Most System Administrators Prefer Firewall GUIs Over CLIs

When it comes to firewalls, most system administrators prefer to use a graphical user interface (GUI) rather than a command-line interface (CLI), a new academic study published over the summer has revealed. From a report: Despite the many preconceptions that system administrators are almost all ardent CLI users, firewall GUIs won by a pretty large margin in a survey compiling results from more than 300 respondents. Almost 60% of sysadmins said they "preferred" GUIs over CLIs, and 70% said they "used" GUIs on a daily basis. The survey showed that while CLIs might be popular in some circles, they are not the most ideal interface for managing a complex security software suite like a firewall. The survey, which included more than 15 questions that also sought to discover the reasoning behind each answer, revealed that "usability" was the main reason why system administrators tended to prefer and use firewalls more than CLIs.

Now do this by age

[geggam]

Group the results by age. The older folks are comfy with CLI as they grew up with it.

Younger kids are less excited about using it.

Re:

[NoMoreACs]

Group the results by age. The older folks are comfy with CLI as they grew up with it.

Younger kids are less excited about using it.

I'm about 4 years from Social Security age, and I hate CLIs.

I know them. I grew up with them. But I still hate them.

Next generalization?

Re:

[nyet]

Every generation has its morons.

Re:

[mark-t]

I would guess that is only to the extent that age might tend to overlap with experience.

Most likely to do with familiarity

[guruevi]

I like CLI for the stuff "I know" but I prefer GUI's for stuff I'm not continuously using or overly familiar with. I also like GUI's that can do complex tasks for me in a single button, which firewall rules belong to typically.

In the end, I have to regularly dive into the CLI anyway, but I'm shying away from eg. deploying Docker for my team because specializing someone is risky. Rather have a GUI like VMWare or VirtualBox even though it's not as performant as Docker, but Docker development and associated GUI's are crap, let alone Kubernetes, SystemD and all the other hell-spawn the "cloud" brings us.

Re:

[i.r.id10t]

This. Script or GUI to generate the core set of firewall rules into a script, then edit the resulting script to add a few tweaks that the GUI didn't account for (like running stuff on non-standard-for-protocol ports)

Research says that's what each is good for

[raymorris]

Research (and common sense) suggest that for a unfamiliar system, it's useful to he able to see the available options. Once you know what you want to do, a CLI is much faster.

As a silly example, I don't go to McDonald's much. The other day I went in an saw they have kiosks where you can order. With no training necessary, I clicked "Sandwiches > Burgers > Quarter Pounder with Cheese", then "Customize > Onions > Remove". It only took maybe two minutes to order a burger, without ever having see

Re:

[war4peace]

If I were entering burger orders all the time, I could type "quarterpounder -onion" in under 3 seconds.

How I love it when people conveniently leave out all other steps and yell "me can do in 3 seconds!" - no, you can't.
First you would need to log in. The GUI does that for you, but the CLI doesn't. Then, the "-onion" option would need to have arguments, which you would need to learn, e.g "-onion off" or "-onion double", or if the CLI option would be really elegantly built, "-onion keeponly" which would remove all other optional ingredients and leave only onion enabled. You are also missing the quantity argume

Re: Research says that's what each is good for

[whopis01]

You missed the part where the poster said âoeand requires you to know how to use itâ.

Re:

[war4peace]

No, I have not. That knowledge takes months and months to learn, it doesn't just pop in one's brain. He conveniently left that out of the equation.

Of course GUI has advantages

[fred6666]

You don't have to remember cryptic commands by heart and you can get a quick view of the available options.

The problem is that firewall GUIs only implement a tiny subset of what can be done. All other options must be configured either using the command line, or by editing a configuration file through the GUI, which kind of defeats the purpose of a GUI.

I like the fact that I can enable masquerading and port forwarding easily through my router's web interface. However, I had to add custom commands to do advanced stuff such as routing based on source IP address.

Re:

[oh_my_080980980]

And that's the point. Too many times the GUI gives you fisher price level of control and you are forced into the command line in order to execute advance commands. .

Re:

[omnichad]

But that's not the problem with GUIs, it's the problem with *a* GUI. The fix is to close the gap.

Re:

[fred6666]

Give me a single example of a GUI with all options from iptables and iproute2
And no, a GUI with a text editor an a configuration file doesn't count.

