2 posts were split to a new topic: Redesigning the configuration pages
thanks for your post. Here are some thoughts about what you told us.
As a first point, you said, you feel that nobody reads the wiki. Where does this feeling come from. From the experience and the frustration with the support of users? How did you measure how many people are reading the wiki?
For me, the wiki was my first place to go, when I started with ipfire and it is a good first place to go. You did a good job!
Second, you said, that the questions people ask do show, that they are not well trained in running a firewall. If you mean a person like me, you are right, but what do you say to me with your statement? Do you say: “Go away here! I will not give you my golden software because you are unable to understand it?” That will not be your goal. It should be the opposite.
People like me have no other chance to get trained by doing there first steps by using an free of charge open source firewall. So in your wiki and forum there will always be people, that are not well trained. All you have to do is making clear, at the first page of your wiki, what your supposed audience for the wiki is (people who know the basics about firewall) and where the others could find the basics about running a firewall.
Or you decide, that your wiki also should train people, and you then tell them the basic secrets about running a firewall. With this you would also have done some job in securing the internet.
It is your decision.
I have more thoughts about the wiki, but not enough time to write them down here.
A web or personal meeting would be better. I have seen that the ipfire team had made some meetings in the ruhr area. I life in the ruhr area and a personal meeting would be a good idea, if you life in the ruhr area as well.
Good. So it does work!
No, you are not mistaken. It is absolutely right where this is not acceptable that people are running a computer network if there is no, or limited knowledge about the basics. We make people have a drivers licence and that is a good concept. Nobody is allowed to cut people’s hair unless they have done training. There are too many things to get wrong.
This all depends on what the risk is. Large companies are run like this and data breaches have become a daily scandal now. It is very often presented as “well, the hacker must have been really good” when in reality they don’t need to be that. Guessing “12345” as a password is not difficult.
In a home network things are different. This forum is mainly frequented by this type of user. I guess that is why we have a lot of simple questions here.
I am just getting frustrated when people don’t search for their answer first. It simply is the easiest option for everyone.
your hairdresser example is a good one, because tomorrow i have an appointment with him.
To get you calm, I am not so bad trained as you might expect, but to me it is unclear, what exactly, from your point of view, is a well or enough trained employee. Does the knowledge about what a web proxy is belong to that? Or does knowing the difference between DNS over TLS and DNS over HTTPS also belong to that? What about IPS?
Your idea, to have a driving license for administering a firewall, is an interesting idea. But if you dig deeper into it you will come to the point, that you’ll need an army of well trained professionals to block any kind of attack. I.e. today you also need someone who is an expert in artificial intelligence, because attacks are run by using AI today.
But I agree with you, that it is not good, when networks are managed by untrained people, no matter if it’s an big worldwide companies- or a small home network. Many “hackable” home networks are a good start for a world spanning attack.
But I have no idea how one could get out of this Problem. The only idea is to have well government-financed schools for the home sector that train IT basics free of charge, so that you have a wide fundament of trained people.
In the company sector your idea of a “driving license” seems to be a good idea, at a first glance.
It might be adequately covered already. The IPFire installer:
- does not have a default address for GREEN
- defaults to “static” for RED, but offers no default address
- will require an address for “gateway”, with the above setting, in order to connect to the Internet
- does not give default “start” & “end” addresses for DHCP
- does not attempt to auto-assign RED & GREEN NIC
If the new user can pass the above “test” then they should have a working IPFire which, for most home users, will result in a more secure and flexible LAN
This is a great example.
The IPFire setup process is not one of those were you click “Next”, “Next”, “Next” and finally “Finish”. IPFire simply supports too many things and there is no good default that works for everyone.
So, why should we suggest a certain default IP address for GREEN?
Probably most systems run on PPP. If anything that should be the default then. But that won’t work without any credentials. Setup is required.
And how can the system know which NIC you want to use for RED and GREEN?
These are basic steps that normally you won’t spend any time thinking about.
I am calm. I am not stressing out over this. I am just frustrated.
That depends entirely on whether you use these things or not. But my point is that if you use them, you should think first before you click the on button.
Since everyone has at least some sort of router at home, I really wonder why it is not being taught how they work. That reason probably is the same than why we are not learning how to cook a basic meal or to do our taxes. School doesn’t teach the important stuff.
I normally approach things in the way where I read first and then do something. Sometimes I experiment first and see how things go. But the latter approach only works when the risks are low and that seems to be the important factor here: People not being aware of the risks.
