<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: Papyrus; color: navy;"><o:p></o:p></span>Daniel,<br>
</p>
<font face="Arial"><br>
by way of example, my PC has a firewall (Symantec) that does outbound
filtering. I
appreciate the fact that when I launch an application for which I
have not previously provided authorization to access the Internet
(defined here as an IP range beyond my LAN subnet), the firewall warns
me before allowing the connection to take place and lets me decide
whether to block, allow this one time, or allow permanently the
access. With this
kind of protection on devices such as the N800, it is more likely that
the outbound filter will also catch a silent rogue app that, by some
means, </font><font face="Arial">has gotten installed on the
device.</font><font face="Arial">(these days typically by a user being
socially engineered to do something that they should not do). <br>
<br>
One of the challenges of any software developer group like this is to
perceive the product like the average end user and not a developer.
With respect to device security services, as opposed to, say a
collaboration, communications, or entertainment app, it is hard for an
experienced clueful developer to put him or herself into the "shoes" of
the average, not highly clueful, end user. Security is, whether we like
it or not, an essential part of the software/device/product usability
mix even though it is, for most developers, a boring aspect of computer
systems/science. <br>
<br>
Today's responsible sw/product companies and their software engineers
work hard to establish the right balance of security and useability.
Microsoft has been a major miscreant in this respect for many years,
and they have, painfully, learned their lesson and are now working hard
to correct past mistakes. Nokia clearly has the opportunity to do
better with its products of the class of the 770/N800 and set a
standard for others to follow.<br>
<br>
</font>
<div class="moz-signature">
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="ProgId" content="Word.Document">
<meta name="Generator" content="Microsoft Word 10">
<meta name="Originator" content="Microsoft Word 10">
<link rel="File-List"
href="ASN%20End%20of%20Message%20Signature%2004%2022%2006_files/filelist.xml">
<title>Best Regards,</title>
<o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place">
<o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PersonName"><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="phone">
<!--[if gte mso 9]><xml>
<o:DocumentProperties>
<o:Author>John B. Holmblad</o:Author>
<o:LastAuthor>John B. Holmblad</o:LastAuthor>
<o:Revision>5</o:Revision>
<o:TotalTime>8</o:TotalTime>
<o:Created>2006-04-22T20:38:00Z</o:Created>
<o:LastSaved>2006-10-20T20:57:00Z</o:LastSaved>
<o:Pages>1</o:Pages>
<o:Words>52</o:Words>
<o:Characters>302</o:Characters>
<o:Company>Televerage International</o:Company>
<o:Lines>2</o:Lines>
<o:Paragraphs>1</o:Paragraphs>
<o:CharactersWithSpaces>353</o:CharactersWithSpaces>
<o:Version>10.6817</o:Version>
</o:DocumentProperties>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[
if !mso]><object
classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id=ieooui></object>
<style>
st1\:*{behavior:url(#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;
mso-font-alt:"\FF2D\FF33 \660E\671D";
mso-font-charset:128;
mso-generic-font-family:modern;
mso-font-pitch:fixed;
mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
@font-face
{font-family:Papyrus;
panose-1:3 7 5 2 6 5 2 3 2 5;
mso-font-charset:0;
mso-generic-font-family:script;
mso-font-pitch:variable;
mso-font-signature:3 0 0 0 1 0;}
@font-face
{font-family:"\@MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;
mso-font-charset:128;
mso-generic-font-family:modern;
mso-font-pitch:fixed;
mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"MS Mincho";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.grame
{mso-style-name:grame;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]--><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="7170"/>
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1"/>
</o:shapelayout></xml><![endif]-->
</o:SmartTagType></o:SmartTagType></o:SmartTagType>
<div class="Section1">
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: Papyrus; color: navy;">Best
Regards,</span><span style=""><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 6pt; font-family: Papyrus; color: navy;"> </span><span
style="font-size: 6pt;"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: Papyrus; color: navy;">John
Holmblad</span><span style=""><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 6pt; font-family: Papyrus; color: navy;"><o:p> </o:p></span></p>
<p class="MsoNormal"><st1:PersonName><span
style="font-size: 11pt; font-family: Papyrus; color: navy;"></span></st1:PersonName><span
style=""><o:p></o:p></span></p>
<br>
</div>
</div>
<br>
Daniel Stone wrote:
<blockquote cite="mid20070220233026.GB28567@intune.research.nokia.com"
type="cite">
<pre wrap="">On Tue, Feb 20, 2007 at 04:34:21PM -0600, ext Paul Klapperich wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Nokia really doesn't have to do anything to "guarantee" that 3rd party apps
are safe, but I would certainly trust the integrity an official iptables
compiled by Nokia. They certainly have something to loose by somehow
subverting it, so I would trust it. And as it really wouldn't take anything
more than a checking the option in the kernel config before building, I
really don't think this is any additional burden to them.
</pre>
</blockquote>
<pre wrap=""><!---->
Okay, so what are you going to do with this iptables package? As far as
I can tell, there are two options:
a) nothing;
b) iptables -P INPUT DROP; iptables -A INPUT -m state --state
ESTABLISHED,RELATED -j ACCEPT
a) provides no change over the status quo.
b) provides no change over the status quo, except that it encourages
people to have open ports. It would mean that people who wanted to
listen to the outside world have to explicitly punch a hole in the
firewall. Right now, people who want to listen to the outside world
have to explicitly open a socket on that interface, which to me is a
pretty clear statement of intentions.
I just don't see why you would want it. How would it make things more
secure, at all, except for the warm fuzzies that come from having a
firewall? It provides no practical benefit in any case which isn't
hopelessly contrived.
Cheers,
Daniel (not responsible for this decision, not speaking for N, etc etc)
</pre>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
maemo-developers mailing list
<a class="moz-txt-link-abbreviated" href="mailto:maemo-developers@maemo.org">maemo-developers@maemo.org</a>
<a class="moz-txt-link-freetext" href="https://maemo.org/mailman/listinfo/maemo-developers">https://maemo.org/mailman/listinfo/maemo-developers</a>
</pre>
</blockquote>
</body>
</html>