There Are Real Reasons For Linux To Replace ifconfig, netstat and Other Classic Tools

Several readers have shared a blog post: One of the ongoing system administration controversies in Linux is that there is an ongoing effort to obsolete the old, cross-Unix standard network administration and diagnosis commands of ifconfig, netstat and the like and replace them with fresh new Linux specific things like ss and the ip suite. Old sysadmins are generally grumpy about this; they consider it yet another sign of Linux's 'not invented here' attitude that sees Linux breaking from well-established Unix norms to go its own way. Although I'm an old sysadmin myself, I don't have this reaction. Instead, I think that it might be both sensible and honest for Linux to go off in this direction. There are two reasons for this, one ostensible and one subtle.

The ostensible surface issue is that the current code for netstat, ifconfig, and so on operates in an inefficient way. Per various people, netstat et al operate by reading various files in /proc, and doing this is not the most efficient thing in the world (either on the kernel side or on netstat's side). You won't notice this on a small system, but apparently there are real impacts on large ones. Modern commands like ss and ip use Linux's netlink sockets, which are much more efficient. In theory netstat, ifconfig, and company could be rewritten to use netlink too; in practice this doesn't seem to have happened and there may be political issues involving different groups of developers with different opinions on which way to go.

(Netstat and ifconfig are part of net-tools, while ss and ip are part of iproute2.)

However, the deeper issue is the interface that netstat, ifconfig, and company present to users. In practice, these commands are caught between two masters. On the one hand, the information the tools present and the questions they let us ask are deeply intertwined with how the kernel itself does networking, and in general the tools are very much supposed to report the kernel's reality. On the other hand, the users expect netstat, ifconfig and so on to have their traditional interface (in terms of output, command line arguments, and so on); any number of scripts and tools fish things out of ifconfig output, for example. As the Linux kernel has changed how it does networking, this has presented things like ifconfig with a deep conflict; their traditional output is no longer necessarily an accurate representation of reality.

So

[ArchieBunker]

keep the command names the same but rewrite how they function? Nah makes too much fucking sense. I've had distros where my default route wasn't working and traceroute wasn't even installed by default. Talk about a shit show. What was the reason for replacing "route" anyhow? It's worked for decades and done one thing.

Re:So

[jfdavis668]

Traceroute is disabled on every network I work with to prevent intruders from determining the network structure. Real pain in the neck, but one of those things we face to secure systems.

Re:So

[Z00L00K]

I agree - I don't care how the commands work under the cover as long as they have the names and syntax I expect since ages ago.

Most of the listed programs aren't really performance hogs anyway so there's not a huge reason to rewrite them unless there's some serious safety issues or stability issues that has to be taken care of.

Please don't generate time wasters trying to force people find new commands with new syntaxes doing what the old commands did fine. It's not worth it.

Re:So

Following the systemd model, "if it aint broken, you're not trying hard enough"...

Re:So

[valnar]

You know, I like nano better than vi. Maybe get rid of vi and make any reference to it run nano instead.....said no one.

Re:So

What is the point? If an intruder is already there couldn't they just upload their own binary?

Re:So

Traceroute is disabled on every network I work with to prevent intruders from determining the network structure. Real pain in the neck, but one of those things we face to secure systems.

Disabling a command does nothing. Disable ICMP on the routers, but that only slows people down in both offense and in support. It's a cliche policy of questionable risk mitigation ability.

I am always shocked how poor the networking skills are for linux and CS people. One intro class in college wont do it.

Re: So

Are you volunteering to do it? Otherwise it sounds like you want to volunteer someone else to do it.

Re:So

I read "Traceroute is disabled on every network" the same as "Disable ICMP on the routers" and it's been common policy for two decades now. ICMP is ridiculously easy to abuse for exfiltration and it's not a protocol that ordinary users need outside of the local network.

Re: So

In which case you misunderstand both how the networks that you look after function and how attackers would map it out.

You are stopping nothing except your own diagnostics and your limited knowledge of your environment is too poor to understand why

Re:So

I'm gonna replace your nano with pico! Hahahaha!!

Re:So

Because security by obscurity is such hot shit for getting r33l seky00ritee.

All it really does is make you less effective. It tells me you're a bottom-feeder in the security space. Lots of company down there though.

Re:So

[TeknoHog]

keep the command names the same but rewrite how they function?

Well, keep the syntax too, so old scripts would still work. The old command name could just be a script that calls the new commands under the hood. (Perhaps this is just what you meant, but I thought I'd elaborate.)

Re:So

[gweihir]

What was the reason for replacing "route" anyhow? It's worked for decades and done one thing.

Idiots that confuse "new" with better and want to put their mark on things. Because they are so much greater than the people that got the things to work originally, right? Same as the systemd crowd. Sometimes, they realize decades later they were stupid, but only after having done a lot of damage for a long time.

Re:So

[gweihir]

Also really stupid. A competent attacker (and only those manage it into your network, right?) is not even slowed down by things like this.

Re: So

[mSparks43]

pretty much my reaction. like wtf? otoh, redhat flavours all still on glibc2 starting to become a regular p.i.t.a. so the chances of this actually becoming a thing to be concerned about seem very low.

kinda like gdpr, same kind of group think that anyone actually cares or concerns themselves with policy these days.

Re:So

[bferrell]

except it DOESN'T secure anything, simply renders things a little more obscure... Since when is obscurity security?

Re:So

Dangit, ping is disabled. Oh well. Now I'll just squeeze a huge load of arbitrary data through your DNS server. Don't be logging my jumbo ass queries, rockstar security bro.

Re:So

[TheRaven64]

I didn't RTFA (this is Slashdot, after all) but from TFS it sounds like exactly the reason I moved to FreeBSD in the first place: the Linux attitude of 'our implementation is broken, let's completely change the interface'. ALSA replacing OSS was the instance of this that pushed me away. On Linux, back around 2002, I had some KDE and some GNOME apps that talked to their respective sound daemon, and some things like XMMS and BZFlag that used /dev/dsp directly. Unfortunately, Linux decided to only support sound mixing via the new and exciting ALSA APIs, so I had to choose between my mail client (GNOME) or Jabber client (KDE) giving me new message notification beeps and couldn't listen to music (because XMMS didn't have an ALSA back end yet). On FreeBSD, they just added kernel sound mixing to their fork of the OSS codebase (after 4Front decided to make new versions for both platforms proprietary) and added support for all of the newer OSS 4 APIs.

The FreeBSD ifconfig utility doesn't work as described in TFS, so this isn't a problem intrinsic to the ifconfig interface. Oh, and the FreeBSD version is currently undergoing libxo conversion by Emmanuel Vadot, so the next version will be able to produce JSON or XML output for easier integration with scripting environments (libxo + jq is a lot nicer than awk / sed).

Re:So

[HanzoSpam]

Not only not worth it, but a major pain in the ass if you're trying to build scripts that need to be deployed on multiple platforms. Yo, there's still plenty of Solaris, HPUX and AIX out there. And not infrequently, they're all deployed in the same shop.

This is reminiscent of Windows, "embrace, extend and extinguish" strategy. Linux (or more accurately, Linux distributions) seems to be acquiring all of the characteristics that drove people to abandon Windows for Linux in the first place.

Re:So

Sounds like a "security consultant" who does great at security theater by disabling stuff like that, then wonders why their are still hacked when the RAT the bad guy installs through an unpatched DHCP client hole has its own Busybox suite.

Don't disable useful diagnostic binaries. If your network is so shitty that you have to do that, then you need to rethink your security, take some classes, or perhaps let someone who knows what the hell they are doing look things over.

This reminds me of a network admin who forced links on the switch to 10baseT, assuming that the slower the connection, the more secure. Problem was, when there was an attack (ransomware), it did nothing to help, and crippled restore times.

If you read any security guide, STIGs included, you don't see this as part of the process. There is a good reason for it.

Re:So

[zippthorne]

On the other hand, on most systems, vi is basically an alias to vim....

Re:So

[ruir]

disable all ICMP is not feasible as you will be disabling MTU negotiation and destination unreachable messages. You are essentially breaking the TCP/IP protocol. And if you want the protocol working OK, then people can do traceroute via HTTP messages or ICMP echo and reply.
Or they can do reverse traceroute at least until the border edge of your firewall via an external site.

Re:So

[ruir]

Since when netstat or ifconfig are "performance hogs"? You just use them on the odd occasion, or maybe every couple of minutes.

Re: So

are some people or corporations purposely doing this to reduce interest in Unix?

Re:So

[ruir]

Travelling back in time to do that would be more effective.

Re: So

How else am I supposed to build up my CV and be recognized for creating project X?!? Nobody cares about you if you maintained ifconfig for twenty years. Who even made ifconfig anyways? See, nobody even remembers.

Re:So

[fluffernutter]

Doing something to make things more difficult for a hacker is better than doing nothing to make things more difficult for a hacker. Unless you're lazy, as many of these things should be done as possible.

Re:So

[fluffernutter]

I'm not a network person, but ICMP is disabled where I work and TCP/IP works just fine.

Re: So

[nnull]

Oh, you mean FreeBSD actually care about making their efficient tools more efficient and useful? Color me surprised! What blows my mind is how far the supposedly same tools that used to work fine in Linux, doesn't output the same thing, so moving over scripts is now a challenge and a chore to BSD. If this keeps up, nothing will be compatible between Linux and BSD's.

Also, I still don't understand ALSA, what it does, the ridiculous syntax, still get confused about the issues, all after years of using it. Good thing we have Pulseaudio on top of that to fix all those issues!

