Hello.
I propose we remove firewall-config (the graphical firewall configuration utility) from the default install of Fedora Workstation. Rationale:
* The default Workstation zone file allows incoming connection to non-root ports. This means most of the common usecases will "just work" out of the box. Thus, most users will not need to touch their Firewall settings.
* People who do need it will be able to install it from GNOME Software quite easily. Just search for "Firewall". There will be no confusion as this is the only firewall configuration tool shown in GNOME Software.
* In general, we should avoid having app launchers for things that are configuration utilities in the default install.
Unless there's major objection to this change in the following few days, I'll remove it from the gnome-desktop group in comps.
Thanks,
On Thu, 2014-08-21 at 22:03 +0300, Elad Alfassa wrote:
Hello.
I propose we remove firewall-config (the graphical firewall configuration utility) from the default install of Fedora Workstation.
Rationale:
I want to add one major point that was missed: we're specifically trying to avoid applications that are not simple for nontechnical users to understand and use. firewall-config is pretty intimidating once you open it up, with a list of complicated "services" and ports ("what's a port? my computer only has four ports.")
If it's really important then we should keep it, but if it just works out of the box as I've heard (thanks to the firewalld team for working on this!), then hopefully it can go.
Michael
Am Donnerstag, den 21.08.2014, 14:10 -0500 schrieb Michael Catanzaro:
On Thu, 2014-08-21 at 22:03 +0300, Elad Alfassa wrote:
Hello.
I propose we remove firewall-config (the graphical firewall configuration utility) from the default install of Fedora Workstation.
Rationale:
I want to add one major point that was missed: we're specifically trying to avoid applications that are not simple for nontechnical users to understand and use. firewall-config is pretty intimidating once you open it up, with a list of complicated "services" and ports ("what's a port? my computer only has four ports.")
I don't think we missed that point, in fact it was already addressed earlier by Thomas, when he quoted the workstation's mission statement: "The system will primarily be aimed at providing a platform for development of server side and client applications that is attractive to a range of developers - from hobbyists and students to developers working in corporate environments."
So if the goal of the platform is development and our target audience are hobbyists, students, and developers, how can "simple enough for non-technical users" be a criteria for inclusion of apps?
If it's really important then we should keep it, but if it just works out of the box as I've heard (thanks to the firewalld team for working on this!), then hopefully it can go.
Accessing the internet does work out of the box, but FWIW a lot of client and server development will not. Therefor I suggest we keep firewall-config for now and continue to improve it's UI.
Best regards, Christoph
On Fri, Aug 22, 2014 at 6:08 PM, Christoph Wickert < christoph.wickert@gmail.com> wrote:
I don't think we missed that point, in fact it was already addressed earlier by Thomas, when he quoted the workstation's mission statement: "The system will primarily be aimed at providing a platform for development of server side and client applications that is attractive to a range of developers - from hobbyists and students to developers working in corporate environments."
So if the goal of the platform is development and our target audience are hobbyists, students, and developers, how can "simple enough for non-technical users" be a criteria for inclusion of apps?
We need to eradicate this dangerous notion that a "technical user" or a "developer" knows everything about the ins and outs of an operation system or computer networks. It leads to bad design.
If your OS is good enough for non-technical users to use it without being intimidated or confused by it, then it will be easy and simple for developers too. If you design your software thinking your users will know immidiately how to operate it and how it works because they are "technical" you will have software that is extremely painful to use.
Another point is that our product definition states we should support all these usecases while still being usable for the non-technical users.
If it's really important then we should keep it, but if it just works
out of the box as I've heard (thanks to the firewalld team for working on this!), then hopefully it can go.
Accessing the internet does work out of the box, but FWIW a lot of client and server development will not. Therefor I suggest we keep firewall-config for now and continue to improve it's UI.
You are wrong, I'm sorry. Our default firewall configuration allows any port higher than 1024 (ie. high ports / non-root ports) to accept incoming connections, as well as some very specific services such as avahi or samba-client. This means that the following will work out of the box: * Network printing * Avahi zeroconf auto-discovery * Samba network shares * Web browsing * Python / Ruby web stacks which default to using a non-root port when running as a non root user, which is the normal way in which Python / Ruby web developer test their applications. * Anything else that listens on a non-root port
Most developers will not need to touch the firewall configuration because everything will just work. And as emphasized before, we are not aiming this product at linux system developers, we are aiming it at web developers, android developers, application developers, game developers and such. Non of these target usecases will ever need to use a port lower than 1024.
So if most of are target users might not know what a firewall is or how to operate one, might not know about protocols, ports, or how computer networking actually works, and will probably not need to change the default configuration *ever*, including this tool by default seems silly to me. And again, people who for some reason don't want the default can install the tool from GNOME Software easily enough, so there's no real reason why it should be included by default.
On Aug 23, 2014 6:45 AM, "Elad Alfassa" elad@fedoraproject.org wrote:
On Fri, Aug 22, 2014 at 6:08 PM, Christoph Wickert <
christoph.wickert@gmail.com> wrote:
I don't think we missed that point, in fact it was already addressed earlier by Thomas, when he quoted the workstation's mission statement: "The system will primarily be aimed at providing a platform for development of server side and client applications that is attractive to a range of developers - from hobbyists and students to developers working in corporate environments."
So if the goal of the platform is development and our target audience are hobbyists, students, and developers, how can "simple enough for non-technical users" be a criteria for inclusion of apps?
We need to eradicate this dangerous notion that a "technical user" or a
"developer" knows everything about the ins and outs of an operation system or computer networks.
It leads to bad design.
I'm not sure anyone is saying that, but the idea that a developer doesn't know what ports are is a bit unlikely, if not impossible. The point, I think, is that the workstation product has a fundamentally more focused target than any other of the major platforms. As such, looking to, for instance, osx, as providing the exact experience we want may not make sense. Obviously they do some things very well, but checking those boxes may not be the best use of effort in order to make the Fedora desktop a better developer environment.
If your OS is good enough for non-technical users to use it without being
intimidated or confused by it, then it will be easy and simple for developers too.
Yes, but let's not confuse that with, "if it satisfies the needs of the "nontechnical" user it'll work well for the developer".
If you design your software thinking your users will know immidiately how
to operate it and how it works because they are "technical" you will have software that is extremely painful to use.
Another point is that our product definition states we should support all
these usecases while still being usable for the non-technical users.
Yes, but (sorry for the many buts ;) that is more of a secondary issue. The point of all this is to bring in more contributors. IMHO, the most likely path to that goal is to focus on making Fedora a desktop that is designed with developers in mind. A mostly usable desktop for all should fall out of that effort.
If it's really important then we should keep it, but if it just works out of the box as I've heard (thanks to the firewalld team for working on this!), then hopefully it can go.
Accessing the internet does work out of the box, but FWIW a lot of client and server development will not. Therefor I suggest we keep firewall-config for now and continue to improve it's UI.
You are wrong, I'm sorry. Our default firewall configuration allows any port higher than 1024 (ie.
high ports / non-root ports) to accept incoming connections, as well as some very specific services such as avahi or samba-client. This means that the following will work out of the box:
- Network printing
- Avahi zeroconf auto-discovery
- Samba network shares
- Web browsing
- Python / Ruby web stacks which default to using a non-root port when
running as a non root user, which is the normal way in which Python / Ruby web developer test their applications.
- Anything else that listens on a non-root port
Most developers will not need to touch the firewall configuration because
everything will just work. And as emphasized before, we are not aiming this product at linux system developers, we are aiming it at web developers, android developers, application developers, game developers and such. Non of these target usecases will ever need to use a port lower than 1024.
So if most of are target users might not know what a firewall is or how
to operate one, might not know about protocols, ports, or how computer networking actually works, and will probably not need to change the default configuration *ever*, including this tool by default seems silly to me. And again, people who for some reason don't want the default can install the tool from GNOME Software easily enough, so there's no real reason why it should be included by default.
Again, I'd love to see the evidence that "most of our target users" won't know about firewalls (you say might, but given that this discussion is about dropping a part of the current standard install, we probably need more than fud to go on). Personally, I've never had to adjust the firewall for (web)development reasons, but for personal use I most certainly have (and being able to type in firewall, and having it popup, AND knowing it's the tool that should work, unlike installing random firewall app X, is a nice feeling).
Best/Liam
On Sat, Aug 23, 2014 at 6:45 AM, Elad Alfassa elad@fedoraproject.org wrote:
On Fri, Aug 22, 2014 at 6:08 PM, Christoph Wickert < christoph.wickert@gmail.com> wrote:
I don't think we missed that point, in fact it was already addressed earlier by Thomas, when he quoted the workstation's mission statement: "The system will primarily be aimed at providing a platform for development of server side and client applications that is attractive to a range of developers - from hobbyists and students to developers working in corporate environments."
So if the goal of the platform is development and our target audience are hobbyists, students, and developers, how can "simple enough for non-technical users" be a criteria for inclusion of apps?
We need to eradicate this dangerous notion that a "technical user" or a "developer" knows everything about the ins and outs of an operation system or computer networks. It leads to bad design.
If your OS is good enough for non-technical users to use it without being intimidated or confused by it, then it will be easy and simple for developers too. If you design your software thinking your users will know immidiately how to operate it and how it works because they are "technical" you will have software that is extremely painful to use.
