Every so often I'll read through an article and think, "yes, exactly!" wishing that I could have conveyed a shared opinion on the subject matter so eloquently. This week I read three such articles. Normally I avoid post aggregation but I felt compelled to share these particular pieces.
First, Derek Morr explains that IPv6 is not a security issue (found via blog.ipv6.com). He addresses two root misconceptions common enough that I have encountered them myself even with relatively low exposure to IPv6:
- There are security bugs in IPv6 implementations, so we should block IPv6 and disable IPv6 code.
- Users can setup IPv6 tunnels and bypass network security devices (firewalls, IDS, etc), so we should block IPv6 and disable IPv6 code.
Both objections are cut down without mercy. I worry that these and other exaggerations regarding IPv6 impede its adoption by enterprises and service providers alike, so I'm happy to encounter articles like this one, grounded in common sense.
The second two articles come courtesy of my good friend Ivan Pepelnjak. On Thursday, he pointed out that "independent experts" aren't needed to verify that someone who does not understand how routers work can break one. And, because maintaining one blog with daily updates isn't enough work, the next day he elaborates on five reasons to favor CLI over GUI over on the NIL blog.
The reasons outlined in the article serve as timely reminders given the recent rise to popularity of applications like Cisco Configuration Professional. While GUIs have their place, I believe the CLI will always overtake them on grounds of efficiency and robustness for the foreseeable future. As an example, which instructions would you rather give to someone via telephone?
- Click "start" and go to "settings" > "control panel" > "network connections". Right-click "local area connection" and select "properties." In the list pane, select "Internet Protocol" and click "properties." Enter 192.168.0.10 in the IP address field and 255.255.255.0 in the subnet mask field.
- Type 'ifconfig eth0 192.168.0.10 netmask 255.255.255.0'