FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 05-20-2008, 08:21 PM
Les Mikesell
 
Default

Derek Broughton wrote:
>
>>>> Safer isn't usually the point.
>>> I disagree - I think it's the whole point.
>> Doing something no one anticipated it often the point. Or repeating it
>> hundreds of times. Neither works well in GUI's.
>
> Why would "repeating hundreds of times" not work well in a GUI? A properly
> designed GUI would let you enter the change once, and apply many.

How would that happen? The repeated instances would be on different
machines and/or at different times. Command lines and text files are
easy to recall/cut/paste and in many cases the documentation can be a
pastable copy, where with GUI's you end up with screen shots of settings
you have no way to reproduce without going through all the same motions.

>> There's a reason for that, which is that the programmer can't anticipate
>> what you want and for the same reason can't check that it is correct.
>
> But he _can_ check that it's correct.

Not in general.

> For instance, to configure postfix as
> a smarthost, it needs to know your ISP's SMTP server name, port, and
> authorization information. When you enter those into a config tool, it can
> open a connection to the server and test it.

First, remember that postscript was written specifically to be easy to
configure so you are cherry-picking an example. Then consider that you
may be configuring a machine to ship elsewhere and the tests you want to
perform won't work when you need to make the change.

>> It's not trivial, and in the case of arbitrary settings isn't going to
>> help you anyway. If you have a small list of choices that just have to
>> be spelled right, a wizard can help, but those aren't that hard to get
>> right by yourself.
>
> It _is_ trivial.

Let me know when you are done writing it.

>> Start by assuming the program is wrong and that's why you have to fix it
>> and maybe you'll see the problem.
>
> Which program? The gui config tool?

Any part of any program can be wrong.

> Why would I assume _it's_ wrong any
> more than I would assume somebody screwed up the config in an editor?

You haven't been doing this very long, have you? Wade through the bug
history on a few large programs to catch up. It's a pretty safe
assumption that every program has bugs and it's just as easy to make a
mistake in program source as a config file. And you'll find some
programs where the config file is actually a snippet of program source -
this is pretty common with perl applications and gives you arbitrary
freedom in what you put there.

>>> If I was your boss, I'd need a written explanation of exactly why you had
>>> to hand-edit a config file for a sensitive server before I'd permit it if
>>> there was a tool available for it.
>> If it is a sensitive server, the changes should be under revision
>> control which is trivial with things controlled by text files and
>> arbitrary editors and generally impossible with wizardly things.
>
> Sorry, that's an insane statement. If I am editing a config file with an
> editor, it's up to me to make sure changes are checked into version
> control.

And that's a problem? Why?

If I'm editing it with a wizard, I'd absolutely build svn right
> into the wizard.

Great, let me know when it's done. And when it will match my version
control system.

> It's not only not "generally impossible" it's a sight
> simpler. I've never suggested that we make the config files
> non-human-readable, I just don't want them edited directly by people.

And I'm not saying that things can't be improved, but it's not a new
problem and GUI's haven't helped solve it yet. I am surprised that some
distribution hasn't wrapped system management around one of the version
control systems to a point where someone could 'publish' their
configuration (packages plus all the setup with some local exclusions)
and any number of others could automatically clone it and track changes.
A few hundred of these tuned for different purposes would probably
take care of most people's needs.

--
Les Mikesell
lesmikesell@gmail.com

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 08:25 PM
Mike Bird
 
Default

On Tue May 20 2008 13:08:01 Derek Broughton wrote:
> Well, I'm not going to write the config tool right now (or probably ever -
> I never liked procmail - though I was working on one for maildrop), but
> start at the beginning - sooner or later every recipe has to deliver mail
> to a file, pipe or program, or to another user. It's simple to check that
> the file/pipe/program exists.

Not it's not. I have hundreds of clients where the destination
Maildir includes a string taken from elsewhere in the email.
As a simple example, my mgb-ubuntu@yosemite.net address (after
some very careful validation) directs messages to an Ubuntu
folder within my main mail account. What's more, I could add
a Kubuntu folder and start using mgb-kubuntu without changing
the procmail script.

How is your program going to understand all the validation and
rewriting that goes on in my procmailrc, when you can't even
figure out which of my Postfix servers should bind loopback only?

It's nice to have dreams, even impossible dreams, but writing
about them on a technical list is impolite and wasting our time.