Another point is that our product definition states we should support all these usecases while still being usable for the non-technical users.
If it's really important then we should keep it, but if it just works
out of the box as I've heard (thanks to the firewalld team for working on this!), then hopefully it can go.
Accessing the internet does work out of the box, but FWIW a lot of client and server development will not. Therefor I suggest we keep firewall-config for now and continue to improve it's UI.
You are wrong, I'm sorry. Our default firewall configuration allows any port higher than 1024 (ie. high ports / non-root ports) to accept incoming connections, as well as some very specific services such as avahi or samba-client. This means that the following will work out of the box:
- Network printing
- Avahi zeroconf auto-discovery
- Samba network shares
- Web browsing
- Python / Ruby web stacks which default to using a non-root port when
running as a non root user, which is the normal way in which Python / Ruby web developer test their applications.
- Anything else that listens on a non-root port
Most developers will not need to touch the firewall configuration because everything will just work. And as emphasized before, we are not aiming this product at linux system developers, we are aiming it at web developers, android developers, application developers, game developers and such. Non of these target usecases will ever need to use a port lower than 1024.
So if most of are target users might not know what a firewall is or how to operate one, might not know about protocols, ports, or how computer networking actually works, and will probably not need to change the default configuration *ever*, including this tool by default seems silly to me. And again, people who for some reason don't want the default can install the tool from GNOME Software easily enough, so there's no real reason why it should be included by default.
-- -Elad Alfassa.
-- desktop mailing list desktop@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/desktop
On Sun, 2014-08-24 at 16:38 -0400, Liam wrote:
Personally, I've never had to adjust the firewall for (web)development reasons, but for personal use I most certainly have
Why did you need to adjust your firewall settings? Are you sure that would still be required given the permissive default configuration in F21?
(and being able to type in firewall, and having it popup, AND knowing it's the tool that should work, unlike installing random firewall app X, is a nice feeling).
I'll take that one step further: to whatever extent we identify firewall configuration to be necessary -- hopefully not at all -- we need to get that configuration into System Settings.
Hi Michael,
On Aug 24, 2014 5:03 PM, "Michael Catanzaro" mcatanzaro@gnome.org wrote:
On Sun, 2014-08-24 at 16:38 -0400, Liam wrote:
Personally, I've never had to adjust the firewall for (web)development reasons, but for personal use I most certainly have
Why did you need to adjust your firewall settings?
DLNA transcoding server called BubbleUPNP needed internet access.
Are you sure that would still be required given the permissive default configuration in F21?
No idea. I'm not running f21, but the port numbers were above 1024 so my guess is yes.
(and being able to type in firewall, and having it popup, AND knowing it's the tool that should work, unlike installing random firewall app X, is a nice feeling).
I'll take that one step further: to whatever extent we identify firewall configuration to be necessary -- hopefully not at all -- we need to get that configuration into System Settings.
I agree completely but System Settings are verboten save for blessed configuration tools. We also need a way to adjust fonts without tweak tool, but I thought that too was a no-go.
Best/Liam
On Sun, 2014-08-24 at 21:00 -0400, Liam wrote:
No idea. I'm not running f21, but the port numbers were above 1024 so my guess is yes.
So they're open. DLNA will work out of the box. :)
If there's upstream consensus that a setting is needed, we'll eventually put it into system settings. I think fonts are omitted by design.
On Aug 24, 2014 10:12 PM, "Michael Catanzaro" mcatanzaro@gnome.org wrote:
On Sun, 2014-08-24 at 21:00 -0400, Liam wrote:
No idea. I'm not running f21, but the port numbers were above 1024 so my guess is yes.
So they're open. DLNA will work out of the box. :)
Fantastic. One less thing I need to tweak upon a new install.
If there's upstream consensus that a setting is needed, we'll eventually put it into system settings. I think fonts are omitted by design.
Yeah, that's what I thought. I realize the font decision was "design" based (though, iirc, it was more to do with branding) as I've attempted to keep abreast of gnome development. For Fedora, however, changing fonts, without requiring a separate configuration tool, might be something that makes sense.
----- Original Message -----
On Sun, 2014-08-24 at 16:38 -0400, Liam wrote:
Personally, I've never had to adjust the firewall for (web)development reasons, but for personal use I most certainly have
Why did you need to adjust your firewall settings? Are you sure that would still be required given the permissive default configuration in F21?
(and being able to type in firewall, and having it popup, AND knowing it's the tool that should work, unlike installing random firewall app X, is a nice feeling).
I'll take that one step further: to whatever extent we identify firewall configuration to be necessary -- hopefully not at all -- we need to get that configuration into System Settings.
I would hope not.
A firewall configuration tool isn't necessary in Fedora Workstation, and it's not one I would want to add to the Settings even if it was necessary.
On Fri, 2014-08-22 at 17:08 +0200, Christoph Wickert wrote:
So if the goal of the platform is development and our target audience are hobbyists, students, and developers, how can "simple enough for non-technical users" be a criteria for inclusion of apps?
I agree with you that targeting developers means we might indeed want to allow some complicated programs into the default install, but I also agree with Elad: we should still think really hard before doing so. devassistant, for example, is a complicated technical program that I have a lot of second thoughts about, but I haven't seen any objections to shipping it -- there seems to be consensus that that one is worth it for us.
We should be extremely suspicious of complex technical programs like devassistant and firewall-config, including them only if the advantages are significant. This guideline will serve us well regardless of whether or not we decide to make an exception for firewall-config. Picking simple default programs is something we're much better at than other major distros, and should contribute to the appeal of Fedora Workstation.
Frankly, I think firewall-config is probably too complicated for many hobbyists and the majority of students. Actually, many developers to. It's a power tool that looks like the sort of thing I would love if I was an expert in firewall configuration. I find it really hard to believe we need port forwarding on desktop machines, for example: that's just going to confuse the heck out of some pour soul who actually needs to forward a port from his router to his computer.
Regardless of whether we keep it or not, I think we've done a good job selecting our default applications. This is a detail. :)
Accessing the internet does work out of the box, but FWIW a lot of client and server development will not. Therefor I suggest we keep firewall-config for now and continue to improve it's UI.
Our understanding is that client and server development WILL work out of the box, unlike F20. The goal is that very few users ever need to configure the firewall. Our configuration can be seen at [1] and it looks sufficiently permissive to me. (Is there something else we need to address?) Whereas in F20 I spent much frustrating time trying to figure out why my network programs worked on other Linuxes but not Fedora, in F21 everything should just work, unless you're trying to use a system port. I frankly cannot think of any reason I would ever want to open firewall-config.
Michael
[1] http://pkgs.fedoraproject.org/cgit/firewalld.git/tree/FedoraWorkstation.xml
On Thu, Aug 21, 2014 at 3:03 PM, Elad Alfassa elad@fedoraproject.org wrote:
Hello.
I propose we remove firewall-config (the graphical firewall configuration utility) from the default install of Fedora Workstation. Rationale:
- The default Workstation zone file allows incoming connection to non-root
ports. This means most of the common usecases will "just work" out of the box. Thus, most users will not need to touch their Firewall settings.
- People who do need it will be able to install it from GNOME Software quite
easily. Just search for "Firewall". There will be no confusion as this is the only firewall configuration tool shown in GNOME Software.
- In general, we should avoid having app launchers for things that are
configuration utilities in the default install.
Unless there's major objection to this change in the following few days, I'll remove it from the gnome-desktop group in comps.
I object for now. I'd like to hear more from Matthias, Christian, and the firewalld contributors first. We already discussed this a while ago and there has been work to make it more Workstation appropriate. I don't think we should remove it without consensus from everyone that has already been discussing this.
josh
On Thu, Aug 21, 2014 at 10:11 PM, Josh Boyer jwboyer@fedoraproject.org wrote:
I object for now. I'd like to hear more from Matthias, Christian, and the firewalld contributors first. We already discussed this a while ago and there has been work to make it more Workstation appropriate. I don't think we should remove it without consensus from everyone that has already been discussing this.
josh
desktop mailing list desktop@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/desktop
I should point out that Bastien, who did work on this, said removing it is okay.
----- Original Message -----
On Thu, Aug 21, 2014 at 10:11 PM, Josh Boyer jwboyer@fedoraproject.org wrote:
I object for now. I'd like to hear more from Matthias, Christian, and the firewalld contributors first. We already discussed this a while ago and there has been work to make it more Workstation appropriate. I don't think we should remove it without consensus from everyone that has already been discussing this.
josh
desktop mailing list desktop@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/desktop
I should point out that Bastien, who did work on this, said removing it is okay.
Definitely. It's still going to be available in the repos should one choose to use it.
On Thu, 2014-08-21 at 15:11 -0400, Josh Boyer wrote:
I object for now. I'd like to hear more from Matthias, Christian, and the firewalld contributors first. We already discussed this a while ago and there has been work to make it more Workstation appropriate. I don't think we should remove it without consensus from everyone that has already been discussing this.
Hey Josh,
This is cross-posted to firewalld-devel@ so hopefully we'll be hearing from them soon.
Michael
On Thu, 2014-08-21 at 15:11 -0400, Josh Boyer wrote:
On Thu, Aug 21, 2014 at 3:03 PM, Elad Alfassa elad@fedoraproject.org wrote:
Hello.
