FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 05-20-2008, 02:05 PM
Derek Broughton
 
Default

Mario Vukelic wrote:

> On Mon, 2008-05-19 at 21:43 -0300, Derek Broughton wrote:
>> (particularly if it's something like SSH where a misconfiguration
>> guarantees you're locked out of your system until you can get physical
>> access).
>
> Existing SSH connections remain up, so you can log int via SSH, edit,
> then try to establish a new connection, and drop the old one only when
> you are sure the new config works.

Hahahahaha! I just saw an admin upgrade 3 servers last week, without doing
anything more than a superficial check of any of them. It was days later
that he actually figured out what he'd done wrong and fixed it...

In the case of an SSH server, wouldn't it make more sense to use a config
tool that actually _did_ try to establish a new connection before
finalizing the changes?
--
derek


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 02:25 PM
Florian Diesch
 
Default

Derek Broughton <news@pointerstop.ca> wrote:


> _webmin_ - it's the individual modules. Personally (and list members
> should by now be getting tired of hearing me say this) I believe that GUI
> admin tools are _always_ the right way to do configuration, and this is
> pretty much anathema to many of the hardline debian geeks. Configuration
> should always be possible through a question/answer system, rather than
> hand-editing, because even the most experienced users make mistakes when
> hand-editing, while a GUI tool should always prevent syntactic errors.

* GUI tools usually don't have things like search, replace, undo,..
which makes them hard to work with except for very simple tasks.

* Most of them don't support saving and restoring so it's hard to go
back to or compare with your old settings

* Often they don't support comments which IMHO makes them close to
unusable if more than one person is modifying the config or configs
are worked with over a long time


Florian
--
<http://www.florian-diesch.de/>
-----------------------------------------------------------------------
** Hi! I'm a signature virus! Copy me into your signature, please! **
-----------------------------------------------------------------------

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 03:00 PM
Avi Greenbury
 
Default

On Tue, 20 May 2008 10:56:28 -0300
Derek Broughton <news@pointerstop.ca> wrote:
>
> Especially. That's apparently Ubuntu and Xorg's aim (at least to prevent
> the necessity of editing - it's *nix, so you can't actually _prevent_
> someone editing the files). Haven't you noticed that we get a smaller
> percentage of emails on these lists these days about X configuration than
> we used to? That's because people are needing to do much less hand editing.

Yes. Less necessary hand editing is always a good thing. But
hand-editing is sometimes the ideal solution IMO.
I much prefer quickly changing, say, the resolution value in my
xorg.conf file than running dpkg-reconfigure and *hoping* that
somewhere along the way it'll ask me. If it breaks, it's not like it's
impossible to fix, since all I need in order to fix it is my trusty
text editor.

> >
> > Or a web server to which one has no physical access?
>
> Again, yes. Apache is less of a problem than some servers, in that I can
> hand edit the configs and test them before restarting Apache, but I'd be a
> lot happier with a tool that didn't let me write invalid config files in
> the first place.

A tool that won't let you write invalid config files is not necessarily
a Q+A tool.
I very much like the idea of one that doesn't let me write invalid
files, but I also don't want to have to respond to potentially badly
worded questions. And what if my language isn't supported? To edit
config files by hand just requires that I understand the contents of
the text file, and have an editor that understands the characters. To
edit config files by Q+A requires that I understand the language in
which I am being asked.

Visudo is, in my mind, the closest to perfect a config file editing
system's likely to get (until telepathy hits the mainstream, anyway).
It lets me write exactly what I want, with the tool I want, in the
order that I want to, and then tells me if I've done something
wrong when I say "I'm done, check it please".

--
Avi Greenbury

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 03:09 PM
Frank Kusel
 
Default

Derek Broughton wrote:
> Mario Vukelic wrote:
>
>
>> On Mon, 2008-05-19 at 21:43 -0300, Derek Broughton wrote:
>>
>>> it has to be a question/answer interface
>>>
>> Ton configure something complex like a serious postfix setup through a
>> questions and answer system? I cannot imagine that.
>>
>
> I can. There really aren't that many questions that need to be answered.
> I've never seriously used postfix, but I have administered Exim, and I have
> seen Webmin modules for it. They were _deficient_ but not intrinsically
> wrong.
>
You should use M$ servers. That's how they work... :-)

--
Frank Küsel
ANSYS Limited

*******************************************
This message (and attachments) subject to restrictions and a disclaimer.
Please refer to http://www.ansys.co.za/index.html or geninfo@ansys.co.za
for full details.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 03:13 PM
Les Mikesell
 
Default

Derek Broughton wrote:

>> Derek Broughton wrote:
>>> No, actually it isn't. I'd be happier if it wasn't even possible to
>>> configure most servers with a text editor. I don't trust people,
>>> especially administrators who think they know everything. I particularly
>>> don't trust people to hand edit my ssh config.
>> You don't trust people, especially not sysadmins... but you trust
>> programmers. Ok then. Ker-plonk.
>>
>
> Don't be a moron. Of _course_ we trust programmers. We trust them all the
> time, or we wouldn't even be using this OS.

And we trust them NOT to do something as stupid as requiring a GUI to be
working before you can edit the configuration to fix it or the
underlying OS. And we use this OS because everything it inherits from
the days before GUI's still works efficiently. If we wanted to be
forced to start a new window context for every process we'd probably use
something else.

> We trust Open Source
> programmers even more because we can audit their code. Anybody who thinks
> it's safer to edit a config file by hand than with a GUI isn't on my hiring
> list.

Safer isn't usually the point. If you have to edit a config file at all
it is usually because either the programmer got it wrong or you want to
do something he didn't consider. If you insist on having program
verification of everything, you won't be able to fix the situation where
the program is wrong and you won't be able to deal with any new
situations the programmer didn't expect. Also if the GUI editor is not
actually part of the program in question there's a very good chance that
it will be out of sync with the syntax is is supposed to help you with.

> There's a very good reason that /etc/sudoers contains this warning:
>
> # This file MUST be edited with the 'visudo' command as root.
>
> It's not a GUI (though actually, it could be) but it forces verification of
> the file before actually replacing the old file

If it were a GUI - and actually required... you wouldn't be able to fix
it easily remotely or with just a console login.
>
> <plonk> back at you.

There is a valid point that programs should provide a way to check the
syntax of their own configs that is less drastic than restarting them
and crashing, but the idea that something should keep you from making
changes that no one thought about before is very un-unix-like. If you
can't break it, you probably also can't improve it.

--
Les Mikesell
lesmikesell@gmail.com

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 03:48 PM
Florian Diesch
 
Default

Derek Broughton <news@pointerstop.ca> wrote:

> Mario Vukelic wrote:
>
>> On Mon, 2008-05-19 at 21:43 -0300, Derek Broughton wrote:
>>> (particularly if it's something like SSH where a misconfiguration
>>> guarantees you're locked out of your system until you can get physical
>>> access).
>>
>> Existing SSH connections remain up, so you can log int via SSH, edit,
>> then try to establish a new connection, and drop the old one only when
>> you are sure the new config works.
>
> Hahahahaha! I just saw an admin upgrade 3 servers last week, without doing
> anything more than a superficial check of any of them. It was days later
> that he actually figured out what he'd done wrong and fixed it...

A GUI tools doesn't help here. It may be able to check for syntax
errors but hardly for semantic errors.

> In the case of an SSH server, wouldn't it make more sense to use a config
> tool that actually _did_ try to establish a new connection before
> finalizing the changes?

No. You need a tools that checks if your servers are up and running and
alarms you if something is wrong. And you don't want admins who don't
do some simple checks after changing the configs.
GUI tools may be able to replace a bad admin, but not a good one.


Florian
--
<http://www.florian-diesch.de/>
-----------------------------------------------------------------------
** Hi! I'm a signature virus! Copy me into your signature, please! **
-----------------------------------------------------------------------

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 03:51 PM
Derek Broughton
 
Default

Avi Greenbury wrote:

> On Tue, 20 May 2008 10:56:28 -0300
> Derek Broughton <news@pointerstop.ca> wrote:
>>
>> Especially. That's apparently Ubuntu and Xorg's aim (at least to prevent
>> the necessity of editing - it's *nix, so you can't actually _prevent_
>> someone editing the files). Haven't you noticed that we get a smaller
>> percentage of emails on these lists these days about X configuration than
>> we used to? That's because people are needing to do much less hand
>> editing.
>
> Yes. Less necessary hand editing is always a good thing. But
> hand-editing is sometimes the ideal solution IMO.
> I much prefer quickly changing, say, the resolution value in my
> xorg.conf file than running dpkg-reconfigure and *hoping* that
> somewhere along the way it'll ask me.

But again, that's a deficiency in dpkg-reconfigure (actually debconf) and
not an argument against configuration tools in general.
>> >
>> > Or a web server to which one has no physical access?
>>
>> Again, yes. Apache is less of a problem than some servers, in that I can
>> hand edit the configs and test them before restarting Apache, but I'd be
>> a lot happier with a tool that didn't let me write invalid config files
>> in the first place.
>
> A tool that won't let you write invalid config files is not necessarily
> a Q+A tool.

Indeed - but you'd have to convince me that there was actually a more
efficient way to do it. I cited visudo which actually prevents you from
saving the sudoers file if it's not valid, but I consider that a
half-solution. Especially for something as simple as sudoers - you only
need to know: who can have privilege, from what hosts, and what commands
they can use. That just cries out for a Q&A system.

> I very much like the idea of one that doesn't let me write invalid
> files, but I also don't want to have to respond to potentially badly
> worded questions. And what if my language isn't supported?

That's still an argument against specific implementations, and not the
concept of GUI config tools.

> To edit
> config files by hand just requires that I understand the contents of
> the text file,

And that's the problem. Most configuration changes are performed by users
who have, at best, a _vague_ understanding of the contents of the text
files.