--Mike Bird

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 08:30 PM
Mario Vukelic
 
Default

On Tue, 2008-05-20 at 16:33 -0300, Derek Broughton wrote:
> Funny - it doesn't look at all like the book...

For some reason it's hosted on NS's website for the other book,
Cryptonomicon, and inherits its design.

> Unfortunately, it isn't in my library

Fortunately, it is online. It is really an amazing read.
http://www.wired.com/wired/archive/4.12/ffglass.html

> Sure it was.

I remember distinctly that you wrote that in an ideal world, cli changes
would be impossible and everything would have to be validated through a
gui. (To which I replied that I want you to leave me out of your ideal
world)

> Except to the point that Bart said "Sometimes just popping in
> with a text editor is great for that", because I believe with the right
> tools you'd never need to.

And I am sure that sometimes you do. It's always like that. In Formula
1, they spend a billion EUR a year to make cars go 'round in circles
fast, with the most extreme high-tech. But I'm sure sometimes they
nevertheless have to apply some duct tape.

> Unfortunately, nobody is ever going to bother
> writing those "right tools" because it gets so much resistance from the
> l33t.

I believe people would fall over themselves to implement these tools, if
it were possible. Imagine the revolution once _everyone is able to
deploy websites absolutely securely and validated through a perfect GUI
along with a config checker -- the youtube revolution would be nothing
compared to it.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 08:38 PM
Avi Greenbury
 
Default

On Tue, 20 May 2008 16:33:59 -0300
Derek Broughton <news@pointerstop.ca> wrote:

> Sure it was. Except to the point that Bart said "Sometimes just popping in
> with a text editor is great for that", because I believe with the right
> tools you'd never need to. Unfortunately, nobody is ever going to bother
> writing those "right tools" because it gets so much resistance from the
> l33t.
> --

There's plenty of resistance to, say, malware. That still gets
developed.

I'd suggest it's more likely that those 'right tools' haven't yet been
developed because, at best, they're complicated and difficult tools to
write, to the point where no-one's yet seen them as worth developing.


If there were a tool that was good enough to completely replace
text-file config, I would be incredibly interested in it.

--
Avi Greenbury

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 08:48 PM
Derek Broughton
 
Default

Les Mikesell wrote:

> Derek Broughton wrote:
>>
>>> But some configs are perfectly valid in situation A, but break your box
>>> or network in situation B.
>>
>> Show me one that can't be predicted in advance. You're denying that it's
>> deterministic.
>
> What are the possible choices for RewriteRules or ProxyPass directives
> in an apache config? You can verify that server won't crash with some
> contents you choose but not that it will actually function correctly or
> at all. There are any number of configuration options where the entries
> are completely arbitrary.

You can't verify it any more if you hand-edit the file either. So there's
no advantage there using a text editor. However, if you really want to to
semantic validation too, this is a fine example - since I actually have had
to do this recently :-)

I have an apache server that proxies a bunch of Plone servers. The rewrite
rules look like:

RewriteRule ^/cmb(.*)
http://localhost:9080/VirtualHostBase/http/www.DOMAIN:80/cmb$1 [L,P]

So the first thing I do after adding one of these is:
# wget http://localhost:9080/VirtualHostBase/http/www.DOMAIN:80/cmb/
# wget http://www.DOMAIN:80/cmb/

The first verifies that the rewrite target is valid, and the second verifies
that the source is valid. That would be easier to do in the config tool...
--
derek


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 09:30 PM
Karl Larsen
 
Default

Dotan Cohen wrote:
> 2008/5/20 Steve Lamb <grey@dmiyu.org>:
>
>>> A web page with a drop down box and a text field would be more _efficient_.
>>>
>> According to who's measure?
>>
>> vim - 8Mb.
>>
>> Apache - 13-20Mb
>> Firefox - 80Mb
>>
>> Certainly not space.
>>
>> Certainly not keystrokes since chances are the URL itself is longer than
>> the entire operation in a text editor.
>>
>> Certainly not time since I can open a terminal, ssh over, edit the file
>> and save it before I can even load FF.
>>
>>
>
> It would be efficient because then you wouldn't have to learn all
> those funny CLI commands that you use in SSH, and you wouldn't have to
> use that editor with two modes: one that mungles text and one that
> beeps at you.
>
> For those who already _have_ learned to use the proper tools, the CLI
> and manual edits are much more efficient. For those who want to
> administrate a server without learning, there is Windows Server
> 200[3||8] and a fancy GUI. Though, I've heard that WS2k8 does have a
> decent cli now.
>
> Dotan Cohen
>
Whenever the subject is servers this list gets 200 messages. I am a
home user and could not care less about a server. As for GUI devices
they are nice. I use the Open Office to make ppp files that play on a
Windows machine and everyone asks where did you get those nice symbols?
I say Linux and they shut up.