I propose we remove firewall-config (the graphical firewall configuration utility) from the default install of Fedora Workstation. Rationale:
- The default Workstation zone file allows incoming connection to non-root
ports. This means most of the common usecases will "just work" out of the box. Thus, most users will not need to touch their Firewall settings.
- People who do need it will be able to install it from GNOME Software quite
easily. Just search for "Firewall". There will be no confusion as this is the only firewall configuration tool shown in GNOME Software.
- In general, we should avoid having app launchers for things that are
configuration utilities in the default install.
Unless there's major objection to this change in the following few days, I'll remove it from the gnome-desktop group in comps.
I object for now. I'd like to hear more from Matthias, Christian, and the firewalld contributors first. We already discussed this a while ago and there has been work to make it more Workstation appropriate. I don't think we should remove it without consensus from everyone that has already been discussing this.
That's why the list was mailed ... to get some discussion and build consensus :-)
One main idea of putting a lot of work into GNOME Software is to reduce the difference between "installed by default" and "not installed by default" - there are a ton of things that we want to allow a user to do easily with Fedora that we can't have in the default install.
Having something in the default install to me means two things: first, we think that the activity it enables is something that a large percentage of users will want to do. Second we want to actively encourage the user to stumble on the application, start it up, find what it does.
If you start firewall-config I don't think it meets the second objective - you get prompted for authentication before it even loads, and you are immediately confronted with a pretty complex UI that depends on understanding concepts (zones, runtime vs. static config, trusted vs. untrusted services, etc.) that most technical users probably won't understand without some study.
But if we need firewall-config for the first objective - if a large fraction of users will need to use it, then the right response to the complexity is to try and make it friendly for non-firewall-experts, rather than removing it from the default install. The *idea* here is that that's not the case as of Fedora Workstation 21 - the average developer won't need to configure their firewall - e.g., when developing a web app, a developer will almost always be running on a high port.
Not-in-the-default install is not a penalty box - it's rather a consideration of how we want users to find and interact with some piece of software.
- Owen
On Thu, Aug 21, 2014 at 3:56 PM, Owen Taylor otaylor@redhat.com wrote:
On Thu, 2014-08-21 at 15:11 -0400, Josh Boyer wrote:
On Thu, Aug 21, 2014 at 3:03 PM, Elad Alfassa elad@fedoraproject.org wrote:
Hello.
I propose we remove firewall-config (the graphical firewall configuration utility) from the default install of Fedora Workstation. Rationale:
- The default Workstation zone file allows incoming connection to non-root
ports. This means most of the common usecases will "just work" out of the box. Thus, most users will not need to touch their Firewall settings.
- People who do need it will be able to install it from GNOME Software quite
easily. Just search for "Firewall". There will be no confusion as this is the only firewall configuration tool shown in GNOME Software.
- In general, we should avoid having app launchers for things that are
configuration utilities in the default install.
Unless there's major objection to this change in the following few days, I'll remove it from the gnome-desktop group in comps.
I object for now. I'd like to hear more from Matthias, Christian, and the firewalld contributors first. We already discussed this a while ago and there has been work to make it more Workstation appropriate. I don't think we should remove it without consensus from everyone that has already been discussing this.
That's why the list was mailed ... to get some discussion and build consensus :-)
Yep! That's why I said "for now". I just didn't want Elad to remove it in a few days before we actually discussed it.
One main idea of putting a lot of work into GNOME Software is to reduce the difference between "installed by default" and "not installed by default" - there are a ton of things that we want to allow a user to do easily with Fedora that we can't have in the default install.
Sure.
Having something in the default install to me means two things: first, we think that the activity it enables is something that a large percentage of users will want to do. Second we want to actively encourage the user to stumble on the application, start it up, find what it does.
If you start firewall-config I don't think it meets the second objective
- you get prompted for authentication before it even loads, and you are
immediately confronted with a pretty complex UI that depends on understanding concepts (zones, runtime vs. static config, trusted vs. untrusted services, etc.) that most technical users probably won't understand without some study.
Correct. That interaction is what was highlighted as not being suitable, but I thought there were plans to address it.
But if we need firewall-config for the first objective - if a large fraction of users will need to use it, then the right response to the complexity is to try and make it friendly for non-firewall-experts, rather than removing it from the default install. The *idea* here is that that's not the case as of Fedora Workstation 21 - the average developer won't need to configure their firewall - e.g., when developing a web app, a developer will almost always be running on a high port.
Right, and I thought the firewalld team and others were working on a UI that _is_ appropriate. Did that work happen? What state is it in? etc.
josh
On Thu, Aug 21, 2014 at 11:18 PM, Josh Boyer jwboyer@fedoraproject.org wrote:
Yep! That's why I said "for now". I just didn't want Elad to remove it in a few days before we actually discussed it.
Just to make things clear: I never intended to remove anything while there's active discussion going on. I'm sorry that wasn't clear enough.
Since I'm working (both upstream and downstream) to polish our default install set in the last few days it might seem to people that I'm in a "remove everything spree". Let it be clear that this is not the case. I'm simply doing whatever I can to make sure our product as polished as possible. This includes removal of stuff that were needed before but now are no longer needed - but something like firewall-config is not something that can be removed before we all agree that our system will work well without.
Fedora 21 is a very important milestone. Due to the long development cycle people have extremely high expectations of Fedora 21, and as such we must do our best to ship a product as polished as we possibly can.
To address some other points raised here, even if the firewalld team is working on improving the UI, I still don't think it should be included by default, as our default configuration means most people will not need to touch firewall settings.
We can also add a note about it in the documentation so people will know about this, something along the lines of "Fedora 21 Workstation allows incoming connections to ports higher than 1025 by default. If you need to run a server on a lower port number, such as a web server listening to port 80 (http), you can install the Firewall configuration utility from GNOME Software to allow usage of this port".
Am Donnerstag, den 21.08.2014, 15:56 -0400 schrieb Owen Taylor:
Having something in the default install to me means two things: first, we think that the activity it enables is something that a large percentage of users will want to do.
Are you sure about that? We include a settings panel to change the language, even though hardly anybody will do it. Most people will just set the language during install and stick to if for the rest of the time.
Second we want to actively encourage the user to stumble on the application, start it up, find what it does.
I think this is true for firewall-config. firewalld and it's tools are pretty new and Fedora is probably the only installation to ship it, or at least to have it in it's default install. If something is unique to Fedora and was engineered by Fedora people, we certainly want users to stumble upon it.
If you start firewall-config I don't think it meets the second objective
- you get prompted for authentication before it even loads, and you are
immediately confronted with a pretty complex UI that depends on understanding concepts (zones, runtime vs. static config, trusted vs. untrusted services, etc.) that most technical users probably won't understand without some study.
I guess I'm too technical then. ;)
But if we need firewall-config for the first objective - if a large fraction of users will need to use it, then the right response to the complexity is to try and make it friendly for non-firewall-experts, rather than removing it from the default install.
I partly agree. While I agree it's better to improve than to remove something, I believe that some things cannot and should be simplified. Security is a complex issue and if we just simplify it, people will stop thinking about it and be
I recently had a very similar discussion on a cryptoparty. A teacher argued that people will never use encryption because GPG is too complex. The guy from our LUG responded that the t
The *idea* here is that that's not the case as of Fedora Workstation 21 - the average developer won't need to configure their firewall - e.g., when developing a web app, a developer will almost always be running on a high port.
I am working on various web apps and use KVM all the time. Setting up port redirects to well-known ports is a standard use case. With firewall-config it's dead-simple, but with firewall-cmd it requires some reading.
Not-in-the-default install is not a penalty box - it's rather a consideration of how we want users to find and interact with some piece of software.
I can subscripe to that. But for me, the piece of software is iptables and firewalld, so the question becomes: Do we want workstation users to interact with it through firewall-cmd or firewall-config. I think we want the latter, that's why I object the removal of firewall-config.
Best regards, Christoph
Sorry,
I thought this had been sent out already last week, but it was still in my drafts folder. When I just sent it, I sent it too fast, one paragraph was not finished.
Am Freitag, den 29.08.2014, 17:18 +0200 schrieb Christoph Wickert:
Am Donnerstag, den 21.08.2014, 15:56 -0400 schrieb Owen Taylor:
But if we need firewall-config for the first objective - if a large fraction of users will need to use it, then the right response to the complexity is to try and make it friendly for non-firewall-experts, rather than removing it from the default install.
I partly agree. While I agree it's better to improve than to remove something, I believe that some things cannot and should be simplified. Security is a complex issue and if we just simplify it, people will stop thinking about it and be
less secure. So this is counterproductive.
I recently had a very similar discussion on a cryptoparty. A teacher argued that people will never use encryption because GPG is too complex. The guy from our LUG responded that the
that security is complex and you have to think about it. If you just make it a click-through wizard, nobody will pay attention.
As the discussion continued, the teacher wanted to install Linux in VirtualBox, so he downloaded both. While the Linux ISO was still downloading, he was already installing VirtualBox. During the installation, the installer asks if it can interrupt the network connection to install a virtual network device. The teacher did not pay any attention to that question but simply clicked "OK". The next thing he did was to complain about his broken download. The guy from the LUG was like "See, this is what happens if you don't read but click-through."
Long story short: Firewalling is complex and so is firewall-config's UI. Could it be more polished? Certainly! Could it be simplified? Probably. But we must not simplify it to a level of Ubuntu's firwall config that basically just say "On" and "of" because that will make it unusable.
