"Workstation" Product defaults to wide-open firewall

Mike Pinkerton pselists at mindspring.com
Mon Dec 8 23:17:11 UTC 2014

On 8 Dec 2014, at 17:07, Matthew Miller wrote:

> On Mon, Dec 08, 2014 at 03:20:30PM -0500, Mike Pinkerton wrote:
>> burning your old market when trying to grow a new one.  From a
>> marketing standpoint, that is just crazy.  In a for-profit company,
>> where products are connected to revenue streams, it would be a "you
>> just bet your career" move which nine times out of ten you would
>> lose.
> The classic Innovators Dilemma actually posits that the reverse
> situation is _worse_. (For the record, I don't think we're at that
> crisis point — but we could be, because the computing world is
> changing.)

The classic Innovator's Dilemma juxtaposes known current requirements  
of your market vs. unknown future requirements.

I'm talking about customers you already have vs. customers that you  
might like to have, but don't yet have and might possibly never  
have.  Ditching existing customers in order to court potential  
customers is rarely a winning strategy, and really isn't necessary.

> But also, we get into the even _more_ classic parable of the blind
> people and the elephant — and the recent thread about metrics. You  
> have
> a strong idea of what the primary "classic" Fedora userbase is, and I
> have a slightly different one, and I think if we ask the room, we'll
> get a dozen different answers. We do need better real knowledge of our
> user base — both current and future. Any efforts into improving  
> that in
> a meaningful way are very welcome. (And that includes this
> conversation; just because I don't necessarily agree doesn't mean I'm
> not listening.)

Sure, knowing the user base is important.  Short of that, we do know  
who Fedora's previous target users were and, assuming even modest  
success, we can assume that some percentage of the user base matches  
that range of target users.  For those of us who have provided  
support for Fedora as a general desktop OS, we also have some idea of  
what our local user base is.

>> In recent years Fedora has been known primarily as a secure by
>> default Gnome desktop OS.  To suggest that anyone interested in a
>> secure by default Gnome desktop OS should have to resort to a
>> not-yet-existent spin is to admit that you are abandoning your
>> current market in search of greener fields elsewhere.
> I don't actually think we're abandoning anyone, here. In my  
> experience,
> the classic Fedora user is relatively savvy, or else leans on friends
> who are. They tend to take the various parts of the project they like
> and shape it — and whether something is on or off by default isn't a
> huge concern. (I have a whole checklist of items that I like a certain
> way on my system that I'm definitely not going to try to make the
> default, and that's fine.)

Yep, enthusiasts were one part of Fedora's previous target user base,  
but they weren't all of it.  They certainly aren't part of the user  
base for which I have to provide support, which is mostly SMB office  
users with a smattering of other types.

> We could have decided to double-down on growing that enthusiast
> segment, but, first, that's not what the people who showed up to do  
> the
> work decided; and second, I actually think we continue to serve the
> hackers and tinkerers very nicely with the spins and nonproduct  
> option.
> What we're not doing is expanding

I'm not suggesting that Fedora not expand into a new market segment.   
I'm simply suggesting that you not abandon existing users in order to  
do so.

> I also think you're also kind of setting up an argument against
> something no-one is for. "Secure by default" is a not a well-defined
> term,

I can't quite parse that, but I think you are intentionally  
misunderstanding what I wrote.  "Secure by default" might not be a  
detailed specification, but it is certainly understood as a general  
user expectation, one that I think Fedora has heretofore generally met.

> I *will* talk to the designers about plans for presenting the zone
> information in a different way. I personally am conscientious about
> setting my coffeeshop wifi to "public" — but I know why and where to
> dig for it. Making that more discoverable and usable would be a
> meaningful improvement.
>> Perhaps the Workstation team thought that opening up the firewall
>> defaults was the best compromise.  I disagree.  Perhaps a better
>> compromise would have been to leave the old defaults in place, and
>> add a new pre-configured "more open" zone for those who want fewer
>> constraints.AAAA
> Wait, my last paragraph was a great end to a long message :) but I  
> need
> to also add: please take a look at the actual implementation. The  
> above
> suggestion is _exactly_ what was done.

But which zone is the "out-of-the-box" default?

Mike Pinkerton

More information about the devel mailing list