Re:

[war4peace]

I had mentioned it before, but Ubiquiti ERPoE router Config Tree tab is pretty exhaustive (screenshot for your convenience):

https://imgur.com/QR9wStT [imgur.com]

Re:

[fuzzywig]

Draytek modem/routers have the exact same functionality in their GUI as they do in their CLI.

Re:

[fred6666]

I bet it's a subset of iptables, or if it's not iptables-based, then a quite simple firewall compared to what iptables can do.

Re:

[Retired ICS]

And if you ever touch it again with the GUI it will delete all the "advanced" configuration and go back to being a fisher-price toy.

Re:

[mark-t]

You don't have to remember cryptic commands by heart ....

Objectively labelling the commands as "cryptic" when that is actually only a function of how much exposure one has had to them is, I think, kind of poisoning the well [wikipedia.org].

The English language is going to be cryptic to someone who has never heard it before, that certainly doesn't make the language cryptic.

Re:Of course GUI has advantages

[That Ordinary Guy]

However, I had to add custom commands to do advanced stuff such as routing based on source IP address.

Strictly speaking, you don't do routing with a firewall. You can nevertheless tag packets so they are handled differently at the routing layer. You may also redirect ports/ips but this is not really routing.

I never put routing instructions in my firewall scripts since the firewall is reloaded more often than the routes and you don't want to affect the routes every time you reload the firewall rules.

SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

[lesincompetent]

To the potential (elitist?) naysayer i say go configure a Cisco ASA.

GUI for easy associations, CLI for speed & Pow

[RavenLrD20k]

Well designed GUIs are great when you need to get something basic going quick, but they lack the power that one can get out of the CLI when you know what you're doing with them. For instance, when I set up CISCO routers through the CLI, I can use my network documentation to get it and the firewall configured and throwing packets around in about 2 minutes per machine, mostly waiting on the hardware to catch up. When I was configuring my Ubiquiti router for the first time through its GUI, it took me a bit l

Doesn't that kind of depend...

[Hizonner]

... on exactly what you're actually doing at the moment?

Study brought to you by somebody who wants to cheap out on one or the other...

Why not both?

[bettodavis]

GUIs and web based interfaces are fine for interacting with products you aren't very familiar with or that you .rarely have to interact with

CLIs on the other hand are better for automation.

Products targeting massive deployment and replication should have CLIs in the first place, but you can certainly have both to give you options. VMWare ESX is a good example of a product giving you both a functional GUI and a solid CLI for automation

As long as proper security measures are enforced, you can benefit either way.

Give me a CLI

[denisbergeron]

With a gui editor over any GUI interface.

CLI over you more control over GUI.

A GUI Editor will make you editing rules faster and prevent stupid error

GUI are good. But keep a fully functioning CLI

[jellomizer]

I am happy with a GUI interface for tools. A good GUI gives you all the options the product can do and a way for you to look them up and see what is available, and a new feature or a new request makes it easier to see if it can be accomplished. However my main rule of IT. If you are doing the same job every day in IT, you are doing your job wrong. In that case CLI are wonderful for scripting, so those common jobs you need to do every day can be done via CLI inside a nice script.

I am normally weary of hiring an Admin who is CLI only, or GUI Only. a CLI only guy will use the feature they know about, and often are not to curious about new features and tools available. In terms of Firewall and Security we need flexibility and often out of the box methodologies to keep security high, while meeting business requirements. GUI Only people often fail to understand the core on how things really work, and often wast their time playing in the GUI where a quick and effective script can do the the job. As well sometimes there are CLI options not available on the GUI.

Yep.... GUI for me, please!

[King_TJ]

I put up with the command line for firewall configurations when I'm forced to use it. (For example, there were more advanced things I couldn't configure with the GUI that came with my Ubiquiti EdgeRouter X firewall appliance.) Because their web site has good support pages with details on how to do most tasks, it make that much more acceptable. Just do a search for what you need and follow the step by step directions.

I remember a less pleasant experience configuring firewall rules in an old Cisco PIIX firew

Does fwbuilder still work?

[drinkypoo]

Last time i looked for OSS FW GUIs i settled on fwbuilder. It spits out a shell script if you target Linux. Then you can fiddle the script.