We should improve the current UI instead of removing the app altogether.
Best regards, Christoph
----- Original Message -----
Sorry,
I thought this had been sent out already last week, but it was still in my drafts folder. When I just sent it, I sent it too fast, one paragraph was not finished.
Am Freitag, den 29.08.2014, 17:18 +0200 schrieb Christoph Wickert:
Am Donnerstag, den 21.08.2014, 15:56 -0400 schrieb Owen Taylor:
But if we need firewall-config for the first objective - if a large fraction of users will need to use it, then the right response to the complexity is to try and make it friendly for non-firewall-experts, rather than removing it from the default install.
I partly agree. While I agree it's better to improve than to remove something, I believe that some things cannot and should be simplified. Security is a complex issue and if we just simplify it, people will stop thinking about it and be
less secure. So this is counterproductive.
I recently had a very similar discussion on a cryptoparty. A teacher argued that people will never use encryption because GPG is too complex. The guy from our LUG responded that the
that security is complex and you have to think about it. If you just make it a click-through wizard, nobody will pay attention.
As the discussion continued, the teacher wanted to install Linux in VirtualBox, so he downloaded both. While the Linux ISO was still downloading, he was already installing VirtualBox. During the installation, the installer asks if it can interrupt the network connection to install a virtual network device. The teacher did not pay any attention to that question but simply clicked "OK". The next thing he did was to complain about his broken download. The guy from the LUG was like "See, this is what happens if you don't read but click-through."
We have Boxes in the default install, so you don't need to install VirtualBox or poke at the network configuration by hand for the VM to have Internet access. (Getting access to the host from the VM is another matter, and I'd certainly like it to work out-of-the-box).
Long story short: Firewalling is complex and so is firewall-config's UI. Could it be more polished? Certainly! Could it be simplified? Probably. But we must not simplify it to a level of Ubuntu's firwall config that basically just say "On" and "of" because that will make it unusable.
We should improve the current UI instead of removing the app altogether.
I don't think that the UI can be improved. It's not the technology itself which is problematic in firewall-config, it's the way that it's integrated with the rest of the system.
The new Sharing support in GNOME, along with the relaxed Workstation firewall zone, is a good example of enhancing security and privacy, using user intents instead of getting them to know the technicalities of firewalling.
firewall-config is still available for those that want a firewall UI. Most users shouldn't need to ever see one. The ones that will need it to setup a server will have one available just a click away.
Cheers
Am Freitag, den 29.08.2014, 13:22 -0400 schrieb Bastien Nocera:
----- Original Message -----
Sorry,
I thought this had been sent out already last week, but it was still in my drafts folder. When I just sent it, I sent it too fast, one paragraph was not finished.
Am Freitag, den 29.08.2014, 17:18 +0200 schrieb Christoph Wickert:
Am Donnerstag, den 21.08.2014, 15:56 -0400 schrieb Owen Taylor:
But if we need firewall-config for the first objective - if a large fraction of users will need to use it, then the right response to the complexity is to try and make it friendly for non-firewall-experts, rather than removing it from the default install.
I partly agree. While I agree it's better to improve than to remove something, I believe that some things cannot and should be simplified. Security is a complex issue and if we just simplify it, people will stop thinking about it and be
less secure. So this is counterproductive.
I recently had a very similar discussion on a cryptoparty. A teacher argued that people will never use encryption because GPG is too complex. The guy from our LUG responded that the
that security is complex and you have to think about it. If you just make it a click-through wizard, nobody will pay attention.
As the discussion continued, the teacher wanted to install Linux in VirtualBox, so he downloaded both. While the Linux ISO was still downloading, he was already installing VirtualBox. During the installation, the installer asks if it can interrupt the network connection to install a virtual network device. The teacher did not pay any attention to that question but simply clicked "OK". The next thing he did was to complain about his broken download. The guy from the LUG was like "See, this is what happens if you don't read but click-through."
We have Boxes in the default install, so you don't need to install VirtualBox or poke at the network configuration by hand for the VM to have Internet access. (Getting access to the host from the VM is another matter, and I'd certainly like it to work out-of-the-box).
The guy I was talking about was not running Fedora, in fact he was not running Linux at all. He wanted to virtualize Linux in VirtualBox on Windows.
This anecdote was just an example of how security can
Long story short: Firewalling is complex and so is firewall-config's UI. Could it be more polished? Certainly! Could it be simplified? Probably. But we must not simplify it to a level of Ubuntu's firwall config that basically just say "On" and "of" because that will make it unusable.
We should improve the current UI instead of removing the app altogether.
I don't think that the UI can be improved. It's not the technology itself which is problematic in firewall-config, it's the way that it's integrated with the rest of the system.
Would you mind to elaborate?
The new Sharing support in GNOME, along with the relaxed Workstation firewall zone, is a good example of enhancing security and privacy, using user intents instead of getting them to know the technicalities of firewalling.
Please correct me if I'm wrong: We used to block incoming connections unless configured otherwise. Now we only block ports 1-1024. How is that more secure?
firewall-config is still available for those that want a firewall UI. Most users shouldn't need to ever see one. The ones that will need it to setup a server will have one available just a click away.
Actually it's more than just a click, but anyway,
Best regards, Christoph
On Fri, 2014-08-29 at 17:30 +0200, Christoph Wickert wrote:
I partly agree. While I agree it's better to improve than to remove something, I believe that some things cannot and should be
simplified.
Security is a complex issue and if we just simplify it, people will
stop
thinking about it and be
less secure. So this is counterproductive.
Hm, that's interesting. This is actually the complete opposite of how we think about security in GNOME. Our approach is that if a security features requires configuration or technical knowledge, then the user is not going to use it properly, so we should simplify as much as possible.
For example, today someone objected to the removal of firewall-config on Google+. His argument was basically this: "how else will I be able to turn off the firewall?" I read that as: "I need to turn off my firewall because it is too complicated for me, and I won't be able to do something otherwise." Now he's less secure. (That's not an argument in favor of removing firewall-config, but one in favor of the new permissive Workstation firewall configuration.)
I recently had a very similar discussion on a cryptoparty. A teacher argued that people will never use encryption because GPG is too
complex.
The guy from our LUG responded that the
that security is complex and you have to think about it. If you just make it a click-through wizard, nobody will pay attention.
GPG is a good example of how not do design a security feature. It was never successful because it requires complex technical knowledge and configuration. If email encryption is going to be widely-used, it will need to be dead simple to set up.
Michael
Am Freitag, den 29.08.2014, 13:14 -0500 schrieb Michael Catanzaro:
On Fri, 2014-08-29 at 17:30 +0200, Christoph Wickert wrote:
I partly agree. While I agree it's better to improve than to remove something, I believe that some things cannot and should be
simplified.
Security is a complex issue and if we just simplify it, people will
stop
thinking about it and be
less secure. So this is counterproductive.
Hm, that's interesting. This is actually the complete opposite of how we think about security in GNOME.
Please note that this is the Fedora workstation, not GNOME. I think our target audience is different from the general GNOME users.
Our approach is that if a security features requires configuration or technical knowledge, then the user is not going to use it properly, so we should simplify as much as possible.
Agreed, but the question is: How much can we simplify something without loosing it's functionality? Of course we could argue how much functionality users need, but for the target audience of the Fedora workstation, something like port forwards are not rocket science abut actually a use case.
I think GNOME has a bad history of over-simplifying things. When I was no longer able to configure the display brightness on battery independently from the brightness on AC, I had to ditch gnome-power-manager in favor of xfce4-power-manager. Needing a brighter display on the train than at home is not exactly an exotic use case, still too exotic for gnome-power-manager.
For example, today someone objected to the removal of firewall-config on Google+. His argument was basically this: "how else will I be able to turn off the firewall?" I read that as: "I need to turn off my firewall because it is too complicated for me, and I won't be able to do something otherwise." Now he's less secure. (That's not an argument in favor of removing firewall-config, but one in favor of the new permissive Workstation firewall configuration.)
I don't think so. Reasonably defaults are certainly a starting point, but as soon as they don't match the users need, they will need to adjust the settings. And at this point disabling the firewall is certainly worse than opening a port.
I recently had a very similar discussion on a cryptoparty. A teacher argued that people will never use encryption because GPG is too
complex.
The guy from our LUG responded that the
that security is complex and you have to think about it. If you just make it a click-through wizard, nobody will pay attention.
GPG is a good example of how not do design a security feature. It was never successful because it requires complex technical knowledge and configuration. If email encryption is going to be widely-used, it will need to be dead simple to set up.
But dead simple also means paying no attention, and if you pay no attention, you are insecure. In fact you are *less* secure than before because you have a wrong sense of security that is actually not guaranteed.
Best regards, Christoph
On Thu, 2014-09-04 at 18:17 +0200, Christoph Wickert wrote:
Agreed, but the question is: How much can we simplify something without loosing it's functionality? Of course we could argue how much functionality users need, but for the target audience of the Fedora workstation, something like port forwards are not rocket science abut actually a use case.
If we assume the user is familiar with basic computer networking (and I guess many developers are not!), then yes, port forwards aren't rocket science. But that's also a very unusual thing to need to do with Fedora Workstation's firewall. Almost all Fedora users who need to forward a port will want to forward a port from their home router TO their Fedora machine, not FROM Fedora to someplace else, so the port forwarding options in firewall-config can't possibly be helpful and would only be confusing.