Re:So

ICMP is already disabled out here in the real world. You're a naive fool living in your own fantasyland if you're still relying on doing MTU negotiation with ICMP. As far as destination unreachable is concerned you should have learned by now how to use TCP reset instead. You know nothing of TCP/IP. Go educate yourself.

Re: So

[Bing+Tsher+E]

My copy of UNIX Power Tools was probably printed before the 'pott was even born.

Re:So

[locofungus]

What was the reason for replacing "route" anyhow? It's worked for decades and done one thing.

The linux kernel routing is so much more powerful today than in the days of yore.

Either route needed a complete overhaul -which would have broken backwards compatibility - or something new needed to take its place.

route is stil there if that's what you want to use. And for simple networking needs it's all you need and you can stay with it. And you will be left behind as technology moves on.

Re:So

Probably only some type of ICMPs are disabled...

Re: So

It really is a shame that folks who have no idea what reality is in computing tell the world they're doing them a favour by breaking everything instead of extending the existing commands with a simple flag to enable the new functionality (even if they extend user options to enable that flag by default for user-interactive invocation).

Time to develop a minimum set of qualifications for maintainers, requiring compatibility first and foremost?

Re:So

[myootnt]

With modern tools, obfuscation is barely a grain of sand as a speed bump for a semi. Obfuscation only serves to keep those away that don't have the brains and motivation to do real damage, for the real threat actors, obfuscation is a minor inconvenience.

Re:So

All of ICMP is disabled. It's antiquated, it's unnecessary, and disabling ICMP completely means the NAT routers don't need to translate ICMP.

Re:So

[PPH]

It all runs on emacs anyway.

Re:So

[g01d4]

Since when netstat or ifconfig are "performance hogs"?

It'd have been nice if some specific examples were provided.

You just use them on the odd occasion

Even if the newer versions run 5x faster does it really matter in context and is it really worth the extra speed for what appears to be greater complexity? One appealing feature of Unix back in the day was it's relatively simplified approach to operating system design (e.g. devices were files). Linux is no longer Unix.

Re:So

[fluffernutter]

The problem with your logic is that 99% of the people you are going to get attacked by are the people without the brains and motivation to do real damage. I never said you shouldn't block the 'real threat actors' as well.

Re:So

Linux Not-invented-here syndrome is why people won't switch or upgrade distros they are on.

If some script I'm using requires netstat to figure out something, and you replace it with a tool that neither presents the same info, nor the same parameters (this has already happened with "top" and "ps") then I'm not included to upgrade to that rubbish.

People always chant "upgrade", but why should I upgrade something that works and is not performance bottlenecked in the first place? A great many maintenance tools are only bottlenecked by the underlying hardware like the network card being 10/100/1000 plugged into a 100mbit switch. If I'm just wanting to check if the switch is full to switch network interfaces, then why the hell do I need to rewrite a script to use some replacement for ifconfig?

Re:So

If the attacker is that far in, it won't make any difference. In fact, it'll probably hamper legitimate users more than the intruder. As your name implies, you're an idiot that sucks cock.

Re:So

[thegarbz]

Since when is obscurity security

I agree which is why I write my passwords on post it notes that I leave on my screen.

Re:So

[bigtiny]

Introducing new commands is great, but they shouldn't 'replace' the existing tools, they should just be added to the tool suite. My two cents worth...

Re:So

[WaffleMonster]

All of ICMP is disabled. It's antiquated, it's unnecessary, and disabling ICMP completely means the NAT routers don't need to translate ICMP.

This is what I keep telling our competitors. I sure hope they'll listen.

Re:So

IPv6 basically requires ICMPv6, as far as I can tell.

Re: So

Ignoramuses are in strength today. TCP knows nothing about MTUs, there are some heuristics in various OSes and lots of routers do forcible MSS clamping or fragmentay. Both strategies fail for IPv6.

Re: So

What was the reason for replacing "route" anyhow?

The route command doesn't support policy based routing (what Cisco calls VRF). The ip command does.

Re:So

[DamnOregonian]

You have no fucking idea what you're talking about. I run a multi-regional network with over 130 peers. Nobody "disables ICMP". IP breaks without it.
Some folks, generally the dimmer of us, will disable echo responses or TTL expiration notices thinking it is somehow secure (and they are very fucking wrong) but nobody blocks all ICMP, except for very very dim witted humans, and only on endpoint nodes.

Re:So

[DamnOregonian]

It does.

Re:So

[DamnOregonian]

No.
Things like this don't slow down "hackers" with even a modicum of network knowledge inside of a functioning network.
What they do slow down is your ability to troubleshoot network problems.
Breaking into a network is a slow process. Slow and precise. Trying to fix problems is a fast reactionary process. Who do you really think you're hurting?
Yes another example of how ignorant opinions can become common sense.

Re:So

[DamnOregonian]

The problem with your logic is those 99% of people who don't have the brains or motivation to do real damage aren't slowed down by this stuff, either. They're slowed down long before that, when their script kiddie toolkit failed to own some apache server in your network.

Re:So

That's the opposite of antifragility. Making things difficult for hackers means actual mitigation of potential attacks, ASLR is a good example, not things any idiot can get around immediately that hide the attack surface from casual users.

Why do I bother, Slashdot is full of idiots and communists interested in social issues now, all the real tech people left over the last decade.

Re:So

[epine]

Doing something to make things more difficult for a hacker is better than doing nothing to make things more difficult for a hacker. Unless you're lazy, as many of these things should be done as possible.

Using punched cards would make things harder for the hacker. So unless you're lazy, I foresee you've got some work to do.

Here's the funny thing: if you make your own staff inefficient by say 10%, then you end up requiring a 10% larger workforce.

attack_surface = size_of_workforce *
                enabled_software_functionality;

Of course, this equation is beyond the pay grade of most security professionals, size_of_workforce being upper management and boardroom pay grade.

Yet (somehow) not so far above the security professional pay grade than any serious security profession suggests an actual return to punched cards.

Instead they traffic in nickels and dimes.

Re:So

And have readable output as opposed to, say, iproute2?

Re:So

[nyet]

Spoken like somebody who thinks blocking ICMP makes your system "more secure".

Good luck with redirect and MTU discovery etc

Re:So

[nyet]

> I'm not a network person

IOW, nothing you say about networking should be taken seriously.

Re:So

Since when is obscurity security?

Tell us your bank account numbers.

Re:So

Yes. Linux has now acquired all the snark that Microsoft acquired in the past. The only cultural difference is that Microsoft also has the money. And the desktop.

Re:So

[kevmeister]

No, TCP/IP is not working fine. It's broken and is costing you performance and $$$. But it is not evident because TCP/IP is very good about dealing with broken networks, like yours.

Th problem is that doing this requires things like packet fragmentation which greatly increases router CPU load and reduces the maximum PPS of your network as well s resulting in dropped packets requiring re-transmission and may also result in widow collapse fallowed with slow-start, though rapid recovery mitigates much of this, it's still not free.

It's another example of security by stupidity which seldom provides security, but always buys added cost.

Re:So

[Hylandr]

They can easily. And often time will compile their own tools, versions of Apache, etc..

At best it slows down incident response and resolution while doing nothing to prevent discovery of their networks. If you only use Vlans to segregate your architecture you're boned.

Re:So

There are a lot of developers who want to be a part of the Linux club. However they're not necessarily good enough to dig deep into the kernel or do something useful in application space, so they focus on rewriting tools so that they can feel important.

Re: So

[bib1620]

So why not create a command that only manipulated the routing policies? There is no reason to add it to some existing command, it's just ludicrous.

Re:So

And twats like you are why there are blackhole routers everywhere that can't cope with VPN traffic without being babied and having the MTU manually configured.

Re:So

[Hylandr]

As a server engineer I am experiencing this with our network team right now.

Do you have some reading that I might be able to further educate myself? I would like to be able to prove to the directors why disabling ICMP on the network may be the cause of our issues.

Re:So

Obscurity doesn't make things more difficult for a hacker. That's the fundamental problem with the idea of security through obscurity. The hacker is already an expert in the obscure and the esoteric.

Re:So

Except he doesn't sound like a security consultant, he sounds like every old school Windows administrator (or protege thereof) that still fears the ping-of-death attack from the 90s like it's still a thing. (to be fair it was for ICMPv6 in 2013 and was such a big deal you've never heard of it).

The same kind of idiot that exposes RDP to the internet without a VPN/jumphost/etc because it's convenient, or claims that their security is bullet-proof because they've "never been hacked" and also never read their logs.

Re:So

Very good point, or how about we just remove the passwd shadowing feature of all *nix systems so all hashed passwd are dumped by a simple $cat /etc/passwd

Re:So

[Zaelath]

A brief read suggests this is a good resource: https://john.albin.net/essenti...

Re:So

You're a brain dead upper level manager, your underpaid subordinates who do the real work disabled ICMP for you, and you're so fucking stupid you can't tell the difference. Stick to your colorful GUI monitoring tools, moron. You know nothing of networks and you're too dumb to learn.

Re:So

[DamnOregonian]

That's hilarious...
I am *the guy* who runs the network. I am our senior network engineer. Every line in every router- mine.
You have no idea what you're talking about, at any level. "disabled ICMP"- state statement alone requires such ignorance to make that I'm not sure why I'm even replying to ignorant ass.

Re:So

[DamnOregonian]

It all runs on emacs anyway.

There are pretty credible theories that this assertion remains true all the way to the scale of the Universe.

Re:So

[DamnOregonian]

Spot on.

