"Workstation" Product defaults to wide-open firewall

Robert Marcano robert at marcanoonline.com
Wed Dec 10 13:04:24 UTC 2014

On 12/10/2014 12:38 AM, Simo Sorce wrote:
> On Wed, 10 Dec 2014 05:46:32 +0100
> Kevin Kofler <kevin.kofler at chello.at> wrote:
>> Pete Travis wrote:
>>> Lets say I do have an understanding of network basics, just for the
>>> sake of argument.  I share my application with you.  The
>>> application is intended to listen on the network, you know this and
>>> want the application for that purpose.  You run the application, it
>>> tries to listen to a network port.
>> But as you wrote the application, you know which one, so you just
>> tell me the port number, and I open it up in a few clicks in the
>> firewall. (Plus, I will also have to set up port forwarding for that
>> port in my cable modem's integrated NAT router anyway, so an insecure
>> local firewall won't make the application work without you telling me
>> the port anyway.) I don't feel inconvenienced at all, it's obvious to
>> me. If it were not, you could tell me, or just document what is
>> needed in your documentation.
> As much as I do not like an insecure default, I think you have not
> clear what is the average technical capability of users.
> Most users have no idea what NAT, TCP or ports are (nor should they!).
> At most they understand *literally* a question like: "do you want this
> <application> to be allowed to access the network ?" and you better
> name the app in the same way the GUI does it (not the binary name) or
> quite a few will be confused about what this is all about.

the naming thing is not the most difficult one, GNOME Shell already do 
that to group windows and find the correct icon to show opened Windows 
on the launch bar, It search .desktop files. There are still problems 
with applications launched from vm like executables, for example JNLP 
launched java applications, but if that is good enough for Shell, it 
should be enough for a network permission UI.

> The problem for the "workstation" people is to build enough
> infrastructure to make those simple questions and be able to act on
> them, anything in that direction will help, otherwise you are just
> ranting.
> Simo.

More information about the devel mailing list