I'm sure some people are happy users of firewalld port forwarding and it's great that that's possible, but that seems like a really fringe use case.
When I was no longer able to configure the display brightness on battery independently from the brightness on AC, I had to ditch gnome-power-manager in favor of xfce4-power-manager. Needing a brighter display on the train than at home is not exactly an exotic use case, still too exotic for gnome-power-manager.
gnome-power-manager meaning the overcomplicated standalone app? :D
But I agree that our screen brightness configuration in gnome-control-center (probably much simpler than whatever gnome-power-manager, which I'm not about to install, presents) is problematic at least. I'm sliding it around right now on F20 and it doesn't seem to work at all. I guess it only changes brightness when not plugged in? But my computer is a desktop that's always plugged in. So I'm a very confused user right now. Sometimes it is possible to simplify too much.
For example, today someone objected to the removal of firewall-config on Google+. His argument was basically this: "how else will I be able to turn off the firewall?" I read that as: "I need to turn off my firewall because it is too complicated for me, and I won't be able to do something otherwise." Now he's less secure. (That's not an argument in favor of removing firewall-config, but one in favor of the new permissive Workstation firewall configuration.)
I don't think so. Reasonably defaults are certainly a starting point, but as soon as they don't match the users need, they will need to adjust the settings. And at this point disabling the firewall is certainly worse than opening a port.
Of course, but I'm really not sure where you're going with this argument. To disable the firewall, you must first install firewall-config. (I assume users capable of disabling the firewall via the command line are also capable of installing firewall-config. :)
Hello,
On 08/21/2014 09:03 PM, Elad Alfassa wrote:
Hello.
I propose we remove firewall-config (the graphical firewall configuration utility) from the default install of Fedora Workstation. Rationale:
- The default Workstation zone file allows incoming connection to
non-root ports. This means most of the common usecases will "just work" out of the box. Thus, most users will not need to touch their Firewall settings.
thank you for reaching out here on the firewall-devel mailing list. I really appreciate that you keep us in the loop regarding this request for Fedora Workstation.
I am a bit surprised by this request, because from what I recall about Fedora Workstation, the idea was to focus on server and client application developers as a target audience, right?
At least according to http://fedoraproject.org/wiki/Workstation:
"The system will primarily be aimed at providing a platform for development of server side and client applications that is attractive to a range of developers - from hobbyists and students to developers working in corporate environments."
So that means that server application developers without the firewall configuration tool would have to either use the command line or even completely disable the firewall in order to develop networked services that use privileged ports, right?
And that would in my humble opinion be a really bad user experience for server application developers trying to use Fedora Workstation.
- People who do need it will be able to install it from GNOME Software
quite easily. Just search for "Firewall". There will be no confusion as this is the only firewall configuration tool shown in GNOME Software.
Searching for a firewall configuration tool and the need to install it over the network would not be a good user experience in my opinion. Additionally it would not be possible for the user to configure the firewall with a graphical configuration tool according to the security requirements of the environment before going on line.
- In general, we should avoid having app launchers for things that are
configuration utilities in the default install.
To have a system without being able to configure it before actively searching for configuration tools is hopefully not the goal.
Unless there's major objection to this change in the following few days, I'll remove it from the gnome-desktop group in comps.
I would personally strongly recommend to keep the firewall configuration utility in Fedora Workstation to allow server application developers and also others to have an easy way to configure their firewall settings according to their needs.
Would you mind if we continue this discussion on fedora-devel as I strongly believe that the broader community should give more input to this decision.
Thanks,
-Elad Alfassa.
firewalld-devel mailing list firewalld-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/firewalld-devel
Regards, Thomas
On Fri, Aug 22, 2014 at 2:50 PM, Thomas Woerner twoerner@redhat.com wrote: <snip>
So that means that server application developers without the firewall configuration tool would have to either use the command line or even completely disable the firewall in order to develop networked services that use privileged ports, right?
And that would in my humble opinion be a really bad user experience for server application developers trying to use Fedora Workstation.
I assume that most developers will run on high ports: it's a standard practice for python and ruby web developers, for example. If we convey (in the release notes and documentation) the fact that the high ports are open by default and that people who need other ports can install the configuration tool then I don't see anything wrong with removing it.
In fact, the tool as we have now is not helpful for most developers - Many developers don't understand much about ports, firewalls, protocols and such, and they usually shouldn't because on production they have IT teams to handle this sort of thing. Add to that confusing firewalld-specific terminology (zones, for example) and you get a tool that is only useful for people who have researched the subject. Including a tool that is unhelpful and frustrating is worse than not including a tool at all (I really hope the UI / UX of this tool could be improved in the future).
Searching for a firewall configuration tool and the need to install it over the network would not be a good user experience in my opinion. Additionally it would not be possible for the user to configure the firewall with a graphical configuration tool according to the security requirements of the environment before going on line.
Can you give an example of a security policy that requires the *user* to configure their own firewall before going online? Seems weird to me. Organizations which require strict firewall configuration wouldn't trust users to do so, they would install from a kickstart file with the firewall cIonfiguration already in place and the user having no root access - otherwise how would they know if the users don't simply disable their firewalls?
And if the organization is not the one who deployed Fedora, but rather the user installed it themselves on their computer, this surely would violate the security policy (if the organization even cares about that - I assume that those who allow you to install a custom OS on your company laptop do not have such strict policy).
Other than organizational security policy I can't imagine any other "security requirement of the environment" that would be affected by weather or not you can configure your own firewall.
To have a system without being able to configure it before actively searching for configuration tools is hopefully not the goal.
If it works out of the box, there's no *need* for a specialized configuration tool. Web developers who want to run a local test machine on port 80, for example (from my experience most of them don't) will need to manually install and configure a webserver anyway - they could configure the firewall as an extra step there.
Would you mind if we continue this discussion on fedora-devel as I strongly believe that the broader community should give more input to this decision.
I would rather if we didn't. In fact, I will not participate in any discussion going on in fedora-devel, as I think that list is mostly counter-productive flamewars. Let's keep this discussion where it belongs: in the Workstation/Desktop and the firewalld mailing lists.
On Fri, Aug 22, 2014 at 03:13:24PM +0300, Elad Alfassa wrote:
I would rather if we didn't. In fact, I will not participate in any discussion going on in fedora-devel, as I think that list is mostly counter-productive flamewars. Let's keep this discussion where it belongs: in the Workstation/Desktop and the firewalld mailing lists.
I think that keeping the decision here is fine, but I also want to add that the devel list being "mostly counter-productive flamewars" is _not_ fine, and I'm not going to be shy about keeping them doused.
Hi Thomas,
On Fri, 2014-08-22 at 13:50 +0200, Thomas Woerner wrote:
So that means that server application developers without the firewall configuration tool would have to either use the command line or even completely disable the firewall in order to develop networked services that use privileged ports, right?
I think developing a sever application that uses a port less than 1024 is a pretty nonstandard use case. Our target audience is general developers, not Linux system developers.
Searching for a firewall configuration tool and the need to install it over the network would not be a good user experience in my opinion. Additionally it would not be possible for the user to configure the firewall with a graphical configuration tool according to the security requirements of the environment before going on line.
That's a good point. It won't be important for the vast majority of our users, but for some this would be annoying at least, and possibly seriously problematic.
I would personally strongly recommend to keep the firewall configuration utility in Fedora Workstation to allow server application developers and also others to have an easy way to configure their firewall settings according to their needs.
I don't think firewall-config is even remotely close to an easy way to configure firewall settings. It's obviously a tool intended for advanced users only, which is why we suggest removing it -- we're trying really hard to get rid of anything that requires technical expertise to use. But it's possible that we may want to make an exception for firewall-config.
I'm not sure how to make firewall configuration easy, and I suspect it may not be possible, but you'd have to start with removing all mention of ports ("my computer only has six ports!") and services ("why is http not checked, that must by why my Internet is broken") ("AMANDA! What is this amanda-client you're running on my network!"). I guess an easy firewall configuration tool would be a list of applications with an on or off switch to configure whether that application should be allowed to access the network. That's the sort of firewall configuration I would be more enthusiastic to install by default, but that would not be useful at all for developers.
Would you mind if we continue this discussion on fedora-devel as I strongly believe that the broader community should give more input to this decision.
I'd also prefer to keep the discussion on fedora-desktop@ and firewalld-devel@ since this fedora-desktop@ is the list we use to decide Workstation-specific policy, such as what applications to install by default, which will have no impact on the other Fedora products. But let's also be frank: it would be a lot harder to remove things if we discussed them on devel@. :)
Anyway, my opinion is that I'd rather firewall-config go because it's very complicated, but it's not a big deal if it stays, since I think we've done an otherwise good job of removing complex applications.
Michael
On Fri, Aug 22, 2014 at 10:12 AM, Michael Catanzaro mcatanzaro@gnome.org wrote:
I would personally strongly recommend to keep the firewall configuration utility in Fedora Workstation to allow server application developers and also others to have an easy way to configure their firewall settings according to their needs.
I don't think firewall-config is even remotely close to an easy way to configure firewall settings. It's obviously a tool intended for advanced users only, which is why we suggest removing it -- we're trying really hard to get rid of anything that requires technical expertise to use. But it's possible that we may want to make an exception for firewall-config.