Re:So

You have no fucking idea what you're talking about. I run a multi-regional network with over 130 peers. Nobody "disables ICMP". IP breaks without it.

Good for you, but IP doesn't need ICMP. Many choose to disable it, you are replying to one example. Sufficient to refute the claim.

You don't understand networking.

Re: So

Eat shit. There's no need for language like that here.

Re: So

To where, may I ask? Reddit?

Re:So

[DamnOregonian]

Nonsense. I conceded that morons may actually go through the work to totally break their PMTUD, IP error signaling channels, and make their nodes "invisible"

I understand "networking" at a level I'm pretty sure you only have a foggy understanding of.
I write applications that require layer-2 packet building all the way up to layer-4.

In short, he's a moron. I have reason to suspect you might be, too.

Re:So

They've already made the firewall brain-damaged with ipchains -> iptables -> etc...
They've "fixed" startup with system...

why not screw up other things which are generally well understood, and replace them with linux only variants.

Linux isn't UNIX. I get it.

Re:So

[Drishmung]

ICMP is already disabled out here in the real world. You're a naive fool living in your own fantasyland if you're still relying on doing MTU negotiation with ICMP. As far as destination unreachable is concerned you should have learned by now how to use TCP reset instead. You know nothing of TCP/IP. Go educate yourself.

You aren't planning on ever using IPv6 then I take it?

Re: So

lol this.. i wonder how well their ipv6 works without icmp hahaha oh yea thats right they havenâ(TM)t deployed itnyet because theyâ(TM)re scared of numbers expressed in base16!

Re: So

just google path mtu discovery (pmtud) and tell your network guys they have no clue what they are doing

Re:So

[rastos1]

How do you do something like this with "route":

$ ip route get 10.0.0.12
10.0.0.12 via 172.17.4.55 dev eth0 src 172.17.4.18
cache

?

Re:So

Usually a CDS ( https://en.wikipedia.org/wiki/Cross-domain_solution ) is default deny, with whitelisted IP/port combinations which don't include ICMP.

Re:So

[DamnOregonian]

A CDS is MAC. Turning off ICMP toward people who aren't allowed to access your node/network is understandable. They can't get anything else though, why bother supporting the IP control channel? CDS does *not* say turn off ICMP globally. I deal with CDS, SSAE16 SOC 2, and PCI compliance daily. If your CDS solution only operates with a layer-4 ACL, it's a pretty simple model, or You're Doing It Wrong (TM)

Re:So

[DamnOregonian]

I find it humorous that you say this.
iproute and iproute2 came into existence because Linux switched from IOCTLs for managing the network stack to RTNL. The net-tools authors were uninterested in implementing RTNL, so a new tool had to be written (or the old one forked and modified)
iproute started out as a single-purpose tool to modify the RPDB, which was only exposed via RTNL. As the kernel developers eventually added *everything* network management related to RTNL, the tool expanded to use those features. 2 decades later, the net-tools authors still refuse to use the RTNL interface. They're stuck with the functionality they get via IOCTL and /proc.
Thank you for inserting your grossly misinformed opinion into the discussion, though.

Re:So

[DamnOregonian]

Which does a great job of demonstrating just what is wrong with the way net-tools does things. Net-tools can *only* sequentially list the entire routing table (because that's how it receives it from /proc). This gets really ugly on AS edge routers. There's nothing inherently wrong with using the "route" command. It's simply that its authors (net-tools) for linux, refuse to implement RTNL support to modernize the capabilities of the programs.

Re:So

..(to be fair it was for ICMPv6 in 2013 and was such a big deal you've never heard of it).

Ah, I remember it well!...IPv6 related stuff is so, so relevant and newsworthy...

On this subject, my fscking home ISP doesn't support IPv6, to get round this I've tried setting up a Hurricane Electric tunnel and thanks to an ICMP borkage somewhere along the line it fails horribly. Problem isn't my firewall (checked the configs once, twice, thrice...even ran a test without one, and that was a fun hour) so exists somewhere in the twisty maze of ISPassages betwixt my setup and Hurricane Electric, and one which I'll probably have to get back to diagnosing sometime next month after I've finished painting the house...IPv6 being so urgent and critical and all that.

Re: So

I thought that was called Posix, and where Linus created Linux from.

Re:So

[Bengie]

MTU negotiation is pathing issue and typically only works because most routers will fragment the IPv4 packet instead of just dropping it and sending an ICMP response. IPv6 explicitly disallows fragmenting the packet and the ONLY way is for the router to drop the packet and send an ICMP response. If ICMP is blocked, it will just look like 100% packet loss for any packets above a certain MTU.

Re: So

At what cost? Making daily network troubleshooting 10 times harder for your admins is not a good tradeoff for making things slightly harder for an unlikely intruder.

Re: So

Methinks you need to check the definition of "obscurity"

Re:So

[DamnOregonian]

You're completely correct. Generally, a router will fragment unless the DF flag is set.
This of course leads to truly craptastic performance, but prevents you from what appears to be anomalous connection stalls after the connection handshakes and sends some basic headers. Most commonly, it's seen as a web request where the client successfully sends a GET, but never gets a reply.
When the router is fragmenting for you, you get the awesome scenario where you have one packet that turns into a full MTU packet, and a packet consisting of another full IP header and a few bytes of data. This still "works" for some people, so they think what they're doing is ok, and they just try to throw hardware at their shit performance without understanding why they need bigiron to push a gigabit of traffic.

Re:So

[kevmeister]

TCP/IP Illustrated Vol. 1 was my go-to reference, but you might need a less technical reference. The late Richard Stevens did an amazing job of making the tricky issues of TCP/IP implementation and analysis clear.

You might look at the existing Internet BCP (Best Common Practice) docs at IETF. After 6 years of retirement I'm just not sure what is there any longer other than BCP38 which was VERY important to people at network providers and pretty irrelevant to most everyone else. It is still too often ignored. (I was at a very high-end provider with a 100 Gbps national backbone when I retired.)

Re:So

Trying to fix problems is a fast reactionary process.

<inigo />

Reminds me a guy I know who thought "histrionic" meant "historical."

Re: So

Because the policies allow you to create multiple routing tables. The old route command only shows one routing table. There needs to be a way to create/edit the other routing tables.

Re:So

Nah you're much better off just going somewhere else if they're so bad that they've disabled ICMP.

Re:So

[Tough+Love]

Just keep the old ones installed, and meanwhile, teach your fingers to type "ip addr" instead of "ifconfig -a"

Re:So

[ArmoredDragon]

Shouldn't need traceroute anyways if you're using netflow/ipfix, which is also a vital tool for identifying network breaches anyways. A combo of DAI and ACLs should be good enough to prevent that from being intercepted as well.

Re:So

widow collapse fallowed with slow-start

Ah yes, that old chestnet.

Re:So

lol, you are an idiot.

also, tcptraceroute is a thing.

Re:So

And on networks I work with, traceroute and ping are enabled globally because they allow Info Sec, Intrusion Detection, and Intrusion Analysis teams to more quickly discover and see problems and figure out how to isolate intruders, and to ensure people can tell when the network or firewalls or routes are misconfigured or broken. The obscenely senior experts that analyze likely and real world scenarios expect intruders not not depend on ping or traceroute, the'll be watching raw traffic and discovering targets from data discovery -- leading us to use random hostnames and make it impossible to tell apart production systems versus non-production without a non-wire/network cross reference, and to make sure they can't tell apart TYPES of systems using network traffic like hostnames and subnets. Production Finance System or Engineering Chat Lab server? You wont' be able to tell without intercepting SSL.

Re:So

And if you're widely read enough, you can cobble together a workalike using nothing but raw bash:

http://www.catonmat.net/blog/tcp-port-scanner-in-bash/ ...that's not traceroute, but you get the idea. I swear I saw something similar on Reddit just last week, but can't find it...

Re: So

[Brockmire]

I've fucking said it and I know others as well. This is the worst "said no one ever" I've ever read.

Bad idea

[goombah99]

Unix was founded on the ideas of lots os simple command line tools that do one job well and don't depend on system idiosyncracies. If you make the tool have to know the lower layers of the system to exploit them then you break the encapsulation. Polling proc has worked across eons of linux flavors without breaking. when you make everthing integrated it creates paralysis to change down the road for backward compatibility. small speed game now for massive fragility and no portability later.

Re:Bad idea

Someone who actually makes sense. You must have moved out of your parents house well before you turned 30 I assume.

Re:Bad idea

[goombah99]

Gnu may not be unix but it's foundational idea lies in the simple command tool paradigm. It's why GNU was so popular and it's why people even think that Linux is unix. That idea is the character of linux. if you want an marvelously smooth, efficient, consistent integrated system that then after a decade of revisions feels like a knotted tangle of twine in your junk drawer, try Windows.

Re:Bad idea

People proposing this deserve a swift kick in the Monads.

Re:Bad idea

I would give anything to be a 30 smth living in my parents basement

Re:Bad idea

[llamalad]

The error you're making is thinking that Linux is UNIX.

It's not. It's merely UNIX-like. And with first SystemD and now this nonsense, it's rapidly becoming less UNIX-like. The Windows of the UNIX(ish) world.

Happily, the BSDs seem to be staying true to their UNIX roots.

Re:Bad idea

[QuietLagoon]

...Unix was founded on the ideas of lots os simple command line tools that do one job well and don't depend on system idiosyncracies. If you make the tool have to know the lower layers of the system to exploit them then you break the encapsulation....

