accessing the network; it seems reasonable since it would require toggling a hard-to-find setting, but some design work would be needed to make the prompts work well.
Using a firewall to avoid applications downloading anything is something that you need to use on Windows because there's no way to fix the Windows applications. Applications shipped by Fedora can be though...
desktop@lists.fedoraproject.org