[notalaser]

I remember using this sort of applications on Windows (a very long time ago; those were the days of Windows 98, whose famous stability drove me to Linux and BSD). Can some of its users help me shed some light on the use case of such a program on an open source system? I mean:

- Signed packages from trusted repos should not need firewalling, at least not if you're using a serious distro rather than a hobby project. This isn't true in the general case, of course (hence things like OpenBSD's auditing of base packages), but this is a personal firewall, it's not exactly intended for server-grade equipment...

- If you install packages from dubious PPAs all over the Interwebs, a puny kernel module is unlikely to stop the two rootkits that you've probably already installed. Same for a system that has already been compromised.

- Untrusted applications (which you're running straight on your system, rather than nicely tucked in a VM with no network access because...?) -- as practical experience on Android and Windows shows -- will generally break as soon as they can't do their snooping because they'll segfault or block waiting for the answer that never came to the package that was never sent anyway.

I see a lot of talk in the Linux desktop field about building lines of defense against untrusted programs. I see why this is relevant to users who are routinely running closed-source programs (no, I don't personally audit every line of code running on my system, but a public source code repository is sort of a stupid place to hide malicious code when there's so much fully closed code being purchased from "app" stores and downloaded from all over the web and whatnot). I find it hard to understand why it would be relevant on an open source desktop.

Things like Wayland's sandboxing, I get to some degree -- it's only a matter of time before JavaScript code in a browser will get access to more stuff from your computer, which will eventually include stuff like keystrokes and mouse events and whatnot, so it'll have to be properly sandboxed. But why a personal firewall? What sort of applications do you find yourself wanting to block, and why for heaven's sake are you running them on your Linux computer, when it's really 2017 and there's plenty of choice in terms of applications.

[microtonal]

Signed packages from trusted repos should not need firewalling, at least not if you're using a serious distro rather than a hobby project.

Software has security vulnerabilities. So, even if the software is trusted, there could be a zero-day vulnerability that is exploited. I'd rather have software stopped in its tracks. (For this reason I think something like Little Snitch or Douane is not enough, you also need sandboxing.)

will generally break as soon as they can't do their snooping because they'll segfault or block waiting for the answer that never came to the package that was never sent anyway.

Maybe macOS apps are different, but I never had this experience during while using little snitch for almost 10 years. I recently started using Little Flocker (which is like Little Snitch/Douane, but for filesystem access) and so far no program has crashed as a result of denying access[1].

[1] Including the JDK installer, where I denied writing launch agents and Java itself trying to write to ~/.oracle_jre_usage.

[notalaser]

> Software has security vulnerabilities. So, even if the software is trusted, there could be a zero-day vulnerability that is exploited. I'd rather have software stopped in its tracks.

How? When the zero day hits, the program has long been marked as trusted and the firewall will just happily let it go along. Besides, even if you're an experienced user and the firewall is smart enough to figure out that the application is talking to a server that it's never talked before (which isn't even sustainable for a lot of applications), it's very likely that you'll see the alert way before you read the news about the zero-day, and you'll just shrug and allow it to continue because you trust that program.

(Edit: maybe personal firewalls got smarter since I last used one and there's something else I'm missing here?)

> Maybe macOS apps are different, but I never had this experience during while using little snitch for almost 10 years.

The kind of applications that actively snoop on users as a business model -- the ones that you want to block in the first place -- sometimes even do this deliberately (which is something that I know from experience, not something that I suspect). Inexperienced users quickly figure out it's the firewall that gives them trouble, and they'll pick disabling the firewall over not playing with their toy any time. This works for pretty much any sort of permissions.

For example, last time I ran it on my tablet, Instagram's application was crippled to uselessness because I had disabled camera access (my girlfriend only needed to post a photo on an account that she managed): as soon as it opened, it spit out a big fat error message saying it can't access the camera and that you should allow camera access if you want to be able to take photos. As soon as you tapped ok, the same error popped up, and the application never loaded.

macOS apps aren't any different, you're just running the right ones :-).

[zokier]

There is a murky gray zone between actively malicious and fully privacy respecting applications. Applications in this zone are more prevalent in closed source software, and Linux is increasingly being used to run such software.

[notalaser]

I think this is what I'm not getting :-). To someone who's so sick of dealing with GTK3 and xdg and everythingd breakage that I'm contemplating getting a Mac more seriously than when I saw the PowerMac G5 specs, the idea that someone who needs to run this sort of applications would not rather run Windows or OS X is unthinkable. I mean, after every point release in GTK 3, I would rather run Windows...

[oneplane]

I'm not entirely sure what GTK or GTK point releases have to do with it. Isn't it just a programming framework with a GUI?

[notalaser]

It's a very popular one. However, for the last couple of years, minor releases of a supposedly stable branch included backwards-incompatible changes that broke applications and themes. Basically, upgrading from 3.8 to 3.10 resulted in applications looking funny and some of them crashing. Quite a few application and theme developers ended up calling quits -- stopped maintaining their applications, kept on using GTK 2 or switched to Qt.

This caused a lot of negativity in the open source community. It's a shame, because on a technical level, it's actually very good. Its developers have, more recently, attempted to address this problem and their plan looks like it should work. However, the proof of the pudding is in the eating, and we haven't had much time to eat it yet :-).

It's unfair to blame my frustration with Linux lately solely on GTK, too, I'm sorry if I gave that impression. A lot more factors are at work here. GTK has just been very representative of this mindframe lately.

[vetinari]

> minor releases of a supposedly stable branch included backwards-incompatible changes that broke applications and themes.

No, the releases broke only themes and exactly that was communicated - that the CSS engine was work in progress and that themes were going to be broken.

Those, who didn't want to listen complained afterwards. Color me surprised.

[notalaser]

Just from memory, changes in the way GTK handles geometry hints broke stuff in a bunch of applications, such as ROX Terminal. I think that was in 3.20. I haven't really followed development after 3.16 or so, I try to avoid GTK 3 applications when I can.

The decision to include "work in progress" code in stable releases is also a little questionable.

[greglindahl]

A personal firewall is one of many ways to make sure you installed what you meant to. There are signed trusted packages that phone home, or do stuff that you don't necessarily want.

[steinex]

Ahh yea, the fine days of ZoneAlarm ;-)

[Khaine]

A personal firewall is also a great way to gain a better understanding of how applications communicate and networking in general.