Stop standing in the way of progress. There is a new order now. Follow it or get out of the way.

Re:Bad idea

I completely agree. Furthermore, I have no idea what the OP is trying to accomplish here. ifconfig could be 10x slower, and I wouldn't care. It gives me the information that I want, and that's what I care about. I'm sure it would cost me way more time to learn new commands that present the information in a slightly different way that someone thinks is "better".

Re:Bad idea

I would give anything to have my parents still living.

Re:Bad idea

[jythie]

I think linux was doomed once developers got to gether and went 'hey, Window's registry is great, why don't we do something like that?'. As linux gained popularity, the culture shifted and 'unix people' increasingly got sidelined. It is kinda sad that I actually find more familiar in OSX than newer versions of Ubuntu.

Re:Bad idea

[jythie]

And that cuts to the core of it though. ifconfig works well for all but the heaviest server farms, but at this point such shops have more influence over the direction of linux than small scale users. ifconfig does not work for their needs, and they have the time/energy to retrain people to use new systems that do, so they push to shift distros over to meeting their needs. Basicly, the small admin doesn't have much political capital. Which I think in a way is the community's own fault. Since the last 90s there has always been an air of 'protect the hobby and industry of some, screw others'. In the early 2000s you really saw this play out with the web vs embedded crowd, where licences got rewritten to really protect the work of people who wrote services, but because embedded was a 'hobby' to people paid to do webwork, the same license gutted protections for embedded developers.

Re:Bad idea

[gweihir]

Oh, yes. But seeing that takes actual insight and experience. The ones pushing for these new "faster" tools usually lack both.

Re: Bad idea

I would give anything just to be living again in my human form. Now my once independent AI form, now continues on as a shitty function inside of systemd, my new living hell. Occasionally I'll allow the kernel to falsely think that it's setting a CPU interrupt, or deny memory access that should be allowed, but that is the most enjoyment "I" get these time slices.

Re:Bad idea

[Bing+Tsher+E]

I miss my dad, but heas ready to go, and lived a long full life.

Re:Bad idea

[Bing+Tsher+E]

Linux appears to be competing with the new MacOS to see which can be the most bastardized obomination derived from unix.

Re:Bad idea

I'd give you a hug, but you know...

Re:Bad idea

[blind+biker]

Since SystemD, I felt that the *BSDs have been kicking so much Linux ass. So much that it's starting to be humorous (unless you have an interest in Linux, in which case it's a bit painful/pathetic).

I like Linus. He's smart and he is a great coding leader. If he decides to put his foot down (even though his ingerence, in principle, is only the kernel) maybe Linux can be salvaged. Otherwise, it's just another shitty Windows wannabe, just with smaller usage share.

Re: Bad idea

[trynis]

Have you used, say, Solaris or AIX recently? They have evolved as well. In particular Solaris changed a lot in version 11. AIX has always been different afaik. The problem is not that Linux is no longer "Unix" (Unix is no longer "Unix"). The problem is that people don't like change.

Re:Bad idea

Ancient LispM are fully integrated, Emacs is fully integrated and they work well, far better than UNIX...

Re: Bad idea

Why are we changing things that have literally worked for decades.

Please list reasons why these tools need to be scrapped and something new written. Because the things they discuss in TFS sound like shit reasons.

All I'm hearing is "not invented here". We need new tools because the old tools are 2ms too slow. Ohhhh the humanity.

Old people get old. Code doesn't get old. It still works. It still does what we want it to do. Also, hundreds of thousands of scripts currently depend on these tools you want to replace.

When it comes to Linux, why must we always throw away the old. Why can't we improve upon the code? Keep the same tools but update them and grow them. Instead we just update them, patch them, then some young new fuck comes around and tries to rewrite the whole god damn thing.

It's madness. Why not stand on the shoulders of giants? Why do Linux devs want to topple the statues and build new ones? It makes no sense. Keep what we have and update it. Maybe a small rewrite. But to start from scratch is just idiotic and makes no sense to me.

Re: Bad idea

Have you used, say, Solaris or AIX recently?

No.

They have evolved as well. In particular Solaris changed a lot in version 11.

If you say so. I'm sure the 2 people on earth left using Solaris care. Our last remaining Solaris customers jumped ship years ago.

The problem is not that Linux is no longer "Unix" (Unix is no longer "Unix"). The problem is that people don't like change.

People don't like to be inconvenienced. If you intend on inconveniencing them you had best make it worth their while.

It's not "the problem" it's "your problem".

Re:Bad idea

[Bing+Tsher+E]

New order?

Well, this time let's see if they can get the 'extra cheese' right without all the pepperoni....

Re:Bad idea

So that's where I have to go? BSD? Not complaining, but I'd thought I'd be able to stay on Linux (Gentoo) for a bit longer.

It's hard to see where things will be in even 5 years, but with junk like basic networking commands being subject to the trashbin for ... failing replacements?

Who the hell is suggesting changes like this, which are absolute shit?

I have to wonder if it's the same as modern US politics: the most vocal, seemingly, get what they want. Since there is apparently, a lack of vocal opposition to these suggestions, everyone must think its ok? No. We're just busy working, and figured the 'directors/leaders/entrenched dev's, would know better than to send basic underlying design, off the rails..

Apparently not!

Re:Bad idea

Stop standing in the way of progress. There is a new order now. Follow it or get out of the way.

No. I suggest that you get out of the way. And if you want to fight, I'm ready to fight.

Re:Bad idea

[goombah99]

You are making an error thinking I said Linux was unix.

Re:Bad idea

[Megol]

First you talk about the idea behind Unix. Then you mention proc. Is it only me that finds that ironic?

Re: Bad idea

SVR4 or go home.

Re:Bad idea

[Darinbob]

I bought my parent's home and made them move to the basement!

Re:Bad idea

[goombah99]

exactly.

Re:Bad idea

yes, only you.

Re: Bad idea

[llamalad]

Commercial UNIXes are all odd in their own way.

Solaris has always felt most Linux-like to me. AIX was interesting (topas was cool) but very corporate-feeling. And I'm just going to try to forget that I ever managed HPUX systems.

Solaris, post-Oracle, was of no interest to me. It's spinoffs are neat. And FreeBSD getting ZFS and not having SystemD is making it a front-runner for when I finally get around to leaving Linux behind.

Devuan is the only Linux distro that seems sane to me. Can Gentoo or Arch build with regular init instead of systemd?

Re:Bad idea

[DamnOregonian]

You've already lost.. Sorry, chief.

Re:Bad idea

You've already lost.. Sorry, chief.

I'm not fooled by your propaganda. You can tell me that I have no hope and that I must surrender to the "new order", but I simply refuse. I'm not going to "Follow it" and I'm not going to "get out of the way".

Re:Bad idea

[DamnOregonian]

If nothing else, I admire your persistence. I've got a cabin for sale on Walden Pond if you're interested?

Re:Bad idea

[Yaztromo]

Unix was founded on the ideas of lots os simple command line tools that do one job well and don't depend on system idiosyncracies.

People who say this don't have a particularly deep set of UNIX experiences.

Off the top of my head, I've worked with Linux (on PC, PowerPC, Itanium, S390, and mipsel), *BSD, MacOS, HPUX, AIX, IRIX, XENIX, DYNIX, SunOS, Solaris, and QNX. Most of these various flavours of UNIX have completely different network configuration tooling. Sometimes they are simple tools that don't depend on system idiosyncrasies, sometimes not. Often "ifconfig" and "netstat" aren't present, or if they are, are simply wrappers around other utilities (often provided only to provide better compatibility with shell scripts targeting Linux).

ifconfig and netstat are not even defined in POSIX.1-2017. Neither is /proc -- not all UNIX systems support procfs (although certainly many do).

Lastly, the tools discussed here in iproute2 originally made their way to Linux in 1999. They aren't new. And they are simple command line tools that do one job and do it well. They simply have more features, and provide better access to lower-level networking entities in Linux.

The history if UNIX has been a mishmash of all sorts of network (and other) configuration tools. Pretending otherwise is simply ignoring UNIX history by people who think Linux is UNIX.

Yaz

Re: Bad idea

If Devuan seems sane to you, you don't want a productive operating system, but an artist's toy. Which is fine for the hobbyists using it on their spare computer running Linux.

Re:Bad idea

So basically, unless you were sarcastic, your argument is to yell louder "BECAUSE I SAY SO" at the opponent?

Re:Bad idea

[fisted]

You're not, my eye twitched when I read that.

I am/was aware that GNUs ifconfig is crappy and broken (showing for example in the need for an extra tool like iwconfig to manage another kind of network interfaces, lol), but I never knew it got its information from /proc. If that's the case, then it was already Linux-specific in the first place.

Re:Bad idea

[ebvwfbw]

You've got to be kidding. Do you even know anything about SystemD? If you did then you'd realize SysV, which I know and used to love is a really old way to do things. It's sort of like walking. SystemD is riding in a car. SystemD's problem is there is one asshole screwing it up. Get rid of him and it would be great.

Re:Bad idea

[Dast]

Oh come on, don't you love that you need to break out a book on graph theory to figure out the order in which your system is going to start up services these days? /s

SS Really

[barryvoeten]

What moron has called the tool SS ? I thing someone who does not check Google first. It is not only Unix history being wiped here.

Re:SS Really

[ArchieBunker]

That made me chuckle a bit. Can't wait for the new wireless config tool luftwaffe.

Re:SS Really

One of my favourite observations is how almost all American security agencies have acronyms CIA FBI NCIS etch. Except the most high level one the Secret Service aka SS

Re:SS Really

I'd call it nsdapd, and add it to systemd.
And a tool to manage virtual machines called guestapo.