I'm not sure how to make firewall configuration easy, and I suspect it may not be possible, but you'd have to start with removing all mention of ports ("my computer only has six ports!") and services ("why is http not checked, that must by why my Internet is broken") ("AMANDA! What is this amanda-client you're running on my network!"). I guess an easy firewall configuration tool would be a list of applications with an on or off switch to configure whether that application should be allowed to access the network. That's the sort of firewall configuration I would be more enthusiastic to install by default, but that would not be useful at all for developers.
Slightly orthogonal, but the original discussion wasn't about specific ports/apps but more about what to do when a user switches from one network to another. firewalld-config has the concept of zones for this, but the UI isn't immediately clear. I thought someone was looking at making changes in GNOME and/or NetworkManager to prompt for a "security level" etc. What happened to that work?
josh
On Fri, Aug 22, 2014 at 5:33 PM, Josh Boyer jwboyer@fedoraproject.org wrote:
Slightly orthogonal, but the original discussion wasn't about specific ports/apps but more about what to do when a user switches from one network to another. firewalld-config has the concept of zones for this, but the UI isn't immediately clear. I thought someone was looking at making changes in GNOME and/or NetworkManager to prompt for a "security level" etc. What happened to that work?
josh
desktop mailing list desktop@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/desktop
AFAIK that's never going to happen. It doesn't really add to security.
There was some discussion about maybe blocking ssh if you're connected to unencrypted wifi, but I don't know if that's going to happen either.
On Fri, Aug 22, 2014 at 4:33 PM, Josh Boyer jwboyer@fedoraproject.org wrote:
On Fri, Aug 22, 2014 at 10:12 AM, Michael Catanzaro mcatanzaro@gnome.org wrote:
I would personally strongly recommend to keep the firewall configuration utility in Fedora Workstation to allow server application developers and also others to have an easy way to configure their firewall settings according to their needs.
I don't think firewall-config is even remotely close to an easy way to configure firewall settings. It's obviously a tool intended for advanced users only, which is why we suggest removing it -- we're trying really hard to get rid of anything that requires technical expertise to use. But it's possible that we may want to make an exception for firewall-config.
I'm not sure how to make firewall configuration easy, and I suspect it may not be possible, but you'd have to start with removing all mention of ports ("my computer only has six ports!") and services ("why is http not checked, that must by why my Internet is broken") ("AMANDA! What is this amanda-client you're running on my network!"). I guess an easy firewall configuration tool would be a list of applications with an on or off switch to configure whether that application should be allowed to access the network. That's the sort of firewall configuration I would be more enthusiastic to install by default, but that would not be useful at all for developers.
Slightly orthogonal, but the original discussion wasn't about specific ports/apps but more about what to do when a user switches from one network to another. firewalld-config has the concept of zones for this, but the UI isn't immediately clear. I thought someone was looking at making changes in GNOME and/or NetworkManager to prompt for a "security level" etc. What happened to that work?
https://wiki.gnome.org/ThreePointThirteen/Features/SharingNetworkAwareness
On Fri, Aug 22, 2014 at 10:44 AM, drago01 drago01@gmail.com wrote:
On Fri, Aug 22, 2014 at 4:33 PM, Josh Boyer jwboyer@fedoraproject.org wrote:
On Fri, Aug 22, 2014 at 10:12 AM, Michael Catanzaro mcatanzaro@gnome.org wrote:
I would personally strongly recommend to keep the firewall configuration utility in Fedora Workstation to allow server application developers and also others to have an easy way to configure their firewall settings according to their needs.
I don't think firewall-config is even remotely close to an easy way to configure firewall settings. It's obviously a tool intended for advanced users only, which is why we suggest removing it -- we're trying really hard to get rid of anything that requires technical expertise to use. But it's possible that we may want to make an exception for firewall-config.
I'm not sure how to make firewall configuration easy, and I suspect it may not be possible, but you'd have to start with removing all mention of ports ("my computer only has six ports!") and services ("why is http not checked, that must by why my Internet is broken") ("AMANDA! What is this amanda-client you're running on my network!"). I guess an easy firewall configuration tool would be a list of applications with an on or off switch to configure whether that application should be allowed to access the network. That's the sort of firewall configuration I would be more enthusiastic to install by default, but that would not be useful at all for developers.
Slightly orthogonal, but the original discussion wasn't about specific ports/apps but more about what to do when a user switches from one network to another. firewalld-config has the concept of zones for this, but the UI isn't immediately clear. I thought someone was looking at making changes in GNOME and/or NetworkManager to prompt for a "security level" etc. What happened to that work?
https://wiki.gnome.org/ThreePointThirteen/Features/SharingNetworkAwareness
Thanks, that is the feature/bug I was remembering. So it's in 3.14 already under the Sharing settings.
What is unclear to me is if a dialog pops up when a network change is detected, or if there is no dialog does it default to off for a new network? (Apologies, I don't have a separate network to test at the moment).
josh
On Fri, Aug 22, 2014 at 4:54 PM, Josh Boyer jwboyer@fedoraproject.org wrote:
On Fri, Aug 22, 2014 at 10:44 AM, drago01 drago01@gmail.com wrote:
On Fri, Aug 22, 2014 at 4:33 PM, Josh Boyer jwboyer@fedoraproject.org wrote:
On Fri, Aug 22, 2014 at 10:12 AM, Michael Catanzaro mcatanzaro@gnome.org wrote:
I would personally strongly recommend to keep the firewall configuration utility in Fedora Workstation to allow server application developers and also others to have an easy way to configure their firewall settings according to their needs.
I don't think firewall-config is even remotely close to an easy way to configure firewall settings. It's obviously a tool intended for advanced users only, which is why we suggest removing it -- we're trying really hard to get rid of anything that requires technical expertise to use. But it's possible that we may want to make an exception for firewall-config.
I'm not sure how to make firewall configuration easy, and I suspect it may not be possible, but you'd have to start with removing all mention of ports ("my computer only has six ports!") and services ("why is http not checked, that must by why my Internet is broken") ("AMANDA! What is this amanda-client you're running on my network!"). I guess an easy firewall configuration tool would be a list of applications with an on or off switch to configure whether that application should be allowed to access the network. That's the sort of firewall configuration I would be more enthusiastic to install by default, but that would not be useful at all for developers.
Slightly orthogonal, but the original discussion wasn't about specific ports/apps but more about what to do when a user switches from one network to another. firewalld-config has the concept of zones for this, but the UI isn't immediately clear. I thought someone was looking at making changes in GNOME and/or NetworkManager to prompt for a "security level" etc. What happened to that work?
https://wiki.gnome.org/ThreePointThirteen/Features/SharingNetworkAwareness
Thanks, that is the feature/bug I was remembering. So it's in 3.14 already under the Sharing settings.
What is unclear to me is if a dialog pops up when a network change is detected, or if there is no dialog does it default to off for a new network? (Apologies, I don't have a separate network to test at the moment).
I have not tested it either ... Bastien?
On Fri, Aug 22, 2014 at 5:54 PM, Josh Boyer jwboyer@fedoraproject.org wrote:
Thanks, that is the feature/bug I was remembering. So it's in 3.14 already under the Sharing settings.
What is unclear to me is if a dialog pops up when a network change is detected, or if there is no dialog does it default to off for a new network? (Apologies, I don't have a separate network to test at the moment).
josh
desktop mailing list desktop@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/desktop
No, there's no such dialog. The network panel allows you to manually select a firewall zone if you click the cogwheel.
What we do have is per network sharing settings. When you enable any kind of sharing you can select on which networks you want to enable sharing. If you do that and connect to a network in which you did not enable sharing your stuff will not be shared. Also to add remote shares you must explicitly do so in the Online Accounts panel, so you won't see random videos in your video library if you're connecting to a coffee shop wifi, but (in theory) you will see the videos shared by another computer you have at home.
----- Original Message -----
Thanks, that is the feature/bug I was remembering. So it's in 3.14 already under the Sharing settings.
What is unclear to me is if a dialog pops up when a network change is detected, or if there is no dialog does it default to off for a new network? (Apologies, I don't have a separate network to test at the moment).
http://www.hadess.net/2014/06/firewalls-and-per-network-sharing.html
Just to avoid people talking past each other here. As I understand Elads proposal it is not to drop the config tool from the Fedora repository. It is just to not have it installed by default. So it will still be available for devs who need it even if we drop it from being installed on every system by default.
Regardless of if we keep it by default or not we should make sure the tool has a proper appdata file etc., so that it becomes easily discovable/managable in the Software installer.
Christian
----- Original Message -----
From: "Thomas Woerner" twoerner@redhat.com To: "Firewalld development list" firewalld-devel@lists.fedorahosted.org, "Discussions about development for the Fedora desktop" desktop@lists.fedoraproject.org Sent: Friday, August 22, 2014 1:50:29 PM Subject: Re: Removing firewall-config from the default install of Fedora Workstation
Hello,
On 08/21/2014 09:03 PM, Elad Alfassa wrote:
Hello.
I propose we remove firewall-config (the graphical firewall configuration utility) from the default install of Fedora Workstation. Rationale:
- The default Workstation zone file allows incoming connection to
non-root ports. This means most of the common usecases will "just work" out of the box. Thus, most users will not need to touch their Firewall settings.
thank you for reaching out here on the firewall-devel mailing list. I really appreciate that you keep us in the loop regarding this request for Fedora Workstation.
