F21 System Wide Change: Workstation: Disable firewall

Wed Apr 23 05:52:18 UTC 2014

On Apr 22, 2014 5:09 AM, "Christian Schaller" <cschalle at redhat.com> wrote:
>
>
>
>
>
> ----- Original Message -----
> > From: "Liam" <liam at fightingcrane.com>
> > To: "Development discussions related to Fedora" <
devel at lists.fedoraproject.org>
> > Sent: Monday, April 21, 2014 10:10:13 PM
> > Subject: Re: F21 System Wide Change: Workstation: Disable firewall
> >
> >
> >
> >
> > On Apr 21, 2014 4:32 AM, "drago01" < drago01 at gmail.com > wrote:
> > >
> > > On Mon, Apr 21, 2014 at 3:49 AM, Liam < liam at fightingcrane.com >
wrote:
> > > > Sent from mYphone
> > > >
> > > >
> > > > On Apr 20, 2014 7:02 PM, "drago01" < drago01 at gmail.com > wrote:
> > > >>
> > > >> On Mon, Apr 21, 2014 at 12:39 AM, Reindl Harald <
h.reindl at thelounge.net
> > > >> >
> > > >> wrote:
> > > >>
> > > >> >> There have been other suggestions in this thread that are
helpful
> > > >> >> like
> > > >> >> the network zones thing (but we still have too many zones) or
> > > >> >> enabling
> > > >> >> services should make them work i.e
> > > >> >> just enable the firewall rules.
> > > >> >
> > > >> > which make sense
> > > >>
> > > >> Oh finally you seem to understand what this is all about (a few
mails
> > > >> ago this was supposed to be "strongly prohibited" ...)
> > > >> Now please goolge for "Psychological Acceptability and Security"
you
> > > >> will find tons of scientific papers (read them) explaining about
why
> > > >> it is wrong to silently break stuff or ask "yes / no" question or
> > > >> arguing with "this is not a blackbox the user should learn"
nonsense.
> > > >>
> > > >> There is difference between a software developer, a sysadmin and a
> > > >> user that simply wants to share his music with his family. The
latter
> > > >> should not have to learn about computer security to do it,
> > > >> while for the former it does not matter that much as you said
because
> > > >> they ought to know what to do or where to get that information
from.
> > > >>
> > > > The later isn't the target for Workstation, I don't believe.
> > >
> > > Not the *primary* target but still one see the "Other users" section
in the
> > > PRD.
> > > --
> > That's fine, but that's not who we need to be optimizing the experience
for.
> > We need to be focusing on our primary target. After that others can be
> > considered.
> > A developer can handle this if it is presented well, but we shouldn't
let
> > secondary users harm, at all, the experience of the primary user. If we
do,
> > then this reorganization isn't working, IMHO.
>
> I think this is a misunderstanding of who a developer might be and why
they choose
> a system. Those of my friends and acquaintances, who are developers and
who over the
> years have decided to switch their development laptops from Linux to
predominantly
> MacOS X, has not done so because they had things they wanted to do that
was
> 'impossible' to do with Linux or that they thought they could not figure
out how to
> do with linux. Instead they moved because they got tired of spending time
trying to
> make their system 'work'. This is in no way limited to dealing with the
challenges
> of a firewall, but if we want to attract developers or any kind of user
to our
> system we need to make it usable without needing daily google searches
> to figure out how you can do something and make parts of your system work.
>
The fact of the matter is that there's really no compelling reason for the
average web developer, for instance, to move to Linux. Osx is already more
powerful than any linux de (automator is something that is used often and
it represents a considerably more powerful, and friendly, alternative to
scripting in many instances). I'm honestly not sure how to get those folks
unless osx makes it harder for professionals to do their work (supposedly
their multimonitor support has worsened, but I can't confirm that).

Making sane defaults, which is what we are talking about, isn't
antithetical to providing an easy way for people to make changes (say, to
fonts, or power settings with better granularity since, sometimes, the
heuristic simply doesn't work). Specifically with regards to the current
issue, others have already brought up the solution (carefully constructed
zones). Along with that the firewalld gui needs to be refactored a bit,
both to make it easier to diagnose problems and implement solutions. That's
a decent amount of work, and perhaps no one will do it, but simply
disabling functionality isn't the path to grabbing the users/contributors
we want, imho.

Best/Liam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140423/c02c12c6/attachment-0001.html>