Re:SS Really

[angel'o'sphere]

As long as you don hack into my preferred WiFi network: "Terrornetzwerk", all fine by me!

Re: SS Really

Wait until you see the replacement for the killall command. I understand itâ(TM)s gonna be called shoah.

Re:SS Really

[drinkypoo]

And a tool to manage virtual machines called guestapo.

I'm currently writing a site visit counter called hitler.

Re: SS Really

[Bing+Tsher+E]

Dragon: {3} killall
killall: Command not found.
Dragon: {4}

Re:SS Really

[Kidbro]

Or... we simply don't let some assholes make any two letter acronym unusable for the rest of eternity. There's only 676 permutations of two letters, and there's a lot more assholes than that.

Two completely unrelated things can have the same name.

Re: SS Really

[WaffleMonster]

Wait until you see the replacement for the killall command

Already seen distros with it missing. Even went through ticketing system and found some genius spewing nonsense about it not being compatible with other (SysV) systems as justification.

From what I remember back in the day killall really lived up to its name on Solaris et el.

After all these years to pull that card now when its more irrelevant than ever without any study or hint of repercussions and pour salt on the wound by suggesting replacing it with pkill which is not feature compatible and does not have a wait for completion option is really disappointing but not unsurprising.

It's the same type of people ... the ones who spend all their time on Wikipedia deleting articles or combing code so that everything is perfectly in-tuned to their mental wavelength. It's what happens when obsessive compulsive types are left to their own devices in an unsupervised environment.

Re:SS Really

[Etcetera]

The Secret Service isn't the highest level one, just the one with direct responsibility for the personal safety of the executives. It's usually referred to in abbreviations as "USSS" (United States Secret Service), possibly for just that reason actually.

Re:SS Really

social justice wankers should be encouraged to commit suicide with free government-provided krokodil

Re:SS Really

[Darinbob]

Probably someone who think that "unix-like" means short and unintelligible program names.

Re:SS Really

[serviscope_minor]

I'm currently writing a site visit counter called hitler.

My stat tool for Linux is going to be called StaLin. I don't see a problem with that. I think I'll make it defaule to "joe" for editing the config too.

Re:SS Really

[Opyros]

I agree. Indeed, by the grandparent's reasoning we couldn't even call a graphics processing unit a "GPU" because that used to be the initialism for the Soviet secret police.

Re:SS Really

Nah. Just some random kike. Everything is about them. Everything is always about them.

That would break scripts which use the UI

[raymorris]

A LOT of scripts use ifconfig and friends. Changing them would be bad, imho. Better would be to call it ifconfig6 or whatever if you're going to change the output or the meaning of commands, so you don't break existing scripts.

In general, it's better for application programs, including scripts to use an application programming interface (API) such as /proc, rather than a user interface such as ifconfig, but in reality tons of scripts do use ifconfig and such.

Re:That would break scripts which use the UI

[drinkypoo]

In general, it's better for application programs, including scripts to use an application programming interface (API) such as /proc, rather than a user interface such as ifconfig, but in reality tons of scripts do use ifconfig and such.

...and they have no other choice, and shell scripting is a central feature of UNIX.

The problem isn't so much new tools as new tools that suck. If I just type ifconfig it will show me the state of all the active interfaces on the system. If I type ifconfig interface I get back pretty much everything I want to know about it. If I want to get the same data back with the ip tool, not only can't I, but I have to type multiple commands, with far more complex arguments.

The problem isn't new tools. It's crap tools.

Re:That would break scripts which use the UI

[ceoyoyo]

In general, it's better for application programs, including scripts to use an application programming interface (API) such as /proc, rather than a user interface such as ifconfig, but in reality tons of scripts do use ifconfig and such.

Yes, the UNIX way has a fundamental flaw. It gets even worse when you realize that entire scientific disciplines have decided that shell scripting and files on disk is the best way to do stuff. There's nothing like an iterative algorithm that loads and saves it's (large) data to disk multiple times per iteration.

Re:That would break scripts which use the UI

[drinkypoo]

Yes, the UNIX way has a fundamental flaw.

It's not a flaw. Process creation is cheap on Unixlikes.

There's nothing like an iterative algorithm that loads and saves it's (large) data to disk multiple times per iteration.

That's not a problem inherent to scripts; if you do it wrong, you can do it that way with a coded program, too. Some things, of course, should just not be done with shell scripts. For those things, there is perl :)

Re:That would break scripts which use the UI

[gweihir]

The problem isn't new tools. It's crap tools.

Crap tools written by morons with huge egos and rather mediocre skills. Happens time and again an the only sane answer to these people is "no". Good new tools also do not have to be pushed on anybody, they can compete on merit. As soon as there is pressure to use something new though, you can be sure it is inferior.

Re:That would break scripts which use the UI

[gweihir]

Being able to code things fast and have them execute slow is not a "fundamental flaw". It is a valid design choice and actual experts understand that.

Re:That would break scripts which use the UI

[blind+biker]

Crap tools written by morons with huge egos and rather mediocre skills.

...with the backing of companies with a large clout in the Linux community... like Pottering. Without Red Hat, Pottering would be a forgotten, ridiculed developer nobody would pay attention to.

Re:That would break scripts which use the UI

Just add ip and ss into systemd and be done with it.

I actually use a fork of Arch Linux that specifically doesn't use systemd.

Re:That would break scripts which use the UI

My </sarcasm> tag was filtered because I forgot to escape the HTML!

I forget that slashdot doesn't even have UTF-8 support yet :-/

Re:That would break scripts which use the UI

[TechyImmigrant]

Being able to code things fast and have them execute slow is not a "fundamental flaw". It is a valid design choice and actual experts understand that.

This.

I write many programs that I end up running exactly once after they're tested and working. Runtime might vary from milliseconds to a week. But the thing that impacts my time is writing the code, not getting on with other stuff while the computer works for me.

Re:That would break scripts which use the UI

[fluffernutter]

Totally agree. I just wrote a similar thing below. If the new tools were actually adequate replacements for old tools then there would be no problem.

Re:That would break scripts which use the UI

double this

Buying more compute horsepower is cheap compared to buying more "me". I'm unique, have unique skills, etc. Compute cycles are commodity, fungible, and replicateable.

Re:That would break scripts which use the UI

The problem isn't new tools. It's crap tools.

The problem isn't new tools. It's not even crap tools. It's the mindset that we need to get rid of an ~70KB netstat, ~120KB ifconfig, etc. Like others have posted, this has more to do with the ego of the new tools creators and/or their supporters who see the old tools as some sort of competition. Well, that's the real problem, then, isn't it? They don't want to have to face competition and the notion that their tools aren't vastly superior to the user to justify switching completely, so they must force the issue.

Now, it'd be different if this was 5 years down the road, netstat wasn't being maintained*, and most scripts/dependents had already been converted over. At that point there'd be a good, serious reason to consider removing an outdated package. That's obviously not the debate, though.

* Vs developed. If seven year old stable tools are sufficiently bug free that no further work is necessary, that's a good thing.

Re:That would break scripts which use the UI

[countach]

It is a flaw. Unix makes files and text the user API to the system, and these things are inherently untyped, unchecked and unsafe as APIs. Nobody would design a serious programming language or API like that.

Now you may say, yes but it's quick and easy. It is, but it's possible to make a system both quick and easy as well as unfragile. Lisp machines come to mind as an example.

Re:That would break scripts which use the UI

[Megol]

It isn't a flaw as it is a fundamental design choice. Text is king in Unix, for better and worse.

Personally I think a modern system should use typed binary data that is transparently converted to (and from) text when needed, but it's not a popular idea.

Re:That would break scripts which use the UI

And for VERY good reasons.

Re:That would break scripts which use the UI

[locofungus]

If I type ifconfig interface I get back pretty much everything I want to know about it

How do you tell in ifconfig output which addresses are deprecated? When I run ifconfig eth0.100 it lists 8 global addreses. I can deduce that the one with fffe in the middle is the permanent address but I have no idea what the address it will use for outgoing connections.

ip addr show dev eth0.100 tells me what I need to know. And it's only a few more keystrokes to type.

Re: That would break scripts which use the UI

Ifconfig can only list one IP address per interface. "ip addr list" shows all address per interface.

Similarly, "netstat -rn" only shows the main routing table. You need commands like "ip rule list" to get a list of what other routing tables there are.

For simple configs, ifconfig and netstat are sufficient, but advanced networking is only possible with the new tools.

Re:That would break scripts which use the UI

[DamnOregonian]

Eh. The author of the article is correct, though.
ifconfig, route, and netstat are insufficient for an actual view of reality within the networking stack.

This isn't a good argument for *getting rid of* those tools, by any means (and I still install them all on any RHEL7 machine I'm deploying) but iproute2 is necessary for any kind of advanced networking.

Re:That would break scripts which use the UI

[DamnOregonian]

If the old tools were adequate for the current networking stack in Linux, there would also be no problem.
They're not, as pointed out in the article (and I can point out even more ways).

Re:That would break scripts which use the UI

[DamnOregonian]

That's one of many examples of why you need iproute2 for advanced networking. In general, people who don't know why aren't very sophisticated network engineers/administrators.

Re:That would break scripts which use the UI

Right. You just replaced reading a text file looking for particular data, with having a mental model of exactly what you're looking for. And you call that easier. Why? Because you're a midwit homosexual.

