"Workstation" Product defaults to wide-open firewall

Reindl Harald h.reindl at thelounge.net
Mon Dec 8 10:41:39 UTC 2014 


Am 08.12.2014 um 11:32 schrieb Bastien Nocera:
>> Am 08.12.2014 um 10:50 schrieb Bastien Nocera:
>>>> We don't need open or preconfigured high ports.
>>>>
>>>> What we really need is a user notification with options to allow or
>>>> deny like we do with SELinux.
>>>>
>>>> That would be a appropriate solution for a workstation.
>>>
>>> No it wouldn't be, because users don't like being asked security questions
>>
>> STOP THAT - you do NOT speak for "the users"
>
> I do, when it's been researched that asking users security questions doesn't work.

you asked the right persons

the people i am working with in the meantime are trained to call me by 
phone in doubt if their computer asks something

>> you speak just for the careless part but they are already trained
>> monkeys click on "yes" and "OK", at least they are responsible for their
>> click
>
> Yeah, that's so useful. "Oh, you clicked it, it's your fault". That's not
> the type of OS I want to help implement, sorry.

open it by default and say "oh it's the applications fault" is the one 
you want to implement, i git that in your other response

>> for brand new PC users the sad in that attitude is they will never have
>> a chance raise their voice about it - if you are aksing the right users
>> in a survey you can always have the reulst you want
>
> Because Internet surveys aren't biased. *eyeroll*

did i say that?

you have multiple type of users but you design a OS just for the careless

>> the rest is fine with think and answer a question of the OS and *after
>> that* repsonsible for his own decision - making the decision implicit
>> "we open that for you without asking" is dangerous and harmful
>
> How can users make their own decisions and be responsible for their own
> decisions when they don't know about firewall ports? Or firewalls? Or
> TCP/IP? You're starting with the wrong preconceptions

THAN EDUCATE THEM INSTEAD GIVE UP

how can they learn about firewall ports of firewalls if they never got 
asked - how did i learn or the people i know?

ask a user a question and you have some options:

* he knows about it (not all users are clueless)
* he don't know but asks Google before click
   maybe he got more interested in the topic later
   frankly that's how i became an IT professional 12 years ago
* he clicks yes anyways

what you are doing is click "yes" for anybody and the expect that the 
knowledgeable people fix that wrong settings on each and every instance 
they install

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141208/5a3adc84/attachment.sig>

More information about the devel mailing list