Re: "Workstation" Product defaults to wide-open firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/10/2014 12:38 AM, Simo Sorce wrote:

On Wed, 10 Dec 2014 05:46:32 +0100
Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote:


Pete Travis wrote:

Lets say I do have an understanding of network basics, just for the
sake of argument.  I share my application with you.  The
application is intended to listen on the network, you know this and
want the application for that purpose.  You run the application, it
tries to listen to a network port.


But as you wrote the application, you know which one, so you just
tell me the port number, and I open it up in a few clicks in the
firewall. (Plus, I will also have to set up port forwarding for that
port in my cable modem's integrated NAT router anyway, so an insecure
local firewall won't make the application work without you telling me
the port anyway.) I don't feel inconvenienced at all, it's obvious to
me. If it were not, you could tell me, or just document what is
needed in your documentation.


As much as I do not like an insecure default, I think you have not
clear what is the average technical capability of users.

Most users have no idea what NAT, TCP or ports are (nor should they!).
At most they understand *literally* a question like: "do you want this
<application> to be allowed to access the network ?" and you better
name the app in the same way the GUI does it (not the binary name) or
quite a few will be confused about what this is all about.
the naming thing is not the most difficult one, GNOME Shell already do that to group windows and find the correct icon to show opened Windows on the launch bar, It search .desktop files. There are still problems with applications launched from vm like executables, for example JNLP launched java applications, but if that is good enough for Shell, it should be enough for a network permission UI. 



The problem for the "workstation" people is to build enough
infrastructure to make those simple questions and be able to act on
them, anything in that direction will help, otherwise you are just
ranting.

Simo.



--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux