From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from z.eggo.org (z.eggo.org [80.235.105.138]) by huchra.bufferbloat.net (Postfix) with ESMTP id 36ECE21F41D for ; Thu, 2 Oct 2014 22:38:35 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by z.eggo.org (Postfix) with ESMTP id 0BC823C19A8; Fri, 3 Oct 2014 08:38:34 +0300 (EEST) Received: from z.eggo.org ([127.0.0.1]) by localhost (z.eggo.org [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id wMfb83CdF2zr; Fri, 3 Oct 2014 08:38:29 +0300 (EEST) Received: from localhost (localhost [127.0.0.1]) by z.eggo.org (Postfix) with ESMTP id 183443C2B7F; Fri, 3 Oct 2014 08:38:29 +0300 (EEST) X-Virus-Scanned: amavisd-new at harvee.org Received: from z.eggo.org ([127.0.0.1]) by localhost (z.eggo.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id gFap07VH895F; Fri, 3 Oct 2014 08:38:29 +0300 (EEST) Received: from [172.30.42.25] (unknown [73.38.247.110]) by z.eggo.org (Postfix) with ESMTPSA id 4E2B23C19A8; Fri, 3 Oct 2014 08:38:28 +0300 (EEST) Message-ID: <542E3654.4050707@eggo.org> Date: Fri, 03 Oct 2014 01:38:28 -0400 From: "Eric S. Johansson" User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 MIME-Version: 1.0 To: Dave Taht References: <542DFCCA.7080708@eggo.org> <542E1267.1000208@eggo.org> <542E221F.1010303@eggo.org> In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Cc: =?UTF-8?B?Sm9lbCBXaXLEgW11IFBhdWxpbmc=?= , cerowrt-devel Subject: Re: [Cerowrt-devel] vpn fw question X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Oct 2014 05:39:05 -0000 On 10/3/2014 12:32 AM, Dave Taht wrote: > Oh no. A lot of the complexity in cerowrt is just there to make sure > that complex > setups can work. I care a lot about exposing appropriate functionality, routing > in an IoT world, as one example, not one whit about the gui stuff. I agree that complexity should be exposed to some level but it shouldn't be your first option. I have this overly told tale about my sender pays anti-spam system call two Penny blue. It worked well and where showed it off at the MIT antispam conference, there were a significant number of folks that want to steal my user interface they liked it so much. It changed the whole paradigm of antispam interfaces. The entire focus was on getting the job done without making's fighting spam your life. I want to carry the philosophy through for firewalls. I'm almost willing to bet you were really expensive lunch that I can give you the same control you want in a much more understandable package. :-) The reality today is most IT folks don't have time to be security experts. Like in what I'm trying to do with VPNs, my intent is to bridge networks between multiple offices. Did this with IP cop and each node took approximately 45 minutes to get running with IP sec. The secret is following the intent of what the person wants to do so they get the job done get on with their life. For example, I would love to build an interface that based on a graphical representation of the network. By drawing lines you show logical connectivity between two nodes. Tapping on each end of the line brings up the dialogue to show the characteristics of that link such as a pinhole for the service. There's other ways of presenting more detailed information that one can use to quickly make the right change. > > The luci part of openwrt is sorely in need of more bodies. Yeah that's the challenge for me. I've got a broken body. My hands don't work so good and I use speech recognition which means any time I do a lot of work in some area, I build a speech user interface to do what's necessary to save my hands. If you think regular GUIs are hard, try writing a speech user interface. Too many people think in terms of how to do it rather than what you want to do. > > There is an attempt to rewrite the gui in more javascript in luci2. In many ways that's a wise choice as long as you don't use JavaScript ;-) > > the openwireless.org folk are doing their own gui for cero, and realizing that > the 80/20 rule applies, but it's a different 20 for every user. See their > mailing list and codebase for details. That's a good point and that's why you always want to have a backup interface that exposes everything. But that's also why I'm a good user interface designer. If I listened to enough use cases, I can come up with a more general interface you might think possible at first glance. I also am a bit of a cynic which manifests as "the only truly intuitive user interface is the mammalian nipple and as any nursing mom will tell you, even that isn't intuitive enough for a significant number of users" > > Every manufacturer dumbs down the gui so much these days that it's > impossible to turn nat off on current netgear, dd-link, and apple products. Yeah that's part of the problem. People think reducing functionality is a simpler interface. It's just a different kind of complexity. that is a rant I will save some bar evening over root beer. > > I, personally, happen to really like naming interfaces after their function > given the expressiveness of the pattern matching syntax, but it is > an idea few have adopted.... I'm with you. So why not do it? Convention is only useful if it serves a purpose. At the same time, with the relationship structure between all the different elements because there may be other simplifications that can come out of a different kind of complexity. For example, in UCI you have the IP address and network information scattered through multiple files and any time the solution to a problem with changing networks is sed, you have the wrong solution. I'm hoping to extend UCI to work with named constants instead of literals for arguments. A little bit more complexity in the right place, simplifies configuration files and configurability. This change also makes it possible to start calculating the relationship between the different subnets so that if you need to make the network subnet bigger, you change subnet mask and everything else falls out automatically. I'm big on making things self adjusting like that because it makes my hands not hurt. If I need a more professional explanation I say it's a form of universal design to accommodate all abilities. :-) Anyway, I need to get to bed so I can get some good work in tomorrow. Joys of being a self-employed crip. --- eric