Karl


--

Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
PGP 4208 4D6E 595F 22B9 FF1C ECB6 4A3C 2C54 FE23 53A7


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-20-2008, 09:34 PM
Les Mikesell
 
Default

Derek Broughton wrote:
>
>> What are the possible choices for RewriteRules or ProxyPass directives
>> in an apache config? You can verify that server won't crash with some
>> contents you choose but not that it will actually function correctly or
>> at all. There are any number of configuration options where the entries
>> are completely arbitrary.
>
> You can't verify it any more if you hand-edit the file either. So there's
> no advantage there using a text editor. However, if you really want to to
> semantic validation too, this is a fine example - since I actually have had
> to do this recently :-)
>
> I have an apache server that proxies a bunch of Plone servers. The rewrite
> rules look like:
>
> RewriteRule ^/cmb(.*)
> http://localhost:9080/VirtualHostBase/http/www.DOMAIN:80/cmb$1 [L,P]
>
> So the first thing I do after adding one of these is:
> # wget http://localhost:9080/VirtualHostBase/http/www.DOMAIN:80/cmb/
> # wget http://www.DOMAIN:80/cmb/
>
> The first verifies that the rewrite target is valid, and the second verifies
> that the source is valid. That would be easier to do in the config tool...

Except that (A) you'd have to write this mythical config tool first, (B)
you'll find it impossible to describe in general how to construct the
URL that tests your rule, and (C) the test target may not be ready or
working at the time you want to add the rule.

By the way, if you like the idea of canned/programmed configs, you might
like SME server (http://www.contribs.org) which takes the concept
about as far as anyone so far. If you want an internet NAT gateway with
firewalling, and/or smb/ftp/web/email servers you can have them by
filling in simple forms - and it can do things like mapping different
host/domain names to different virtual servers on the same box. But if
you want anything else you probably won't like it at all because the
configs are mostly rewritten from templates and web form entries on any
change.

--
Les Mikesell
lesmikesell@gmail.com


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-21-2008, 12:51 AM
Bart Silverstrim
 
Default

Mario Vukelic wrote:
> On Tue, 2008-05-20 at 14:23 -0400, Bart Silverstrim wrote:
>> No doubt, not disagreeing, I was pointing out that you can follow
>> everything to the letter and still have something go glitch-wrong. Even
>> 1:1 systems can suffer a data corruption or some other gremlin that
>> *shouldn't* happen but can.
>>
>> Thus I find it more important to have contingencies in place.
>
> Sure, I agree about that, who wouldn't. But I fail to see how this can
> be an argument _in _favor of GUI tools for complex configuration tasks.
> It just adds complexity into the process, and additional bugs. A
> sufficiently complex config file requires a very complex GUI with its
> own bugs, which is now trying to hand-hold an experienced admin.

Actually that was addressing the bank system requiring testing bit, not
the GUI/CLI question.

> Let's put it this way, I trust a good unix database admin more than an
> MSCP with a GUI tool.

Which is a nice stereotype, I'll not get into the good or bad points of
perpetuating those right now though...

>> I see
>> notices that my online banking may not be available from 1AM to 5AM on a
>> Sunday morning once in awhile.
>
> :O Really?

Yes...not making it up. Well, the times are made up, but I know it's a
several-hour window at some ungodly hour of the morning over the weekend
for a sysadmin to be at work in our time zone, so I'm assuming it's a
lull time in usage.

> Anyway, online banking for private customers is one thing. I was rather
> talking about the bank's connection to the huge global financial
> systems, like stock exchanges. They CANNOT go down.