I am a bit surprised by this request, because from what I recall about Fedora Workstation, the idea was to focus on server and client application developers as a target audience, right?
At least according to http://fedoraproject.org/wiki/Workstation:
"The system will primarily be aimed at providing a platform for development of server side and client applications that is attractive to a range of developers - from hobbyists and students to developers working in corporate environments."
So that means that server application developers without the firewall configuration tool would have to either use the command line or even completely disable the firewall in order to develop networked services that use privileged ports, right?
And that would in my humble opinion be a really bad user experience for server application developers trying to use Fedora Workstation.
- People who do need it will be able to install it from GNOME Software
quite easily. Just search for "Firewall". There will be no confusion as this is the only firewall configuration tool shown in GNOME Software.
Searching for a firewall configuration tool and the need to install it over the network would not be a good user experience in my opinion. Additionally it would not be possible for the user to configure the firewall with a graphical configuration tool according to the security requirements of the environment before going on line.
- In general, we should avoid having app launchers for things that are
configuration utilities in the default install.
To have a system without being able to configure it before actively searching for configuration tools is hopefully not the goal.
Unless there's major objection to this change in the following few days, I'll remove it from the gnome-desktop group in comps.
I would personally strongly recommend to keep the firewall configuration utility in Fedora Workstation to allow server application developers and also others to have an easy way to configure their firewall settings according to their needs.
Would you mind if we continue this discussion on fedora-devel as I strongly believe that the broader community should give more input to this decision.
Thanks,
-Elad Alfassa.
firewalld-devel mailing list firewalld-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/firewalld-devel
Regards, Thomas -- desktop mailing list desktop@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/desktop
On 08/23/2014 11:03 AM, Christian Schaller wrote:
Just to avoid people talking past each other here. As I understand Elads proposal it is not to drop the config tool from the Fedora repository. It is just to not have it installed by default. So it will still be available for devs who need it even if we drop it from being installed on every system by default.
Regardless of if we keep it by default or not we should make sure the tool has a proper appdata file etc., so that it becomes easily discovable/managable in the Software installer.
I added AppData file some time ago, but haven't seen any response whether it's OK or not.
https://bugzilla.redhat.com/show_bug.cgi?id=1094754 https://git.fedorahosted.org/cgit/firewalld.git/plain/config/firewall-config...
-- Jiri
----- Original Message -----
On 08/23/2014 11:03 AM, Christian Schaller wrote:
Just to avoid people talking past each other here. As I understand Elads proposal it is not to drop the config tool from the Fedora repository. It is just to not have it installed by default. So it will still be available for devs who need it even if we drop it from being installed on every system by default.
Regardless of if we keep it by default or not we should make sure the tool has a proper appdata file etc., so that it becomes easily discovable/managable in the Software installer.
I added AppData file some time ago, but haven't seen any response whether it's OK or not.
https://bugzilla.redhat.com/show_bug.cgi?id=1094754 https://git.fedorahosted.org/cgit/firewalld.git/plain/config/firewall-config...
It shows up fine in Software, though the screenshot would look better with the default theme: https://git.fedorahosted.org/cgit/firewalld.git/plain/doc/firewall-config.pn...
Cheers
On Mon, 2014-08-25 at 14:23 +0200, Jiri Popelka wrote:
I added AppData file some time ago, but haven't seen any response whether it's OK or not.
https://bugzilla.redhat.com/show_bug.cgi?id=1094754 https://git.fedorahosted.org/cgit/firewalld.git/plain/config/firewall-config...
For now the screenshots need to be taken in GNOME with the default theme. I hope we'll be able to tag screenshots for a particular desktop environment sometime soon, hopefully *before* KDE starts using appdata....
On 25 August 2014 14:06, Michael Catanzaro mcatanzaro@gnome.org wrote:
For now the screenshots need to be taken in GNOME with the default theme.
Well, a KDE app probably should be taken in KDE with their default theme.
I hope we'll be able to tag screenshots for a particular desktop environment sometime soon, hopefully *before* KDE starts using appdata....
KDE is already using AppData, 49.4% of KDE projects in F21 have extra metadata already. You are correct that it's not possible to do a per-DE screenshot, e.g. showing what Kile would look like in GNOME3 -- I don't know if that's something we want to fix; could you open an issue in https://github.com/hughsie/appstream-glib and we can discuss there with the other contributors. Thanks.
Richard.
Hey Thomas,
----- Original Message -----
Hello,
On 08/21/2014 09:03 PM, Elad Alfassa wrote:
Hello.
I propose we remove firewall-config (the graphical firewall configuration utility) from the default install of Fedora Workstation. Rationale:
- The default Workstation zone file allows incoming connection to
non-root ports. This means most of the common usecases will "just work" out of the box. Thus, most users will not need to touch their Firewall settings.
thank you for reaching out here on the firewall-devel mailing list. I really appreciate that you keep us in the loop regarding this request for Fedora Workstation.
I am a bit surprised by this request, because from what I recall about Fedora Workstation, the idea was to focus on server and client application developers as a target audience, right?
At least according to http://fedoraproject.org/wiki/Workstation:
"The system will primarily be aimed at providing a platform for development of server side and client applications that is attractive to a range of developers - from hobbyists and students to developers working in corporate environments."
So that means that server application developers without the firewall configuration tool would have to either use the command line or even completely disable the firewall in order to develop networked services that use privileged ports, right?
And that would in my humble opinion be a really bad user experience for server application developers trying to use Fedora Workstation.
I think that using the command-line to poke open a hole in the firewall is going to be a better experience than running firewall-config.
There's no explanations of the zone concept, and the interface is basically a graphical interface for firewalld, not a firewall configuration tool.
- People who do need it will be able to install it from GNOME Software
quite easily. Just search for "Firewall". There will be no confusion as this is the only firewall configuration tool shown in GNOME Software.
Searching for a firewall configuration tool and the need to install it over the network would not be a good user experience in my opinion. Additionally it would not be possible for the user to configure the firewall with a graphical configuration tool according to the security requirements of the environment before going on line.
Citation needed. In any case, unless the person using Fedora Workstation is the person putting those restrictions in place, I don't think the user would have access to the firewall configuration (or that would defeat the point, no?)
- In general, we should avoid having app launchers for things that are
configuration utilities in the default install.
To have a system without being able to configure it before actively searching for configuration tools is hopefully not the goal.
They would have a system where a configuration tool is not necessary in most cases, as, as Elad mentioned, most frameworks will take care of using high ports when running as a normal user.
In the future, I'd like to see things like Apache and MySQL running on high ports in the session, rather than having to configure the firewall.
Unless there's major objection to this change in the following few days, I'll remove it from the gnome-desktop group in comps.
I would personally strongly recommend to keep the firewall configuration utility in Fedora Workstation to allow server application developers and also others to have an easy way to configure their firewall settings according to their needs.
I don't think that developers need it, not any more than they'd need some of the other tools we ship as add-ons rather than in the Workstation image.
Would you mind if we continue this discussion on fedora-devel as I strongly believe that the broader community should give more input to this decision.
The whole point of the separate versions of Fedora is for us to avoid deferring to Server, Cloud or fedora-devel when making decisions about Workstation.
Cheers
On Mon, Aug 25, 2014 at 3:39 AM, Bastien Nocera bnocera@redhat.com wrote:
Hey Thomas,
----- Original Message -----
Hello,
On 08/21/2014 09:03 PM, Elad Alfassa wrote:
Hello.
I propose we remove firewall-config (the graphical firewall configuration utility) from the default install of Fedora Workstation. Rationale:
- The default Workstation zone file allows incoming connection to
non-root ports. This means most of the common usecases will "just work" out of the box. Thus, most users will not need to touch their Firewall settings.
thank you for reaching out here on the firewall-devel mailing list. I really appreciate that you keep us in the loop regarding this request for Fedora Workstation.
I am a bit surprised by this request, because from what I recall about Fedora Workstation, the idea was to focus on server and client application developers as a target audience, right?
At least according to http://fedoraproject.org/wiki/Workstation:
"The system will primarily be aimed at providing a platform for development of server side and client applications that is attractive to a range of developers - from hobbyists and students to developers working in corporate environments."
So that means that server application developers without the firewall configuration tool would have to either use the command line or even completely disable the firewall in order to develop networked services that use privileged ports, right?
And that would in my humble opinion be a really bad user experience for server application developers trying to use Fedora Workstation.
I think that using the command-line to poke open a hole in the firewall is going to be a better experience than running firewall-config.
There's no explanations of the zone concept, and the interface is basically a graphical interface for firewalld, not a firewall configuration tool.
- People who do need it will be able to install it from GNOME Software
quite easily. Just search for "Firewall". There will be no confusion as this is the only firewall configuration tool shown in GNOME Software.
Searching for a firewall configuration tool and the need to install it over the network would not be a good user experience in my opinion. Additionally it would not be possible for the user to configure the firewall with a graphical configuration tool according to the security requirements of the environment before going on line.
Citation needed. In any case, unless the person using Fedora Workstation is the person putting those restrictions in place, I don't think the user would have access to the firewall configuration (or that would defeat the point, no?)
- In general, we should avoid having app launchers for things that are
configuration utilities in the default install.
To have a system without being able to configure it before actively searching for configuration tools is hopefully not the goal.