> and have an editor that understands the characters. To
> edit config files by Q+A requires that I understand the language in
> which I am being asked.

I'm sure you're more experienced in the hazards of i18n than I am, as I'm
unilingually english, but I don't see that the situation is any different.
You have to learn the meaning of the values in the config file, or you have
to learn the meaning of the questions you're asked. Either one is going to
present problems to people not using the native language of the
application. However, the questions in a gui _can_ be presented in the
user's language, the config file settings _can't_.
--
derek


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 03:56 PM
Derek Broughton
 
Default

Florian Diesch wrote:

> Derek Broughton <news@pointerstop.ca> wrote:
>
>
>> _webmin_ - it's the individual modules. Personally (and list members
>> should by now be getting tired of hearing me say this) I believe that GUI
>> admin tools are _always_ the right way to do configuration, and this is
>> pretty much anathema to many of the hardline debian geeks. Configuration
>> should always be possible through a question/answer system, rather than
>> hand-editing, because even the most experienced users make mistakes when
>> hand-editing, while a GUI tool should always prevent syntactic errors.
>
> * GUI tools usually don't have things like search, replace, undo,..
> which makes them hard to work with except for very simple tasks.
>
> * Most of them don't support saving and restoring so it's hard to go
> back to or compare with your old settings
>
> * Often they don't support comments which IMHO makes them close to
> unusable if more than one person is modifying the config or configs
> are worked with over a long time

Yet again, these are arguments against specific implementations, not
arguments against doing configuration with tools. There's no excuse for a
gui tool not supporting save & restore. Heck, if I was writing the tool,
I'd probably embed svn. Yes, comments are important - so when writing a
config tool, _make_ people add comments. If you're hand-editing, you
certainly can't enforce that. The search/replace/undo business is harder
to implement, but there's no reason at all that the config tool shouldn't
or couldn't do it.
--
derek


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 04:08 PM
Derek Broughton
 
Default

Les Mikesell wrote:

> Derek Broughton wrote:
>
>> We trust Open Source
>> programmers even more because we can audit their code. Anybody who
>> thinks it's safer to edit a config file by hand than with a GUI isn't on
>> my hiring list.
>
> Safer isn't usually the point.

I disagree - I think it's the whole point.

> If you have to edit a config file at all
> it is usually because either the programmer got it wrong or you want to
> do something he didn't consider.

Not at all - how do you deliver Postfix, or Apache, or even SSH fully
configured to do everything a particular installation will require? They
always need an admin to set them up.

> If you insist on having program
> verification of everything, you won't be able to fix the situation where
> the program is wrong and you won't be able to deal with any new
> situations the programmer didn't expect. Also if the GUI editor is not
> actually part of the program in question there's a very good chance that
> it will be out of sync with the syntax is is supposed to help you with.

Still everybody is thinking in terms of particular deficient tools they've
seen. Of _course_ the config tool needs to be part of the package
providing the application, and so must always be in sync. Given that
assumption, it's really rather trivial to ensure that the tool is always
capable of modifying every possible configuration setting with every
possible value (though rather harder to ensure that it only permits certain
combinations).
>
>> There's a very good reason that /etc/sudoers contains this warning:
>>
>> # This file MUST be edited with the 'visudo' command as root.
>>
>> It's not a GUI (though actually, it could be) but it forces verification
>> of the file before actually replacing the old file
>
> If it were a GUI - and actually required... you wouldn't be able to fix
> it easily remotely or with just a console login.

Please explain - I don't believe that. GUI doesn't, for instance, exclude
curses-based interfaces.
>
> There is a valid point that programs should provide a way to check the
> syntax of their own configs that is less drastic than restarting them
> and crashing, but the idea that something should keep you from making
> changes that no one thought about before is very un-unix-like. If you
> can't break it, you probably also can't improve it.
>
I don't disagree with that, and know that absolutely preventing hand-editing
is _never_ going to happen. But as someone who has brought down major
banking systems by making the wrong config change, I'm also very aware of
the need to make some applications bullet-proof.

If I was your boss, I'd need a written explanation of exactly why you had to
hand-edit a config file for a sensitive server before I'd permit it if
there was a tool available for it.
--
derek


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 04:17 PM
"Steve Lamb"
 
Default

On Tue, May 20, 2008 7:05 am, Derek Broughton wrote:
> Hahahahaha! I just saw an admin upgrade 3 servers last week, without doing
> anything more than a superficial check of any of them. It was days later
> that he actually figured out what he'd done wrong and fixed it...

Your point? That all sysadmins are sloppy? Or just the ones you want
to bolster your position?

> In the case of an SSH server, wouldn't it make more sense to use a config
> tool that actually _did_ try to establish a new connection before
> finalizing the changes?

No, it wouldn't. It's obvious to anyone who doesn't have a chip on his
shoulder as to why.

--
Steve Lamb


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 10:20 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org