No doubt that's the goal. But I'd also point out that it *has* gone down
before. It's just rare. And being in the public, we probably aren't
privy to the close calls and stinky-pants moments that their
behind-the-scenes admins could talk about.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-21-2008, 12:55 AM
Bart Silverstrim
 
Default

Mario Vukelic wrote:
> On Tue, 2008-05-20 at 14:57 -0400, Bart Silverstrim wrote:
>> I loved that essay. I think even he said it was dated, though.
>
> Me, too (everything by NS, in fact. Did you read Mother Earth, Mother
> Board?). And sure it is dated, but the basic point still stands: you
> don't outlaw hole-hawgs because some do-it-yourselfer might go in
> circles at the outside wall of his house
>
>> What I think the point of the thread should be [...]
>
> I agree with all of this but again, this was not really what Derek
> suggested.

I'm married to a wonderful wife and have a teenage step-daughter. I like
being able to finally saying something where someone agrees with me.

</ducks>

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-21-2008, 01:32 AM
Bart Silverstrim
 
Default

Les Mikesell wrote:
> Bart Silverstrim wrote:
>>> My point was that anyone who has ever had to edit a complicated MS
>>> server with its GUI tool knows why CLIs are better suited for that task,
>>> at least for knowledgeable server admins, which frankly anyone should be
>>> who admins a valuable server.
>>> Those who have had to manager 100 servers with GUI tools know even
>>> better.
>> I don't have 100 servers, but I have had a fair number of systems to
>> configure and quite frankly I find a mix to be most appropriate. The
>> command line is slick and fast (as long as I've already learned about
>> and know what I am doing). But it gets *unwieldy* when I have a two or
>> three line set of commands because of long paths or redirects, for
>> example.
>
> But after you have done it once, you can just recall that command and
> edit it into ssh commands to your other machines, paste it into shell
> windows running remotely, or paste it into a text file or script for the
> next time you need to do it.

And backspace to where in the line I need one subtle change from what I
just executed previously... :-)

>> It is a lot easier for me to (again, just an example) have a
>> graphical interface where I can set options and let it rip with a task.
>
> If there's more than a couple, they always end up hidden behind tabs you
> can't see with no way to script a repeatable operation.

Actually I've used a couple programs that were basically front-ends, and
at some location in it the application there was a window with the
"resulting command". I'm thinking of two in particular at the moment,
one for setting up SSH tunnels on OS X and one for working with NMap,
but I could be mistaken.

>> I have had tasks that are easier with a few typed commands. I've had
>> some where it's just easier for me to work with a tree of objects. Ever
>> try navigating the Windows registry by command line? Painful, with some
>> hive and key names.
>
> But if you have that path in a text file, it becomes a cut/paste

Are you talking about this operation being done in X? Because that would
also technically be utilizing a GUI to assist in the administration :-)

>> Graphically, it's a cinch, plus easier to compare
>> two or more keys.
>
> How is anything easier to compare than what diff will do to text files
> or a directory of them?

Honestly? Because I have had cases where I'm scrolling through a listing
of a large number of things and the scrolling becomes a solid pattern,
and the thing I'm looking for is an anomaly.

Or I put two windows side by side comparing items visually.

>> I still stand by the statement that so far the argument is GUI tools
>> just suck, just use it and you'll know why; this doesn't say what the
>> problem is.
>
> One problem is that GUI's don't have a way to repeat multiple
> operations. Or if they do, their programming language in no way
> resembles their interactive language, where with the command line and
> shell, a script is exactly the same as the interactive command plus you
> have some consistent tools for loops and substitutions if you want them.

Okay GUIs aren't easily scriptable. That doesn't mean they're
fundamentally flawed for other tasks any more than saying that the
command line doesn't easily let me browse hi-res photos.

> The other is that the safety checks you expect from the GUI are only
> possible for things where there are a known number of choices.

I guess I'm lost here on how the command line gives you more
safety...I've mistyped commands on the command line and hit <enter> to
accept the command out of just repetitive action, just like clicking the
<accept> button on installers without fully reading what the dialog had
to say...?

> Tools always suck when they don't do what you want.

Well, that's just about everything out there...

>> The statements made reflect just the current
>> generation of tools and your preferences without actually giving a
>> non-subjective reason.
>
> Preferences are subjective...

Preferences are. But there are other benchmarks that can be applied.
Usability studies and interface research aren't based on magic.

The tools and techniques often aren't a %100 fit. But on average you can
find trends against which to judge the tool.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 08:26 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org