It all depends

[cyberchondriac]

For some things, like linux administration, I generally prefer CLI w/ just a few exceptions.

For SAN fabric mgmt though, I definitely prefer GUI, I like seeing everything layed out in neat columns, and it's less likely to result in a broken zone due to my mistyping a long ass WWN or something. Also, the mini map that Cisco DCNM SAN Fabric mgr provides is a nice visual of the whole SAN.

Tools are tools; CLI and GUI just offer somewhat different perspectives for the most part. Unless the GUI is really poorly

The study in short..

[localgh0st]

- Most people who use a CLI, prefer a CLI (CLI 61 vs GUI 7).
- Most people who use a GUI, prefer a GUI (GUI 169 vs CLI 30) .
- The amount of respondents currently using a GUI is higher than those currently using a CLI.

I don't think it's a very interesting study, especially given the lack of any questions regarding the (operating) systems used.

Not for configuration.

[rlwinm]

I don't know any professional who uses GUIs for those sorts of tasks. Maybe MCSEs or something.

GUIs are problematic for any complex configurations: (1) You can't easily save the exchange as notes for future reference like you can with text. (2) You can version text in a source control system and easily see what changed over time. (3) You can't script GUI interactions so you can replicate things over multiple devices & sites.

Sure, normal users don't know anything beyond the basics of working their "

Re:Not for configuration.

[cas2000]

"(2) You can version text in a source control system and easily see what changed over time.

Same as above.

and then you edit that text file to do something that's perfectly valid and easily done on the command line and re-import the changes back into the GUI and it completely fucks it up because the GUI can only do what's pre-programmed into it and nobody wrote the code to enable the GUI to do what you just did.

and it loses all your text comments describing what you did and why (including notes on what else you tried but didn't work) at the same time, the useless piece of shit.

If you're only capable of using a GUI for sysadmin tasks, that makes you an appliance operator with some fancy buttons to push, not a sysadmin.

Re:

[drinkypoo]

Except the parts where I said he was wrong about everything, because you totally can do all of those things?

Re:

[Aighearach]

Yes, exactly this; you agreed in substance, but you still lied and claimed the person was wrong anyways.

Re:

[drinkypoo]

I did nothing of the sort. They claimed that when you use a GUI tool it somehow prevents you from doing certain things that it does not prevent you from doing. I explained how those things are done even when using a GUI tool that doesn't do those things for you. Frankly none of that shit is necessarily necessary, depending on the format used by the tool itself. You may well be able to do all that stuff by simply saving the config files. But those techniques will work regardless, and i didn't want to complic

Re:

[nyet]

Bullshit

Bad GUIs are the only problem here

[omnichad]

Really, it depends on how heterogeneous you have to be. If you support a mix of hardware, keeping track of the differences in CLI language is mind-numbing. And even when you start to learn one, it's still so verbose as to be mostly wasted time.

Either you're using an external GUI (at the minimum an advanced text editor) to edit your CLI script, or your using an intrinsic GUI to edit the config directly. Nobody reasonable is hand-typing an entire configuration more than once.

There IS a third option ...

[UnknownSoldier]

/Oblg. Why not BOTH?

CLIs have pros and cons; GUIs have pros and cons. A smart person uses multiple tools depending on the task.

Yet another stupid debate like Vim vs Emacs. Everyone "clearly" knows Vim is superior. /s

--
Patreons I believe worth supporting:
* China Uncensored [patreon.com]

Depends on the firewall vendor

[Boring_IT_Guy]

In past usage of Cisco firewalls and routers, the GUI was at best deficient and at worst defective. To get anything done you had to use what I referred to as their "Assembler for Routers" language. Because of the complexity and the high cost, I eventually applied the ABC rule of networking - "Anyone But Cisco". I've used other top-rated firewalls where GUI is complete and usable and gives a great view of complex configurations.

