F21 System Wide Change: Workstation: Disable firewall

drago01 drago01 at gmail.com
Mon Apr 21 08:25:33 UTC 2014


On Mon, Apr 21, 2014 at 6:17 AM, Orcan Ogetbil <oget.fedora at gmail.com> wrote:
> On Sun, Apr 20, 2014 at 6:59 PM, drago01 <drago01 at gmail.com> wrote:
>> There is difference between a software developer, a sysadmin and a
>> user that simply wants to share his music with his family.  The latter
>> should not have to learn about computer security to do it,
>
> Why not?

Because for those people a computer is just a tool.

> I lock my door every night before I go to sleep, because I learned
> about home security.

No you don't do it because "you learned about home security" (I do not
know if you did or not this is not the point), but because it
is common sense to do so.

That is comparable to using a password which user do use. Also where
do you draw a line?

The user have to know what sockets and ports are? How computer
networks generally work? Learn about subnets and routes? How process
and file privileges work?
Learn about file caps? SELinux labels and there meanings? Which
requires understand what syscalls are and how they work.
Learn and study the mathematics behind cryptography to chose the right
algorithm?  Understand how and why buffer, heap and integer overflows
can affect there security?
Which requires knowlegde of the underlying architecture (x86 / x86_64)
along with how memory allocation works, how data is placed out on the
stack / heap ...
Learn how to modify or write a selinux policy to confine an untrusted
application? [...]

I did learn those things so did probably you and Harald but designing
an operating system that requires deep technical understanding to be
used is just a failure on our part.
What seems easy and obvious to people on a *operating system
development mailing list* is not for the general public (believe it or
not that's a fact). And no that's not because
people are stupid. They just have different professions and interests.


More information about the devel mailing list