Learning about firewalls and general computing
January 11, 2009 9:09 AM   Subscribe

I allowed perl access past my firewall (Am I even saying that right?). Should I be worried? And how do I learn more about the subject so I'm not so clueless in the future?

I got a popup message on my Macbook about allowing perl access past my firewall (I think). I was downloading and installing Gnucash through Macports at the time, and I figured, must have something to do with the perl program that fetches finance quotes and prices, and I clicked "Allow." Immediately after I wondered if I'd made a mistake, and so I went to the firewall log and saw this:

Jan 8 00:27:40 ***** Firewall[39]: perl is listening from uid = 0 proto=6

(Computer name ***ed out.) I shouldn't be worried, should I?

And now that I'm on the subject, I feel like I need to know more about the basics of computer technology. I get the suspicion that to many people, my above question must sound like one of those questions you come across on lists of ridiculous tech support questions, like where the "any key" is or whether the program "Linux" is supported on XP.

I know perl is a program that people use (usually for network communications? right? right?) and that the ip address probably tells someone who knows better that I have nothing to worry about. (Uh ... right?)

I'm not totally computer-illiterate, and I'm not particularly timid when it comes to messing around (for better or for worse). I've run Ubuntu in the past, and I spent a few days getting wireless to work with my old USB wirless adaptor using ndiswrapper, to give you some background. But ask me what a "driver" is and I couldn't really tell you the details, beyond the fact the fact that you need it to make hardware work. Same with "firewall," "ip address," "perl," "ssh," and so forth.

Like they say, teach a man to fish and you feed him for life. I want to learn more about the fundamentals of networking security and computing in general. But how do I go about it? Where do I even start? The superficial approach has got me so far, and at the same time I'm assuming that learning assembly language won't really help me here.
posted by dicetumbler to Computers & Internet (8 answers total)
Best answer: Perl is not a "program" in the usual sense. It's a programming language. It's interpreted, meaning that in order to run a program written in perl, the perl interpreter (the actual executable file 'perl') must be running. Now, perl doesn't run as a "daemon" (a persistent process in Unix), so the firewall log is probably just the result of gnucash's running the perl interpreter to run one of its installation scripts.

It's nothing to worry about.
posted by sonic meat machine at 9:16 AM on January 11, 2009

Best answer: Left out answers to your other questions. Brilliant.

If you're interested in learning more about the fundamentals of computers, I highly recommend that you teach yourself to program. This will help you think about the computer from a developer's perspective, rather than from the perspective of an "end user." As for which language, well, I heartily recommend Python. It's cross-platform, has clear syntax, and is well-documented. The O'Reilly book Programming Python is pretty good, if you're into dead trees.
posted by sonic meat machine at 9:20 AM on January 11, 2009 [1 favorite]

Response by poster: Dammit, meant "progamming language." But yeah, important distinction.

I was planning on looking into (someday, eventually, maybe pretty soon) Think Python (formerly "How to think like a computer scientist") and Learning to Program, both online, free, Python guides.

Thanks for giving me a reason to actually dive in and do it. Saves me the trouble of having to ask "But what do one do with it?"
posted by dicetumbler at 9:39 AM on January 11, 2009

How to Think like a Computer Scientist is very good, as is Python. executable pseudocode. srsly.

A driver is a bit of code that tells your computer how to talk to some piece of hardware. Say you buy a new printer and want to print something. Your computer doesn't know exactly what commands to send to the printer ("move print head to middle", "feed paper 1mm" and so on), so it tells the driver "print this line" and the driver tells the printer what to do.

A firewall is a piece of software that filters network communications to and from your computer. For instance, you don't want your computer to answer any old message from the internet; most of them are bad. The firewall allows you to load up web pages but blocks random connections.

Wikipedia actually has quite good explanations of this kind of thing, which is unusual for it in my experience :).
posted by katrielalex at 12:07 PM on January 11, 2009

That line is a little odd. Why would any perl script associated with GNUcash be sitting around listening for incoming connections while running as root (user 0)?

I don't understand why Mac Office apps wants to listen for incoming connections every time I start one up either, so Gnucash wouldn't be the first, but Office isn't doing it while running as Root.
posted by Good Brain at 1:00 PM on January 11, 2009

Good Brain, chances are it's a one-off Firewall alert. The gnucash program may send off a ping to an update-checking service and wait for an ACK, or something similar.
posted by sonic meat machine at 1:25 PM on January 11, 2009

Outgoing TCP connections do not require a listening port to be opened on your firewall -- it's a stateful connection that the OSX firewall should understand (I would hope!). Of course, if that log entry is the simple result of a netstat then SMM may have it. denotes that your machine is listening to requests from any IP address. If it were locked-down to a specific IP address (eg an updating site) it would have a value set here other than zero.

Frankly, I'd be more than a little concerned about this -- depending on what "perl" actually is in this instance (it could be anything renamed to "perl"). Only actual output of your current firewall configuration will tell you this, but as a rule of thumb for a personal computer -- near enough as damnit, NOTHING should need to be allowed incoming access to your computer1

1 Unless you want to share files/folders from your machine, in which case you would allow only the ports relating to your file-sharing protocol of choice. Also, bear in mind: any program can listen on any port. For instance, the use of port 80 (for WWW) is tradition / habit, rather than technical necessity. Any program can be configured to listen on port 80 (like a nasty evil trojan hijacker).
posted by coriolisdave at 2:05 PM on January 11, 2009 [1 favorite]

If you think this is related to Macports I would ask about it on the mailing list or IRC.
posted by PueExMachina at 2:19 PM on January 11, 2009

« Older Dems block banking regulations?   |   Can I reserve a taxi in D.C. ahead of tim? Newer »
This thread is closed to new comments.