Depends Entirely

[Anonymous Crowded]

A GUI is worthless if there's "hidden options", which I think is why there are so many holdouts that either use both or won't go without a CLI. The ability to dump/diff configs to text or xml or some other human parse-able form is totally invaluable. Think of *REALLY* bad nights where you've been working all day with the old system and the new system and they're 'identical' but don't work the same way, either because it has to load in some certain order, or some feature is retain-able when a parent is tur

You silly humans did it wrong

[Tablizer]

CUI's and GUI's could have been closely related in that one builds a GUI by specifying what commands and/or attributes are sent back and forth. When using a GUI, one would have an (optional) command console to see what commands the GUI is sending to and from the CUI. That way you can learn or paste from the CUI (console) for when you need to automate some or most tasks, AND build your own customized GUI as needed. It would be natural to switch back and forth and to mix and match. It just takes good road-te

Depends on the CLI and the GUI

[barc0001]

Not all firewall GUIs suck and not all CLIs are paradise. Each can be downright hellish to work with if poorly designed, or a pleasure to work with if designed well.

Same as anything really. I've seen great CLIs for setting up RAID cards, and awful non-intuitive GUIs for RAID cards (looking at you LSI...). The relatively recent motherboard push to GUI for BIOS setup shows there are definitely winners and losers in the UX design by different manufacturers as well.

Bottom line if it is designed well, it will be a pleasant experience to work with. If it's poorly or carelessly designed, you're going to hate it.

Re:

[tlhIngan]

The relatively recent motherboard push to GUI for BIOS setup shows there are definitely winners and losers in the UX design by different manufacturers as well.

Not really a good example, since most BIOS Setup programs (when they started building them in were menu driven. (Remember the IBM PCs required booting a special disk in order to configure the system, or flipping DIP switches if the change you made was needed before POST)

Menu driven UIs are a sort of predecessor to GUIs since they often encompass the

Re:

[Retired ICS]

"The relatively recent motherboard push to GUI for BIOS setup "

I do not think I have EVER seen a CLI interface for BIOS configuration on a PC. Even the original IBM PC used a GUI. I think you are confusing a GUI with a WIMP interface. BIOS configuration interfaces that used to be FAST keyboard text-based GUIs are being replaced with SLOW WIMP graphical GUIs. Just because. Even though they are slower and more difficult to use.

Re:

[barc0001]

> I think you are confusing a GUI with a WIMP interface.

Agreed. I was thinking more the transition from a text menu driven 100% by keyboard to this new mouse-driven paradigm. Although I would still argue that they WIMP is not a GUI any more than a CLI is, as it's all still just text on a screen, albeit nicely arranged. The new BIOS screens on the other hand...

https://phoenixts.com/wp-content/uploads/2016/07/UEFI-e1468002142999.jpg

definitely a GUI. Complete with logos.

CLI VS firewall?

[MS]

"...system administrators tended to prefer and use firewalls more than CLIs."
Was this article about CLI versus GUI or about CLI versus firewall. How is a CLI a substitute for a firewall?!?

API+Other

[thecombatwombat]

The really interesting part of this to track is that API+Other column being a not trivial 8.6%.

I haven't used either a gui or CLI to manage a firewall in years. It's Terraform, Ansible, Puppet, Chef, all the time.

More interested in admin education breakdown.

[Fly Swatter]

I would be more interested in the breakdown of those admins that were self taught verses those that took the career path because they were told 'computer science is where the money is', and how it correlates to preference of CLI vs GUI - if at all.

In other news ...

[CaptainDork]

... bears always face to the front.

CLI is 1D, GUI is 2D

[GuB-42]

Command lines are linear in nature. You type a command, and get a list of results, then another command, and another result. Each line in the terminal represents a command or an element of response, more or less. A line is above or below another line, but there is nothing on the left or right, and it only goes down, you can't change wha'ts above.

It is very limiting in term of interaction. With a GUI, you can go in all 4 directions, open sub-menus, have many things happen in parallel, etc... You can even go

Re:

[nyet]

Good luck keeping GUI actions in SCM, or replicating them across dozens of instances.

Text files

[mlheur]

Then use whatever tool you want to mange the content.

Re:

[account_deleted]

Comment removed based on user account deletion

FWIW

[kamakazi]

I won't argue with the statistics from the study, but the author gives a clue about how much his conclusion is worth.

" In hindsight, it is pretty hard to get things wrong in a firewall GUI."

Obviously, regardless of the statistical chops of the authors, they do not have any actual hindsight that applies to firewalls. I personally use a GUI for configuring/maintaining a firewall stack which is also doing internal routing. Primary reason is the CLI on this particular firewall really sucks. The GUI isn't great,

CLI has major advantages

[Crypto Gnome]

Sure pointy-clicky is EASY , but you lose so much by not using the CLI.

