FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 05-20-2008, 06:19 PM
Derek Broughton
 
Default

Mario Vukelic wrote:

> On Tue, 2008-05-20 at 11:05 -0300, Derek Broughton wrote:
>> Hahahahaha! I just saw an admin upgrade 3 servers last week, without
>> doing
>> anything more than a superficial check of any of them. It was days later
>> that he actually figured out what he'd done wrong and fixed it...
>
>> In the case of an SSH server, wouldn't it make more sense to use a config
>> tool that actually _did_ try to establish a new connection before
>> finalizing the changes?
>
> Have you ever worked in a Windows-only shop with the usual assortment of
> MSCPs? Have you ever edited MS SQL Server with its idiotic GUI config?

Why is it that every argument against GUI tools is that Tool "X" is awful?
I couldn't care less how SQLServer handles configuration - especially if
it's idiotic. Could it be done better? Surely, you'd agree that it can.
>
> If you had, you would know that
> A. No GUI tool can help when your admin is an idiot

I disagree. Tools should be able to work at multiple levels for newbies and
experts. Because SQLServer's tool can't help, doesn't mean that it can't
be done. Please cite an example of a configuration problem that couldn't
be handled in a GUI.

> B. GUI tools that try to help braindead MSCPs, make real admins cry
> and change the job, leaving only the monkeys.

Configuration isn't difficult. It's tedious, and repetitive and prone to
mechanical error. It's the sort of thing that _should_ be left to monkeys.
--
derek


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 06:19 PM
Mike Bird
 
Default

On Tue May 20 2008 10:59:57 Derek Broughton wrote:
> Why? That smacks of really poor programming in the first place. Computer
> programming is deterministic - whenever "X" happens, then "Y" (OK, not
> entirely true, as you can add randomness, but the whole purpose of config
> files is usually to enforce determinism). Any deterministic system can be
> completely modeled, and so there should, in theory, be _nothing_ that a
> power user would want to configure that can't be done with a config tool
> that would prevent him doing it incorrectly.

Derek,

There are some really elementary theorems in computer science that
basically show that even really simple computer programs cannot be
understood, and that no computer that accepts input can be error-free.

So tell me, one of my servers has "inet_interfaces = loopback-only"
in /etc/postfix/main.cf (with a big comment explaining why) and yet
another one of my servers does not.

Which one is correct?

And where do I type my big explanatory comment in your GUI?

--Mike Bird

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 06:21 PM
Derek Broughton
 
Default

Mario Vukelic wrote:

> On Tue, 2008-05-20 at 10:51 -0300, Derek Broughton wrote:
>> Of course I didn't hand edit it. I used a GUI mail (actually news
>> program that enforced proper syntax.
>>
>> And yes, it asked me questions: who do I want to send it to? What's your
>> own address? What's the subject? What's the message.
>
> It didn't enforce parentheses matching, obviously.

I noticed that. In the context of RFC822, it's still syntactically correct.
I could have just used: "nc localhost 25", which is apparently what all the
experts here are using.
--
derek


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 06:22 PM
Derek Broughton
 
Default

Les Mikesell wrote:

> Dotan Cohen wrote:
>> 2008/5/20 Derek Broughton <news@pointerstop.ca>:
>>> Again, yes. Apache is less of a problem than some servers, in that I
>>> can hand edit the configs and test them before restarting Apache, but
>>> I'd be a lot happier with a tool that didn't let me write invalid config
>>> files in the first place.
>>
>> It would not be difficult to write a program that parses httpd.conf
>> and warns about an invalid file.
>
> Errr, there is one. It's called "httpd -t" and it's unusual among
> syntax-checking programs in that it is always in sync with the syntax of
> the version of the program you are going to run - since it is the same
> thing...
>
It _is_ unusual, but one has to wonder why. Every program with a config
file has to be able to parse its config file - so why don't they all
provide the same sort of functionality.
--
derek


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 06:23 PM
Bart Silverstrim
 
Default

Mario Vukelic wrote:
> On Tue, 2008-05-20 at 13:37 -0400, Bart Silverstrim wrote:
>> A) just because a system is tested in a test rig or test net first
>> doesn't mean the rollout portion will go 100% slick as eelsnot.
>
> In general I agree, but we are talking about important bank systems. An
> important bank system that is down for a few minutes can cost the bank
> millions of Dollars, or finish off the bank completely, if it was the
> wrong one that went down. Such systems usually have test rigs that are
> 1:1 copies of the live system, often on mainframes that can switch
> between the two systems seamlessly.

No doubt, not disagreeing, I was pointing out that you can follow
everything to the letter and still have something go glitch-wrong. Even
1:1 systems can suffer a data corruption or some other gremlin that
*shouldn't* happen but can.

Thus I find it more important to have contingencies in place.

My bank has large windows of maintenance scheduled periodically...I see
notices that my online banking may not be available from 1AM to 5AM on a
Sunday morning once in awhile.

The description you give regarding the 1:1 switching of mainframes with
one being a test platform is something I'd probably call a part of
having a contingency plan...but I don't think we're fundamentally
disagreeing on this point.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 06:23 PM
"Dotan Cohen"
 
Default

2008/5/20 Les Mikesell <lesmikesell@gmail.com>:
>> It would not be difficult to write a program that parses httpd.conf
>> and warns about an invalid file.
>
> Errr, there is one. It's called "httpd -t" and it's unusual among
> syntax-checking programs in that it is always in sync with the syntax of
> the version of the program you are going to run - since it is the same
> thing...
>

Thank you! I'm certain that you just saved a future server of mine.

