I couldn't agree more
By stretch | Saturday, November 29, 2008 at 1:34 a.m. UTC
Every so often I'll read through an article and think, "yes, exactly!" wishing that I could have conveyed a shared opinion on the subject matter so eloquently. This week I read three such articles. Normally I avoid post aggregation but I felt compelled to share these particular pieces.
First, Derek Morr explains that IPv6 is not a security issue (found via blog.ipv6.com). He addresses two root misconceptions common enough that I have encountered them myself even with relatively low exposure to IPv6:
- There are security bugs in IPv6 implementations, so we should block IPv6 and disable IPv6 code.
- Users can setup IPv6 tunnels and bypass network security devices (firewalls, IDS, etc), so we should block IPv6 and disable IPv6 code.
Both objections are cut down without mercy. I worry that these and other exaggerations regarding IPv6 impede its adoption by enterprises and service providers alike, so I'm happy to encounter articles like this one, grounded in common sense.
The second two articles come courtesy of my good friend Ivan Pepelnjak. On Thursday, he pointed out that "independent experts" aren't needed to verify that someone who does not understand how routers work can break one. And, because maintaining one blog with daily updates isn't enough work, the next day he elaborates on five reasons to favor CLI over GUI over on the NIL blog.
The reasons outlined in the article serve as timely reminders given the recent rise to popularity of applications like Cisco Configuration Professional. While GUIs have their place, I believe the CLI will always overtake them on grounds of efficiency and robustness for the foreseeable future. As an example, which instructions would you rather give to someone via telephone?
- Click "start" and go to "settings" > "control panel" > "network connections". Right-click "local area connection" and select "properties." In the list pane, select "Internet Protocol" and click "properties." Enter 192.168.0.10 in the IP address field and 255.255.255.0 in the subnet mask field.
- Type 'ifconfig eth0 192.168.0.10 netmask 255.255.255.0'
Posted in Opinion
November 29, 2008 at 6:59 a.m. UTC
Answer: #1. I don't know why, but explaining how to click buttons is easier than getting them to understand the letters to type over an international phone link with a 2-4 second delay and intermittent loss of audio. Especially when you don't share a mother tongue with the other person.
November 29, 2008 at 12:27 p.m. UTC
Regarding Text Configuration: It really depends. The GUI way might for most people be the best to remember, so it spares me repeated calls regarding the same problem.
But in most cases, especially if it must be fixed quick, the command line is better. It works great on the phone if the person on the other and has either no Idea what to do, or is very proficient but does not know how to solve this problem.
Sometimes I have people with little knowledge, who still do other things "in between" like press some button because they think it is right, and when you tell them to press some other button it is "not there" and you are the fool who doesn't know his Job... Of course, they dont mention or even remember that there was a shiny button they just pressed by intuition, without even reading the dialog box :o)
November 29, 2008 at 5:11 p.m. UTC
I support users of our software on Unix and Windows systems, and I often have to ask them (usually via e-mail) to perform various diagnostic steps. How much easier it is to have them enter:
script x.log ssh email@example.com ifconfig netstat -rn ping 10.10.33.1 exit exit
(which they can typically cut-n-paste)
Verses the Windows version that involves some GUI work and a lot of "take a screen shot" steps. (And worse yet, when they only give you a subset of the output which they think is relevant.)
I'm wondering if you've had occasion to use "script" and "ssh" like that so you can see the entire interaction...
November 29, 2008 at 6:00 p.m. UTC
Use phoenic, works great.
December 1, 2008 at 7:37 a.m. UTC
- netsh interface ip set address name="Local Area Connection" static 192.168.0.100 255.255.255.0 192.168.0.1 1 ;-) (Since XP you don't need to use GUI, especially not for network stuff. netsh works fine.)
December 2, 2008 at 2:40 p.m. UTC
I guess using CLI vs GUI depends very much in which type of equipment ( or even a different config in the same equip. ) we are configuring. For example in a Cisco Asa, i prefer to do the initial config and even access-list configs via CLI, but when creating ipsec/ssl tunnels i use always the GUI as it gives me a better view of what i am configuring.