Once you drive your network devices via CLI you are empowering the Infrastructure-As-Code methodology.

Everything (yes even your router, firewall, load balancer, switch) can be configured by the CLI, via copy-n-paste interactions from A Text File.

Which means
1) The Change File is an exact , complete and literal descriptions of the change being applied
2) Changes can be stored in Version Control (of your choice)
3) Changes can be easily audited (see item #2)
4) Change is easily managed to conform to standards (yours, mine, NIST, CIS, etc)
5) When necessary, reversing the change is MUCH easier (due to #1 and #2)

Re:

[geggam]

I am one

Re:

[pak9rabid]

Me too

Re:

[Joce640k]

That's one of the major problem with GUI. People that don't understand anything will just click anywhere and do stupid configurations.

Not if the GUI is well designed.

Re:

[ShanghaiBill]

Not if the GUI is well designed.

It isn't.

Re:

[arglebargle_xiv]

And that's the reason behind the results of this study: Most, if not all, firewall CLIs, are essentially incomprehensible to anyone but expert users, and even expert users frequently get the config wrong (there's been numerous studies on misconfigured firewalls done this way, even if experts think they've got it right it's often wrong). GUIs hide this complexity, and make things more usable. So the study was really asking "Do you prefer an incomprehensible, error-prone UI to a more comprehensible, safer o

Re:

[war4peace]

Good luck using a GUI over RS-232 on a headless server or an embedded black box.

Which is a niche compared to the whole.
Besides, you could easily use a GUI to do that, only the GUI would be local, not remote. You don't use it because it doesn't exist (it needs to be designed specifically for such and such server), not because you prefer otherwise.

Re:

[mark-t]

I tend prefer the command line for doing system administration as well. While GUIs are nice for certain things, you give up some degree of control with them with regards to certain types of tuning which may still be possible in the GUI, but in the end is easier to just specify in the command line, especially if you are needing to do it repeatedly.

"100% command line"

[DesScorp]

| 70% said they "used" GUIs on a daily basis

Who is this 30% of sysadmins who are 100% command line?

The vast majority of admins want BOTH: they want a GUI for convenience, and they want a command line for those situations where it's better to use one. Most of the types that brag about never using a GUI think they're in some kind of stupid dick-waving contest. No one cares how purer-than-thou you are.

Re:Only 70%?!

[i.r.id10t]

computer science != system administration

May as well throw out the

computer science != programming

as well.

If you want a degree for system admins, network admins, etc. then I'd look at the Associates of Science (AS degrees, 2 years) that your local community/junior college/non-university offer. Some even now go into BAS (Batch. of Applied Sciences, 4 years - an AS plus enough gen-ed to get an AA plus two more years of related-to-the-subject courses)

Re:

[Anonymous Coward]

computer science != system administration

May as well throw out the

computer science != programming

as well.

If you want a degree for system admins, network admins, etc. then I'd look at the Associates of Science (AS degrees, 2 years) that your local community/junior college/non-university offer. Some even now go into BAS (Batch. of Applied Sciences, 4 years - an AS plus enough gen-ed to get an AA plus two more years of related-to-the-subject courses)

No. If you want good sysadmins, you want people trained in CS or programming who don't have the personal drives that raw CS or programming careers need. Someone who knows how computers actually work, how multi-user systems need to be balanced, and who wants to provide an immediate solution to a problem rather than a theoretical solution or one that takes a year or two of planning with other professionals. A sysadmin gets things done, but the things they do take a lot more know-how than two years of colle

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[gtall]

Oh yes, the CLI is so part of Computer Science. You do realize that a CLI is just an interface. It doesn't give you any special insight as to what's working behind the scenes....although it does give some administrators that superior air that can only come from memorized strings of symbols.

Re:

[ceoyoyo]

Real computer science is done on paper. With a pencil.

Re:

[gmack]

That is simply not true for something that tends to have a much more limited command structure and a more organized structure that firewalls do. I regularly maintain servers with bash prompts and shell scripts, but firewalls are simply much more efficient from GUI.

Re:

[war4peace]

Horribly designed GUIs are horribly inefficient.