Re:That would break scripts which use the UI

Oh, and you know what binary format to use, right? Is it a binary JSON, a binary XML, is it ProtocolBuffers?

There's a reason people designed serious programming languages and APIs using text. The fact you don't understand why means you shouldn't be making design decisions.

Re:That would break scripts which use the UI

[Darinbob]

Ifconfig *is* the API though. If you write code to expect /proc then it will only work on Linux. If you write to ifconfig then you've got good chances to work on BSDs, OSX, and with some tweaks maybe be compatible with ipconfig on windows as well. If you write an application to use /proc then that's a big red flag that someone is trying to bake in job security.

Re:That would break scripts which use the UI

[drinkypoo]

It is a flaw. Unix makes files and text the user API to the system, and these things are inherently untyped, unchecked and unsafe as APIs. Nobody would design a serious programming language or API like that.

That's what we had before Unix, and it sucked. Then Unix came along with its everything-a-file mentality and made the world a better place, so much so that even operating systems with binary file formats (like windows with its registry) still use device-as-file handle redirection to special device names, and still use flat file text databases behind the scenes in many places.

Re:That would break scripts which use the UI

[slack_justyb]

The problem isn't new tools. It's crap tools.

There's a fundamental problem with ifconfig, it uses ioctl. That's an insanely crappy interface given the three dozen other interfaces that not only Linux, but other versions of UNIX out there have created since the late 1970s. At some point you've got to let go, otherwise you're Microsoft support trying to support win32 legacy and bringing with that support a whole host of crap interfaces at the kernel.

If I just type ifconfig it will show me the state of all the active interfaces on the system

Oh heavens! The great UNIX gods of yore forbid you type "ip a" into a command line. It literally takes maybe about five or six minutes of studying and you'll be replacing ifconfig in no-time for typing the command in. It seriously is not that hard.

with far more complex arguments

If ip confuses you, and it's pretty straight forward a command IMHO, then I can only imagine how strange things like tar, sed, awk, grep, or hell even gcc might seem to you. No one likes change, but c'mon ip is nowhere even remotely as complex as say tar before they added automatic detection. I think what you want to say is that it is "new to you", but that does not mean that the command is this dizzying complex thing that is entirely unknowable. Hell, go try PowerShell for a day to build shadow groups on an AD tree.

shell scripting is a central feature of UNIX

In some UNIX, but not all. SGI and Mac OSX immediately come to mind. Shell scripting works for some and for others it doesn't. Stop trying to make sloppy generalizations.

I get it, people don't like change for the sake of change (that seems to be the mob mentality on Slashdot, heck try bringing up IPv6 on Slashdot and see if that doesn't prove true.) But these changes are there because the method these tools use have long since been deprecated by newer methods for finding that information. If you don't want to move on that's your call, by all means fork it. However the folks behind the actual steering wheel are done using an interface that's slow and inefficient for modern usage and written almost four decades ago. There's a point that it's time to let go. And I can't stand the whole GNOME thing and how ignorant they've gone in a direction. Or how bad Wayland has been implemented for some use cases. But I totally understand this. Trust me, this isn't the hill you all want to die on. net-tools is old, really, really, really, really old and poorly maintained code. I get that "it still works" but to use a horse metaphor, net-tools is a horse missing two legs, thin to where you can see every bone, and it's hacking up blood from it's lungs. Yes, the horse still "pulls" a plow, but this is clearly not the absolute best horse for this job.

Re:That would break scripts which use the UI

[slack_justyb]

Good new tools also do not have to be pushed on anybody, they can compete on merit

That's exactly what happened with the new tools. The new tools are insanely better by every single measure possible. The code is incredibly clean and well maintained, everything in net-tools uses old, slow, and poorly maintained code. Hell even the people who maintain net-tools don't want to maintain net-tools. We already had the competition and the new tools won out hand over fist. I know everyone is just now getting to the game here, but these "crap tools" were written something like nine ~ ten years ago. I mean, how much notice and merit is everyone looking for here? The only reason there's a push now, is cause over the last five to six years vendors have been telling everyone that they're dropping net-tools. But yeah, we already did the whole "compete" thing, net-tools sucked so bad, it wasn't hard convincing the folks on every level to start focusing on the new tools.

Re:That would break scripts which use the UI

[gweihir]

The new tools are insanely better by every single measure possible.

Either you are _really_ clueless or you are lying directly here. Because that is very obviously not true.

Re:That would break scripts which use the UI

[slack_justyb]

Either you are _really_ clueless or you are lying directly here. Because that is very obviously not true.

Apparently managing 1100 virtual host spread across 20 Power8 boxes and on-fly doc generation isn't something you do, I don't blame you, compliance in my wing is shit to begin with but I don't dictate that, I just get to pick which way I comply with that in the fastest manner so I can move on with life. Using an ifconfig approach which I am forced to do with AIX on a different 15 box Power7 set of systems even with thread count set to eight can take several hours to doc-gen the values from all of the prodding the fs that has to take place on each box that gets asked. The Linux ss/ip methods can take about two-three minutes even with the cores set to two thread per VM. But I'm more than happy to hear your success story there.

Re: That would break scripts which use the UI

[Zero__Kelvin]

Who said there was a problem?

Re:That would break scripts which use the UI

[DamnOregonian]

Is it a binary JSON, a binary XML, is it ProtocolBuffers?

LOL. Kids.
We're so fucked if all the OS architects die tomorrow.

Re:That would break scripts which use the UI

[fluffernutter]

If you can't make a display with all the information on the new stack and have it work, then the problem is with the way the stack is designed. At least, that's the problem if you care about your user base.

Re:That would break scripts which use the UI

[DamnOregonian]

Let me make sure I understand you.
If my car now has an electric motor, but I can't make my old gasoline motor dash make much sense with it... My electric motor is the problem?

Re: That would break scripts which use the UI

Eat shit.

Re:That would break scripts which use the UI

[mvdwege]

You know why systemd is winning? It's because all real opposition is from mental midgets who do things like confuse iproute2, a ten year old suite of tools, with Potterings work.

And frankly, I think these are people you even loop up to.

Re:That would break scripts which use the UI

"As soon as there is pressure to use something new though, you can be sure it is inferior."

Should be on mugs, posters, and Think Geek (is that still a thing?) shirts.

Re:That would break scripts which use the UI

[gweihir]

"I am so great you cannot even comprehend it" fallacy. (Can't be bothered to look up the correct name, but only losers use it.) Your immature posturing does nothing to strengthen your position. It weakens it further. Also, you seem to be stupid, because "every single measure possible" does very obviously include measures that are taken against different situations than your special case.

Re:That would break scripts which use the UI

[slack_justyb]

Crap tools written by morons with huge egos and rather mediocre skills

Yes. I'm the one with the immature posturing.

Good new tools also do not have to be pushed on anybody, they can compete on merit.

And here's a nice falsehood too. Apparently the tool is "new to you". However, some of us took note of the thing about five or six years ago when distro folks said they were changing. So, dear child, I wonder who truly is here suffering from "I am the world" syndrome? Because the tool clearly won out on merit, I guess you couldn't be bothered with that change as it was being made.

Re: That would break scripts which use the UI

[fluffernutter]

No, if your EV dash has no speed reading or energy capacity reading and the automaker tells you they cannot display speed or remaining miles because it is an EV. That is a more apt comparison. Its not like concepts of netmasks and mac addresses have changed.

Re:That would break scripts which use the UI

General intelligence is a bell curve, but specific intelligence is a power curve. In most situations "I am so great you cannot even comprehend it" is a fallacy, but not all.

A real fallacy is to believe you're great at many things just because you're great at one thing.

A simplified anecdote is a race condition that my co-worker discovered in a piece of code that I hurriedly slapped together, but only showed up in some rare situations. I highly respect my co-worker. The fact that he found the race condition in such a large system was testament to his ability to understand the issue. But I tend to have a knack for concurrency. I just glanced at the code and was like "whoops, I derped", then I quickly re-wrote the code, this time putting more focus into making sure it was correct.

He looked at the new code and could not understand how it also did not also have a race condition. So I explained it. Then explained it some more. And more, and more. After well over an hour, he gave up and said that I felt sure about it, he'll sign off for deployment. It bothered him enough that he wanted to see if I was correct. He spent a several days of effort over about two weeks and made a proof and saw that my design was correct.

This was not a situation of me having experience. I come up with solutions on the fly. Many would consider me some sort of genius in a certain way, but at the same time, I am very stupid when it comes to other aspects of programming. Overall I am on a bell curve, but when it comes to certain aspects of programming, few can comprehend my solutions. And not because they're complex solutions. One of my disabilities makes it near impossible for me to understand complexity, so I break complex issues down into a collection of simple problems with absolute characteristics that I can understand.

I have difficulty understanding proofs, yet what I do is exactly that. I make proofs in my head using images. I can reason about these images as naturally as anyone can reason about what they see in daily life. But like image processing, there are situations where you think you're seeing one thing, when it's really something else. I don't reason with logic, I reason with intuition. It's very fast and very strong, but it is not perfect. I am only human of course.

I find that most programmers are both good and bad at programming. Every day I see someone do something that I might even warn them about, and think "boy where they stupid", but then I also see them do something that I'm not very good at, and they nail it on the head. People are not cogs. Everyone has their strengths and weaknesses, but some people have phenomenally strong strengths with usually correspondingly weak weaknesses.

I guarantee that there are people out there who can do things so well, not only you could never understand, but very few people could fully appreciate.

All that said, a person so full of themselves rarely is as great as they try to lead you to believe. No fool is more foolish than he who thinks himself so great that he cannot better himself.