I am not in favour of having bright red flashing words all over the wiki that say ATTENTION, because that is not how people are made aware. That is only scaring them.
Would it be useful to have a ‘For beginners’ link from the front page of the wiki, which then goes to a page that says something about the amount of work involved in setting up a firewall correctly, and lists the topics which a user needs to have an understanding of before going any further?
I’ve also got some ‘Proof of Concept’ for adding a per page help link to the menus, based on a ‘help’ key in the menu file, although it only works on the ‘ipfire’ theme at the moment.
It used to be possible to download add-on firewall software for Windows. The IPFire Download page does not make it clear that IPFire requires dedicated hardware as well as additional skills.
This could be put on the Download page, with a link to https://wiki.ipfire.org/installation, urging people to be confident that they can do the installation, before downloading.
In my localion (AU), most people using Internet via land-line or fixed-wireless have a modem, supplied by the ISP, that is pre-configured with the subscriber’s login plus the network parameters. That gives little incentive to teach these requirements and “if it ain’t broke - don’t fix it” suits most parties.
Every customer with a custom network setup and a in-house firewall (correct port forwarding was setup during the install) was able to be VPN enabled in less than 1 hour without going on premises.
During the Lockdown this has been a enormous advantage of time and budget for enable remote access to business computer.
If that isn’t clear we should work on our website.
I like this.
I agree with your position and I will contribute where I can to improving documentation. Let me give you an illustrative example of where documentation fails.
From what I can tell you can run a VM On IPFire. All I know is that I can do it. I don’t know of any use cases. Why would I want to do this? It’s not clear what the security risks are? These are all well-known problems but it would be useful to give a paragraph or so referring users where to read up more. I’m not saying we give them the full discourse but more like “you need SSH on Windows, go get putty, here’s the link, read up, there not here”
But what is the conceptual framework of a VM running on IPFire? Here’s an example of what I want to try:
I want to experiment with wireguard and I’m not ready to make an IPFire plug-in yet. The idea is build small VM running wire guard, do some routing magic in the firewall and see if I can make it work and get some metrics on how it performs and ease of use.
However, I have no idea what are the working parameters for VM’s on IPFire. I don’t know the design parameters, restrictions, capabilities. It’s all a mystery and a wiki is not helping in clearing up some of these issues.
I’m going to play with it, I’ll document it as I go along so maybe I can help answer those questions for someone else.
Like that page.
When I needed them, I could not find them. When I don’t need them, I run it to them.
Now those help links just need to be added to the various menu tabs on the system => https://192.168.x.x:444/cgi-bin/index.cgi
I think this would be a great addition to IPFire. Those are good Wiki helps, just need to be able to find them from the IPFire system => https://10.0.x.x:444/cgi-bin/index.cgi
Having a link to the wiki would be good.
I think it would be great if it would be for every little thing, but that is not practical.
One link to the wiki index should be good enough.
Perhaps in the system tab Help/wiki and a forum link.
since you’re doing it again here, I wanted to place a comment on this layout appreciation. It seems you’re using some kind of mobile device and along with this elevate it as standard viewing device (it is not!). So you seem to value all the hints e.g. on the webdesign pointing to the waste of space on the screen through your mobile-device-view. This screenshot above is somehow a prove of leaving out of mind other devices. Here is what I am facing:
So from my point of view I don’t see a really responsive Webdesign. I’d be happy to see this improve in the future because currently it is adversely for the usability (lots of scrolling needed due to only view informations at the viewport).
@simulacron: For the wiki you are right, Concerning the community pages I can not fully agree. The header and footer take whole the width. The body may be somewhat wider, but I think it is okay.
Which browser do you use?
It is 2020. More than half the internet traffic is mobile.
And you are pointing out a design problem that we have in general: computers are wide screen and phones and other handheld devices are not.
You have a zoom button in your browser somewhere if you want to scale up things, but it is generally not a good idea to use the whole width of the screen for the text container. Every newspaper, most other pages with plenty of text content have a container width limited to 900 to 960px. The rest is filled with ads, which we do not do here.
So, I cannot see what you are proposing. This might not work for you, but that does not mean it doesn’t for others.
It’s not problem of wide or narrow screen but of orientation. Real computers ( desktops, laptops, … ) use “landscape”, microcomputers with telephony ( smartphones ) use “portrait” orientation, like books ( without the possibility to turn pages or a number of them easily).