There, fixed that for you.
Fact of the matter is GUIs are often built as an afterthought, hence they are slow, badly designed and with limited options. A counterexample is the Ubiquiti EdgeMax ERPoE5 router GUI which has a "Config Tree" allowing you to perform a huge variety of activities using GUI only.
(https://img.community.ui.com/7168491b-836a-47cb-826d-61233bbfda66/comments/f305a4a8-7218-42e9-90b2-291ea910e1f2/b5e252e1-2e02-4055-8465-86ad761949dd)

Mikrotik RouterOS also has great GUI (if you know what you

Re:

[gweihir]

Indeed. But many, many employers seem to be clueless about this.

Re:

[Daemonik]

What's really sad is these people who need a monitor. REAL MEN only need a serial port, a dot matrix printer and a keyboard.

Re:

[John_Sauter]

What's really sad is these people who need a monitor. REAL MEN only need a serial port, a dot matrix printer and a keyboard.

You are thinking of the DEC LA36 terminal. When they were popular, REAL MEN wrote software in octal using the computer's front panel switches.

Re:

[0111 1110]

Giving preference to those skilled with the Linux CLI is smart because it will on average get you more intelligent people, but I am skeptical about your claim that you can graduate from an American (or UK or Canadian etc) university with a computer science degree and not know how to use CLI programs. I call bullshit on that.

The thing about the CLI is it requires a little bit greater intelligence to use comfortably. Dumber people can use it too but it's hard to remember all of those commands especially if yo

Re:

[oh_my_080980980]

I didn't realize knowledge goes out of style with age...who knew.

Re:

[LynnwoodRooster]

It does; not much call for Pascal programmers or folks skilled in the art of 68HC11 programming, or wire wrapping HC DIP logic chips.

Learning how to learn never goes out of style; WHAT you learn constantly becomes obsolete or irrelevant. Age (of which I am two score and eleven) or arrogance can significantly impact how much of the former you lose, and thus how much of the latter you encounter.

Re:

[cyberchondriac]

Second, there is a Vas Deferens between "..." and "..."

I have to steal this.

Re:

[Retired ICS]

What does the year have to do with anything?

Re:

[war4peace]

Everything, as explained a little bit above (https://it.slashdot.org/comments.pl?sid=15108848&cid=59355890).

Re:

[cas2000]

I know quite a few CLI incantations; but I much prefer a GUI when available; because it is 2019, not 1979.

That word "incantations" is why you don't understand and can't make effective use of the command line.

Using the CLI is NOT a matter of rote memorisation or copy-pasting of magic incantations without understanding them. That's monkey see, monkey do. That's cargo-culting.

You don't need to memorise any "incantations". You need to understand what you're doing so you can make up these so-called "incantatio

Re:Only 70%?!

[Sarten-X]

I prefer graphical output, but text input, especially for something like a firewall or network.

In a typical CLI, configuring a network (by which I mean any network structure, not just IP networking) often involves addresses, IDs, and other designators that have to be written exactly correctly, and often in a many-to-many relationship. Reading through a configuration, it's very easy to miss a typo or other minor misconfiguration, with disastrous effects on system operations and security.

Using a GUI to display the current configuration allows the network to be inspected by logical groupings, and compared visually to a design document. A randomly-incorrect connection is often far more evident in a graphic, as it will usually appear as a line connecting two unrelated sections of the system.

On the other hand, a CLI forces more precision when defining those connections. Rather than just drawing a line to add a connection, parameters define what kind of connection is to be made and any additional metrics of the connection, all in one step, rather than requiring a several-step GUI process.

User interfaces should be matched to their purpose, and the human perception that is best-suited for that task. Images make seeing patterns and errors easy. Words make precision easy. Sounds and sudden changes catch one's attention, so they're good for alerting the operator to problems. Trying to force any interface into an ill-suited paradigm is an exercise in arrogance.

Re:Only 70%?!

[Kaenneth]

Interface should be separate from Functionality.

A 'GUI based firewall' or 'CLI based firewall' is stupid.

a firewall that takes a configuration file that can be built using a choice of GUI, CLI, programmatic tools, or hand editing is smart.

Re:

[gmack]

That assumes you only have 1 person doing the work. One thing I've loved about GUI based firewalls is that it's much easier to have a trail of who created a rule and who last edited. It is also easier to divide the work up if you have a large task. For example, we were doing a from scratch setup of a new office and I could have my jr admin do the subnet and firewall configs for the less complicated portions of the network while I took care of the harder parts.