Dotan Cohen

http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-*-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 06:26 PM
"Dotan Cohen"
 
Default

2008/5/20 Mario Vukelic <mario.vukelic@dantian.org>:
> It didn't enforce parentheses matching, obviously.
>

That's why the end parenthesis should be typed immediately after the
opening parenthesis, then the user backarrows between them. Those who
don't type in languages where this throws a compilation error don't
know this, apparently, yet they seem to be able to manage servers with
GUI interfaces just fine. Coincidence?

Dotan Cohen

http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-*-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 06:27 PM
Les Mikesell
 
Default

Derek Broughton wrote:
>
>>> We trust Open Source
>>> programmers even more because we can audit their code. Anybody who
>>> thinks it's safer to edit a config file by hand than with a GUI isn't on
>>> my hiring list.
>> Safer isn't usually the point.
>
> I disagree - I think it's the whole point.

Doing something no one anticipated it often the point. Or repeating it
hundreds of times. Neither works well in GUI's.

>> If you have to edit a config file at all
>> it is usually because either the programmer got it wrong or you want to
>> do something he didn't consider.
>
> Not at all - how do you deliver Postfix, or Apache, or even SSH fully
> configured to do everything a particular installation will require? They
> always need an admin to set them up.

There's a reason for that, which is that the programmer can't anticipate
what you want and for the same reason can't check that it is correct.

>> If you insist on having program
>> verification of everything, you won't be able to fix the situation where
>> the program is wrong and you won't be able to deal with any new
>> situations the programmer didn't expect. Also if the GUI editor is not
>> actually part of the program in question there's a very good chance that
>> it will be out of sync with the syntax is is supposed to help you with.
>
> Still everybody is thinking in terms of particular deficient tools they've
> seen. Of _course_ the config tool needs to be part of the package
> providing the application, and so must always be in sync. Given that
> assumption, it's really rather trivial to ensure that the tool is always
> capable of modifying every possible configuration setting with every
> possible value (though rather harder to ensure that it only permits certain
> combinations).

It's not trivial, and in the case of arbitrary settings isn't going to
help you anyway. If you have a small list of choices that just have to
be spelled right, a wizard can help, but those aren't that hard to get
right by yourself.

>>> There's a very good reason that /etc/sudoers contains this warning:
>>>
>>> # This file MUST be edited with the 'visudo' command as root.
>>>
>>> It's not a GUI (though actually, it could be) but it forces verification
>>> of the file before actually replacing the old file
>> If it were a GUI - and actually required... you wouldn't be able to fix
>> it easily remotely or with just a console login.
>
> Please explain - I don't believe that. GUI doesn't, for instance, exclude
> curses-based interfaces.

Start by assuming the program is wrong and that's why you have to fix it
and maybe you'll see the problem.

>> There is a valid point that programs should provide a way to check the
>> syntax of their own configs that is less drastic than restarting them
>> and crashing, but the idea that something should keep you from making
>> changes that no one thought about before is very un-unix-like. If you
>> can't break it, you probably also can't improve it.
>>
> I don't disagree with that, and know that absolutely preventing hand-editing
> is _never_ going to happen. But as someone who has brought down major
> banking systems by making the wrong config change, I'm also very aware of
> the need to make some applications bullet-proof.

Did you do a diff against a known good copy to check your changes before
activating them?

> If I was your boss, I'd need a written explanation of exactly why you had to
> hand-edit a config file for a sensitive server before I'd permit it if
> there was a tool available for it.

If it is a sensitive server, the changes should be under revision
control which is trivial with things controlled by text files and
arbitrary editors and generally impossible with wizardly things. And if
there is a tool that knows what the change should be, let it make the
change itself instead of wasting a person's time.

--
Les Mikesell
lesmikesell@gmail.com

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 06:29 PM
Paul
 
Default

On Tue, May 20, 2008 at 2:14 PM, Derek Broughton <news@pointerstop.ca> wrote:

Paul wrote:



> On Tue, May 20, 2008 at 1:43 PM, Bart Silverstrim

> <bsilver@chrononomicon.com> wrote:

>

>> My statement so far appears to still be valid. No one is arguing

>> anything other than the implementation of tools that currently exist,

>> and no one has yet to produce a valid argument that wizards, graphical

>> configurators, and CLI tools cannot coexist depending on the situation

>> at hand.

>

> This is getting ridiculous.



There's something ridiculous about that? *Bart's the only person who

actually seems to understand the importance of the thread.
I didn't mean to imply that his point was ridiculous.* I meant the thread in general...it's just turning into namecalling.



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 06:30 PM
"Steve Lamb"
 
Default

On Tue, May 20, 2008 11:23 am, Bart Silverstrim wrote:
> No doubt, not disagreeing, I was pointing out that you can follow
> everything to the letter and still have something go glitch-wrong. Even
> 1:1 systems can suffer a data corruption or some other gremlin that
> *shouldn't* happen but can.
True, but this particular sub-branch of the overall thread was started
when Derek pointed out that it was his mistake that caused it. Not data
corruption or gremlins.

--
Steve Lamb


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 03:34 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org