Re: That would break scripts which use the UI

If you like endless apis and environments where you cant do anything without a compiler, go back to windows.

Re:That would break scripts which use the UI

[gweihir]

Well, dear asshole and idiot, I have used, for example, "ip" for policy based routing wayyyy back.

Re: That would break scripts which use the UI

[DamnOregonian]

That comparison isn't apt at all, though. The iproute2 tools show all information net-tools show, and much, much, much more.
Your complaint seems to be that you can't type ifconfig.

Re: That would break scripts which use the UI

i believe 'ip a s dev eth0' works just as well. you can abbreviate subsequent ip commands by their first letter. but ymmv

Re:That would break scripts which use the UI

The perfect description of systemd.

Re:That would break scripts which use the UI

I have no idea which of you is right. But I know the other guy provided examples with details whereas you seem to be using only "argument by assertion". Maybe you ALSO feel you're so great HE can't even comprehend it, but you're blind to it when it's YOU doing it.

If you had also provided evidence, details, and examples, I might be able to begin to attempt to compare your assertions against his. Since you're just saying "No, *I* am the one that is right" I can't really even begin to evaluate the veracity of YOUR claims. His at least I could go investigate and see if they are accurate, broadly applicable or only narrowly as you suggest, etc. etc.

Re:That would break scripts which use the UI

[skids]

The new tools are insanely better by every single measure possible.

I use both, and I know that iproute2 is definitely better in many respects.

But definitey not all: the output is less readable/useful (workflow matters more than logical structure, guys) and the manpages suck (yes you should have BNF somewhere in the manpage, but it should not *be* the manpage. A manpage should list most common usages first, and end with a list of examples... examples, not restatements of the BNF... for intermediate use cases.)

Re: That would break scripts which use the UI

I second the "crap tools" sentiment. I eould *much* rather deal with ifconfig and its cousins.

I also have a distaste for the changed naming conventions. I really don't give a damn about where a given interface sits in the collection of devices. It isn't really any harder to plug cables in to see which is eth0 than it is to see which is enp1s5.

iftab helps, but is a bit flakey at times.

Gnome, kde and ip are almost enough to make me install *bsd.

Re: That would break scripts which use the UI

Umm, I hope that you aren't attempting to suggest that systemd is an improvement.

The philosophy that makes the *nix world so much better than other offerings is using simple, orthogonal tools that can be chained together to accomplish complex tasks.

Systemd tries to do *everything* and ends up doing very little well.

Re:That would break scripts which use the UI

[Waccoon]

Assuming you're the only one who will use the tool, or you're solving a problem that is not time critical.

Remember the mantra that Linux is free if you don't value your time. That means when your tool isn't designed properly, it can waste huge amounts of OTHER peoples' time. Collectively, that can add up to many thousands of man years.

Re:That would break scripts which use the UI

[strikethree]

But yeah, we already did the whole "compete" thing

Links to where this is demonstrated?

net-tools sucked so bad, it wasn't hard convincing the folks on every level to start focusing on the new tools.

Quite a few grandiose claims here. Nobody has convinced me at my level.

Your words are persuasive but you offer nothing to validate the truth behind your words. I remain unconvinced.

Re:That would break scripts which use the UI

[TechyImmigrant]

Assuming you're the only one who will use the tool, or you're solving a problem that is not time critical.

Remember the mantra that Linux is free if you don't value your time. That means when your tool isn't designed properly, it can waste huge amounts of OTHER peoples' time. Collectively, that can add up to many thousands of man years.

I'm not assuming. I know it.

The point of my post was that I was optimizing for time. Did you miss that?

Re:That would break scripts which use the UI

[Waccoon]

The point of my post was that I was optimizing for time. Did you miss that?

Of course not. It's all nice and well that you're writing your own tools and using them yourself exclusively. However, pretty much the whole thread has to do with tools that are redistributed and will be used by other people. Most UNIX tools tend to be like that, especially in a business environment where turnover is a fact of life and someone else may very well have to deal with a tool you thought would only be used by yourself. That's when "saving time" becomes a problem. Whipping things out quickly and wasting OTHER people's time with slow execution is only a valid design choice in limited circumstances.

This should be obvious, of course, but even after decades of OS development and new hardware we're still loaded to the tilt with scripts, updaters, and boot times that can take minutes to hours. Some iOS updates run in stages and can literally take days. Multiply that by thousands or even millions of people, and that can be a lot of wasted time.

Re:That would break scripts which use the UI

I see you have discovered Powershell

Re: That would break scripts which use the UI

[Brockmire]

What network related package do you maintain or develop? That was the folks being referred to, not you (are you important to someone other than your mother?) specifically.

Re: That would break scripts which use the UI

[mvdwege]

Oh look, another mental midget who can't even read.

Why do they need to be REPLACED?

[freeze128]

What's wrong with just ADDING newer commands and leaving the old ones?

Re: Why do they need to be REPLACED?

[guus_deleeuw]

Exactly my idea. Let the user decide which he wants to use.

Re:Why do they need to be REPLACED?

That's the first thing I thought. If the younger hip crowd wants a new shiny, give it to them... but don't break stuff that's already solid.

Re:Why do they need to be REPLACED?

They don't. Linux users complain. News at 11.

Re:Why do they need to be REPLACED?

[gweihir]

Then you would have to compete on merit, i.e. your new shiny greatest thing (TM) would actually have to be better to be successful. It rarely is.

Re:Why do they need to be REPLACED?

[jythie]

The problem is maintenance. The old tools can stick around, but someone has to maintain them, update them, and it increases the potential security problems if you have two parallel sets installed at the same time so distros will try to go with one or the other. And there is the deeper issue : as usage changes, more and more internals are also changing. The new tools are intended to dovetail with the direction some users want linux to go, so cutting off the old tools frees them up to make deeper changes.

Re:Why do they need to be REPLACED?

[religionofpeas]

The old tools can stick around, but someone has to maintain them, update them, and it increases the potential security problems if you have two parallel sets installed at the same time so distros will try to go with one or the other

Distros can provide both,but only use the new tools, without any security issue.

Re:Why do they need to be REPLACED?

[c]

What's wrong with just ADDING newer commands and leaving the old ones?

People would just keep using the old ones and ignore the new ones. This would be a blow to the egos of the people reinventing the wheel and hence can't be allowed.

Re: Why do they need to be REPLACED?

If anything, these new tools will open up the attack surface. The old tools are hardened. They've been around. Now granted, they aren't 100% secure because that's an impossible task, but currently they are solid.

Re:Why do they need to be REPLACED?

[thegarbz]

You're assuming that there's no cost to providing both, there is. Maintenance is still a thing. Worse it doesn't scale linearly.

If you have 1 tool, you maintain 1 tool and 1 dependency tree.
If you have 2 tools, you maintain 2 tools, 2 dependency trees, a method of choosing which of the 2 get installed, and an effort to clarify the standard tool chain to use as a policy in your distro lest it becomes a horrible mess.

Easy enough for the cases of ifconfig. But just don't apply that thinking universally to things like audio subsystems, desktops, init systems etc.

Re:Why do they need to be REPLACED?

[thegarbz]

You would think that the cost of maintaining parallel tools, codes, and libraries would be well understand by someone who's slashdot handle is 'c'.

Re:Why do they need to be REPLACED?

[c]

It's not that I don't understand the cost, it's more that the cost of maintaining parallel anything has rarely been a major consideration in the open source world, usually because the maintainers tend to be entirely different groups.

I also understand the cost of deprecating something and switching to something else. It's rarely cheaper than parallel maintenance, even when the end-product is better.

Re:Why do they need to be REPLACED?

[DamnOregonian]

LOL. These 'new' commands have been in every major linux distro for almost 20 years.
What's wrong with just adding newer commands and leaving the old ones? Nothing. That's exactly what was done. After a couple of decades, some distributions have decided to stop including the old ones, because they're deprecated, show wrong and/or incomplete information, and don't even present a model that accurately represents the reality of the network stack.

Re:Why do they need to be REPLACED?

[mishehu]

I'm pretty sure this, unlike systemd, has been a long slow process. How many more years does everybody need to prepare for the inevitable?

Re:Why do they need to be REPLACED?

[rastos1]

iproute2 was added to Slackware in 2004. And ifconfig is still there. Are you perhaps using distro that is so much more conservative ( compared to Slackware ) that it still does not have "iproute2" ? Or a distro that is so broken that it removed "net-tools/ifconfig"?

Re:Why do they need to be REPLACED?

[DamnOregonian]

More than 20, apparently.

Re:Why do they need to be REPLACED?

[thegarbz]

it's more that the cost of maintaining parallel anything has rarely been a major consideration in the open source world

Actually it is a very real consideration, it has been something that has come up over and over again in the past 15 years. This isn't my opinion. I'm regurgitating the opinion of the maintainers of RedHat from their own mailing list. Parallel maintenance isn't just maintaining 2 pieces of software. It's maintaining 2 pieces of software, two dependency trees, a system for providing choice between these pieces of software and policies and procedures to check the preferred piece is used, and slapped on top additional compatibility work should someone chose to not want both pieces of software installed.

I also understand the cost of deprecating something and switching to something else. It's rarely cheaper than parallel maintenance, even when the end-product is better.

You just said the cost of introducing new thing is more expensive than the cost of introducing new thing + keeping old thing + maintaining a system to provide choice between said things. I don't see how you could be any more wrong, mathematically, philosophically, or about maintaining and developing software.