Re:

[wonkavader]

This is wrong and foolish for most products. GUI-based system seldom have real tracking or version control. Providing text-based inputs allow you to use git, write logic checks yourself, have peer review, etc. People make mistakes in GUIs, especially when they need to input a bunch of similar rules. Text input with peer review is much more reliable and can be checked trivially.

GUI output with CLI input/out is the right answer for any rule-based system.
 

Re:

[Retired ICS]

"I prefer graphical output, but text input, especially for something like a firewall or network."

And just what exactly do you think text is on a standard display device? You are aware that each character is a matrix of dots which form a graphical rendition of a character? Same for "printing text" unless you are using a band or selectric type printer. Each character is a graphic composition of dots created either by the "dot matrix print head" or drawn by a laser (or other method) depending on the printer

Re:

[wonkavader]

Thank you. Exactly.

Re:

[BringsApples]

You're not taking into account that the GUI was designed with whatever browser politics existed at the time, and those change all the time. Keeping the GUI up-to-date isn't top priority for anyone that I know, and as a result this can throw a monkey-wrench into any GUI, depending on what direction web browsers go. Also, CLI is generally a lot faster because of less overhead.

Besides, when someone opens a CLI or any... "black screen where they make the computer do stuff by typing", everyone watching feels i

Re:

[Daemonik]

Possibly, but you can understand it better seeing it laid out graphically than you can typing into the void. IF you even remember all the option arguments and how to best apply them <insert sarcasm> because sure, a 3000 character sentence is way easier to type than pressing a button.<end sarcasm>

Re:

[deek]

Perhaps, but you can repeat it, and enhance it, much better with the command line.

Try adding a prefix to 10,000 different files in a directory using the GUI. Easily done via command line.

Re:

[AvitarX]

It's easier CLI, but it's not hard in a GUI.

Ctrl+a right click, rename it, use the filter to add the prefix, make it increment zero padded 5 digit numbers even.

Note: rename it may not work well with 10,000 files, it's been a while since I dealt with scanned documents, but I found it very useful for renaming and the ability to see results before applying was a great perk of the GUI

Re:Only 70%?!

[Archangel Michael]

Command-lines are also limited. There is a reason why we use visualization tools for complex data-sets. Because very few people can properly visualize complexity correctly just from data.

If you're 100% command-line, you're self limiting yourself. If you're 100% GUI, you're just as limited.

Know the tools, use them as needed.

Re:

[mark-t]

As a GUI is, in many cases, just a front-end to backend CLI, I''m not sure how using a GUI would be particularly limited, since it cannot do anything you could not also do via CLI. At most, it might not be as convenient, but it certainly can't possibly be "limited".

Re:

[Retired ICS]

Ah yes. Like "vi" is just the "visual interface" to edlin.

Re:

[thegarbz]

I''m not sure how using a GUI would be particularly limited, since it cannot do anything you could not also do via CLI.

Easy. The GUI's input is the user, and it's output is the screen. The CLI's input is the command and its output is text. A command can be scripted and text can be scripted or piped.

Thus the GUI is inherently more limited.

Re:

[mark-t]

Interesting. I never caught the typo until I saw your response, and I completely understand your interpretation, although I had meant to say I don't see how a CLI could be particularly limited.

Re:

[oh_my_080980980]

Gadzooks how to people live before the GUI...it appears quite well....

Re:

[Archangel Michael]

To answer your "we" question, the "we" are the people who do so. We're all not as smart as you. But then again, neither are you, or else you would have already figured out the who "we" are. Being pedantic isn't a sign of intelligence, when it exposes one as being an idiot.

There are two types of people, those who can infer from incomplete information.

Re:

[geminidomino]

> A good GUI

Still seems to be the exception, not the rule. "Make the common case fast" doesn't seem to have caught on for way too many "UX" designers, judging by the frequency with which I find myself having to drill down through a half dozen submenus to find the common option I need to twiddle.

Re:

[Jaime2]

I design change control workflows. I really hate it when some device only has a GUI (with no reasonably complex import/export) and the implementation plan is "Do all the stuff we did in staging and pray it comes out exactly the same way".