They would have a system where a configuration tool is not necessary in most cases, as, as Elad mentioned, most frameworks will take care of using high ports when running as a normal user.
In the future, I'd like to see things like Apache and MySQL running on high ports in the session, rather than having to configure the firewall.
Unless there's major objection to this change in the following few days, I'll remove it from the gnome-desktop group in comps.
I would personally strongly recommend to keep the firewall configuration utility in Fedora Workstation to allow server application developers and also others to have an easy way to configure their firewall settings according to their needs.
I don't think that developers need it, not any more than they'd need some of the other tools we ship as add-ons rather than in the Workstation image.
Would you mind if we continue this discussion on fedora-devel as I strongly believe that the broader community should give more input to this decision.
The whole point of the separate versions of Fedora is for us to avoid deferring to Server, Cloud or fedora-devel when making decisions about Workstation.
OK, so with the information that Bastien and others have provided, we need to make a decision quickly on this.
Workstation WG members, the proposal as it stands is to remove the firewall-config tool from the default install. Could you please review and vote on this as soon as possible?
josh
I vote in favour of removing it from the default install, considering our default configuration should now mean that most people will not need to configure their firewall anymore this has become a tool more suited for separate install by those who actually need it.
Christian
----- Original Message ----- From: "Josh Boyer" jwboyer@fedoraproject.org To: "Discussions about development for the Fedora desktop" desktop@lists.fedoraproject.org Cc: "Firewalld development list" firewalld-devel@lists.fedorahosted.org Sent: Wednesday, August 27, 2014 9:58:33 PM Subject: Re: Removing firewall-config from the default install of Fedora Workstation
On Mon, Aug 25, 2014 at 3:39 AM, Bastien Nocera bnocera@redhat.com wrote:
Hey Thomas,
----- Original Message -----
Hello,
On 08/21/2014 09:03 PM, Elad Alfassa wrote:
Hello.
I propose we remove firewall-config (the graphical firewall configuration utility) from the default install of Fedora Workstation. Rationale:
- The default Workstation zone file allows incoming connection to
non-root ports. This means most of the common usecases will "just work" out of the box. Thus, most users will not need to touch their Firewall settings.
thank you for reaching out here on the firewall-devel mailing list. I really appreciate that you keep us in the loop regarding this request for Fedora Workstation.
I am a bit surprised by this request, because from what I recall about Fedora Workstation, the idea was to focus on server and client application developers as a target audience, right?
At least according to http://fedoraproject.org/wiki/Workstation:
"The system will primarily be aimed at providing a platform for development of server side and client applications that is attractive to a range of developers - from hobbyists and students to developers working in corporate environments."
So that means that server application developers without the firewall configuration tool would have to either use the command line or even completely disable the firewall in order to develop networked services that use privileged ports, right?
And that would in my humble opinion be a really bad user experience for server application developers trying to use Fedora Workstation.
I think that using the command-line to poke open a hole in the firewall is going to be a better experience than running firewall-config.
There's no explanations of the zone concept, and the interface is basically a graphical interface for firewalld, not a firewall configuration tool.
- People who do need it will be able to install it from GNOME Software
quite easily. Just search for "Firewall". There will be no confusion as this is the only firewall configuration tool shown in GNOME Software.
Searching for a firewall configuration tool and the need to install it over the network would not be a good user experience in my opinion. Additionally it would not be possible for the user to configure the firewall with a graphical configuration tool according to the security requirements of the environment before going on line.
Citation needed. In any case, unless the person using Fedora Workstation is the person putting those restrictions in place, I don't think the user would have access to the firewall configuration (or that would defeat the point, no?)
- In general, we should avoid having app launchers for things that are
configuration utilities in the default install.
To have a system without being able to configure it before actively searching for configuration tools is hopefully not the goal.
They would have a system where a configuration tool is not necessary in most cases, as, as Elad mentioned, most frameworks will take care of using high ports when running as a normal user.
In the future, I'd like to see things like Apache and MySQL running on high ports in the session, rather than having to configure the firewall.
Unless there's major objection to this change in the following few days, I'll remove it from the gnome-desktop group in comps.
I would personally strongly recommend to keep the firewall configuration utility in Fedora Workstation to allow server application developers and also others to have an easy way to configure their firewall settings according to their needs.
I don't think that developers need it, not any more than they'd need some of the other tools we ship as add-ons rather than in the Workstation image.
Would you mind if we continue this discussion on fedora-devel as I strongly believe that the broader community should give more input to this decision.
The whole point of the separate versions of Fedora is for us to avoid deferring to Server, Cloud or fedora-devel when making decisions about Workstation.
OK, so with the information that Bastien and others have provided, we need to make a decision quickly on this.
Workstation WG members, the proposal as it stands is to remove the firewall-config tool from the default install. Could you please review and vote on this as soon as possible?
josh
I vote +1 for the proposal to remove firewall-config from the default install.
In addition, we can do some things to 'soften the blow':
- Make sure that the firewall-config tool has good app data
- Make sure that it shows up in searches for relevant terms: firewall, network, iptables,...
On 08/28/2014 02:21 PM, Matthias Clasen wrote:
I vote +1 for the proposal to remove firewall-config from the default install.
+1 from me too.
In addition, we can do some things to 'soften the blow':
Make sure that the firewall-config tool has good app data
Make sure that it shows up in searches for relevant terms: firewall,
network, iptables,...
gnome-software now ships a gnome-shell search provider, which lets it match search strings from uninstall apps. So what we can do here is to avoid installing firewall-config in the default setup, but at the same time make sure that searching 'firewall' in gnome-shell finds firewall-config as the first result so it's easily discoverable and installable.
On Thu, Aug 28, 2014 at 2:37 PM, Kalev Lember kalevlember@gmail.com wrote:
On 08/28/2014 02:21 PM, Matthias Clasen wrote:
I vote +1 for the proposal to remove firewall-config from the default install.
+1 from me too.
In addition, we can do some things to 'soften the blow':
Make sure that the firewall-config tool has good app data
Make sure that it shows up in searches for relevant terms: firewall,
network, iptables,...
gnome-software now ships a gnome-shell search provider, which lets it match search strings from uninstall apps. So what we can do here is to avoid installing firewall-config in the default setup, but at the same time make sure that searching 'firewall' in gnome-shell finds firewall-config as the first result so it's easily discoverable and installable.
That's a very good point. Forgot about the search provider that makes the "installed by default" vs. "not installed by default" even less of an issue regarding discoverbility.
On 28 August 2014 15:43, drago01 drago01@gmail.com wrote:
That's a very good point. Forgot about the search provider that makes the "installed by default" vs. "not installed by default" even less of an issue regarding discoverbility.
Right. The firewall config tool is the first entry for in the software search provider for "fire"... onwards, for recent versions of gnome-software.
Richard
On 28 August 2014 13:21, Matthias Clasen mclasen@redhat.com wrote:
- Make sure that the firewall-config tool has good app data
The AppData is valid and shows a single screenshot.
- Make sure that it shows up in searches for relevant terms: firewall,
network, iptables,...
firewall-config.desktop really needs these as Keywords in the desktop file.
Richard
On Wed, 2014-08-27 at 15:58 -0400, Josh Boyer wrote:
OK, so with the information that Bastien and others have provided, we need to make a decision quickly on this.
Workstation WG members, the proposal as it stands is to remove the firewall-config tool from the default install. Could you please review and vote on this as soon as possible?
+1 for removing it from the default install; it doesn't seem necessary for any common tasks that most developers or other target users would need to perform, and should be easily discoverable for people who need to configure their firewall.
- Owen
On Thu, Aug 28, 2014 at 11:25 AM, Owen Taylor otaylor@redhat.com wrote:
On Wed, 2014-08-27 at 15:58 -0400, Josh Boyer wrote:
OK, so with the information that Bastien and others have provided, we need to make a decision quickly on this.
Workstation WG members, the proposal as it stands is to remove the firewall-config tool from the default install. Could you please review and vote on this as soon as possible?
+1 for removing it from the default install; it doesn't seem necessary for any common tasks that most developers or other target users would need to perform, and should be easily discoverable for people who need to configure their firewall.
+1 to not having it in the default install. I would stress that we need to make it very easy to find in Software, which I think we're already taking steps to do.
josh
On 08/29/2014 05:12 PM, Josh Boyer wrote:
+1 to not having it in the default install. I would stress that we need to make it very easy to find in Software, which I think we're already taking steps to do.
I count +5, so this passes.
https://git.fedorahosted.org/cgit/comps.git/commit/?id=e4b016bf5b5642932074b...
Am Freitag, den 29.08.2014, 11:12 -0400 schrieb Josh Boyer:
On Thu, Aug 28, 2014 at 11:25 AM, Owen Taylor otaylor@redhat.com wrote:
On Wed, 2014-08-27 at 15:58 -0400, Josh Boyer wrote:
OK, so with the information that Bastien and others have provided, we need to make a decision quickly on this.
Workstation WG members, the proposal as it stands is to remove the firewall-config tool from the default install. Could you please review and vote on this as soon as possible?
Please be so kind as to use "Proposal for Vote" in the subject line next time you call for a vote.
For more information, please refer to http://fedoraproject.org/wiki/Workstation/Governance#Making_Decisions
Thank you, Christoph
desktop@lists.fedoraproject.org