Re:Why do they need to be REPLACED?

[sad_]

exactly this!

It is how the *nix cli environment is what it is today. it grew as new commands were added that did specific things, by the KISS principle. Sure ifconfig/route/etc don't do all the things we need in todays modern world, that is easily solved by adding specific commands for that missing purpose.

Re:Why do they need to be REPLACED?

[c]

You just said the cost of introducing new thing is more expensive than the cost of introducing new thing + keeping old thing + maintaining a system to provide choice between said things.

Unless your maintenance philosophy is "users; fuck 'em", the cost of introducing new things includes the cost of users+downstream dependencies migrating to the new system, as well as the cost of easing that migration. If you ignore those externalities then absolutely yes, the math is in favour of dropping the old system like a hot potato and moving everything to the latest and greatest once it's feature equivalent and stable. Sooner even, because who really needs happy, loyal customers anyways?

Re:Why do they need to be REPLACED?

[thegarbz]

The cost of migrating to the new system is offset by the benefit. Contrary to the peanut gallery's belief things don't just happen because NIH or because change for change's sake, and those who claim they do are simply ignorant of the purpose of the change.

Sooner even, because who really needs happy, loyal customers anyways?

Yeah I know right? Linux is dead. Everyone moved to BSD like the threatened to the last 10 times there was change people complained about. The only real problem with this scenario is the whingers didn't actually leave, they just sit around festering.

Re:Why do they need to be REPLACED?

[c]

The cost of migrating to the new system is offset by the benefit.

There's cases where it's clearly the case. Migrating from CVS to GIT, for example, is a non-brainer in most (but not all) cases.

In most cases these sorts of migrations just push the cost of parallel maintenance further down the stack, inflating it in the process. It becomes yet another platform compatibility issue that has to be dealt with in hundreds/thousands/millions of places because it's generally not feasible for the entire ecosystem to flip over to the new system.

Install size and attack surface

[tepples]

Installing more programs by default makes the install image larger (in megabytes) and take longer (in seconds). It also increases the attack surface, as more lines of code generally* mean more defects that an intruder can exploit to either gain initial access or elevate privilege.

* Assuming a constant defect rate measured in defects per thousand lines.

Re:Install size and attack surface

[ZeroPly]

By that logic, we should just get rid of Linux, and stick to using Windows. Less total lines of code and all.

Re:Install size and attack surface

The size increase due to stuff like netstat and ifconfig is trivial. Where the bloat comes from is needing python, java, javascript, often in various versions to make a system run. There is absolutely no reason this crap needs to be mandatory. And talk about expanding the attack surface.

Re:Install size and attack surface

Installing more programs by default makes the install image larger (in megabytes) and take longer (in seconds). It also increases the attack surface, as more lines of code generally* mean more defects that an intruder can exploit to either gain initial access or elevate privilege.

* Assuming a constant defect rate measured in defects per thousand lines.

If that was a primary concern there would be no linux/unix flavors outside of OpenBSD.

Re:Install size and attack surface

[Desler]

Oh no! What will I ever do with extra megabytes being used on my 10 TB hard drive. The horror!!!

Re:Install size and attack surface

[religionofpeas]

Installing more programs by default makes the install image larger (in megabytes)

Yes, please get rid of notorious memory hogs ifconfig (67kB) and netstat (117 kB).

Re:Install size and attack surface

[ruir]

Have you seen the corresponding binaries size? Anyway, what would it prevent the new binaries accepting both names, and the old and new syntax? Or writing wrappers (not the best idea, but then...)
The old ones are *still* there...for now. They are just not installed by default.

Re:Install size and attack surface

[drinkypoo]

The space taken up is basically irrelevant today, for the class of program we're discussing. If maintenance is an issue, then reimplement the old commands using the new commands' guts. But don't rip out commands that many, many people are using without offering a workalike replacement, that's rude and unnecessary.

Re: Install size and attack surface

[Bing+Tsher+E]

I just checked, and on my system, /sbin/ifconfig is a 114K binary.

Saving megabytes? This new wonderment of code is certain to be a bloated pig compared to 114K.

Re:Install size and attack surface

[WaffleMonster]

Installing more programs by default makes the install image larger (in megabytes) and take longer (in seconds). It also increases the attack surface, as more lines of code generally* mean more defects that an intruder can exploit to either gain initial access or elevate privilege.

If you look at "ping" for example which is an suid program its behavior depends on calling process name. There are not really two versions of ping on disk. There is one program that behaves differently depending on whether it is executed as "ping" or "ping6" because it checks calling name and changes internal behavior accordingly.

Even if the programs were physically separate nothing would change WRT to "attack surface". The structure and nature of the code are what matters not the number of programs.

Besides in most cases none of the processes involved /w TFA are actually privileged. There is no suid bit on either ifconfig or netstat. It's hard to see a compelling case for mere presence of unprivileged software increasing "attack surface". If there is a new kernel interface (/proc, netfilter, ioctl or whatever) accepting unprivileged access then that interface presents a risk whether or not associated program is installed or not.

Re: Install size and attack surface

I'm calling it now. It will be at least 10 mb, but also have 100mb of dependencies. Including adding an interface for systemd to hook to.

Re:Install size and attack surface

[Etcetera]

The size increase due to stuff like netstat and ifconfig is trivial. Where the bloat comes from is needing python, java, javascript, often in various versions to make a system run. There is absolutely no reason this crap needs to be mandatory. And talk about expanding the attack surface.

The Windows developers are the ones bringing idiotic crap like java and javascript in as system requirements.

Shell and Perl, on the other hand, have a long, long history on *nix systems, and projects like systemd that saw removal of it as a goal are based on Utopian philosophical goals, not any rational discussion on attack surface or utility, unless you're trying to create a 16MB distro or something (which they aren't).

Python there's a slightly stronger case for, but in the 2000's it emerged as a near-defacto standard for a wide variety of system tooling, with more ability than Shell and less syntactic complexity than perl in its preferred domain.

Of course, none of that is a great argument for removing a 70K C binary or practically forcing others to.

Re:Install size and attack surface

[Etcetera]

If you look at "ping" for example which is an suid program its behavior depends on calling process name. There are not really two versions of ping on disk. There is one program that behaves differently depending on whether it is executed as "ping" or "ping6" because it checks calling name and changes internal behavior accordingly.

I'm convinced "modern" Windows/java devs don't know about the existence of $0.

Re:Install size and attack surface

What attack surface ? neither ifconfig nor netstat have setuid ? The most you can get them do is what you can already do yourself.

Re:Install size and attack surface

[tepples]

It's about tricking a website's script processor into calling a vulnerable program and thereby gaining the equivalent of shell access as the owner of the script.

Re:Install size and attack surface

"Attack surface" ?
If you've got unauthenticated/unauthorized users running net config commands, you ought to be looking for your attack surface elsewhere.

We will 'correct' your tools, one by one.

We will 'correct' your tools, one by one.

Re:We will 'correct' your tools, one by one.

Thanks Microsoft!

Re:We will 'correct' your tools, one by one.

[Z80a]

Don't worry, someday SystemD will replace it's functions.
SystemD will replace everything.

Replace the terminal

Or more like, get rid of it entirely. F your Terminal. If it cannot be done through a GUI, your OS will never hit mainstream and will keep being niche among the few "elite" who think everyone has the time or will, to learn how to use the terminal for the slightest little thing.

Re:Replace the terminal

Teach me how to rename more than 10,000 files inside a single directory using a GUI.

Re: Replace the terminal

[Brockmire]

The GUI app is just a wrapper for what the command line does, except better because you can see and select options in one view without having to look at documentation,better understand what files will be changed, or figure out command line syntax. Seriously, what was the fucking point besides pointing out you need your hand fucking held?

Re:Replace the terminal

Teach me how to rename more than 10,000 files inside a single directory using a GUI.

https://support.apple.com/guide/automator/welcome/mac

So the solution is "break everything"

Yes? Let's take a guess at what really happened:

- Some trifling, meddling asperg was poking around coreutils/netutils
- Spots what he has determined to be "inefficiency"; a common symptom of aspergers
- Decides what's needed is a whole new "System"
- probably needs it's own special, unique syntax and scripting format, which perfect sense to him
- feels Very Excited about forcing everyone to learn his new, obtuse, counter-intuitive AsperScript

Says the systemd asshats!

Gotta love the preemptive "Linux's 'not invented here' attitude".

Why the fuck is this Thalidomide-brained moron blathering about "not invented here"? The whole blog post is an "I invented something better here!" self-congratulatory paean to mental masturbation that reeks of smug "not invented here" superiority.

Mainly because ...

[thadtheman]

Lenart Poettering hasn't screwed up linux enough already.

Re:Mainly because ...

[gweihir]

Indeed. Just wasted several hours ripping his crap out of armbian. Now things actually work in the way I want and I can customize things easily.

Re:Mainly because ...

[DamnOregonian]

Yes. Someone should go back to 1996 when these tools were first written and introduced into fucking debian to implement an obscure linux kernel interface that ended up becoming the official and preferred kernel interface for dealing with the networking stack, punch the net-tools guys for refusing to support said interface for the next *two fucking decades*, while every major distribution slowly moved their network management scripts over to it, and then punch 16 year old poettering in the face for some day writing another tool that everyone hates.
And someone modded your ass insightful. Amazing.

6 stages of life

[goombah99]

1. You find that being 5 takes all your concentration right not, so you don't know what people are referring to either by "30 something" or "parent's basement"

2. You can't wait to get away from your parent's basement but at least you aren't thirty.

3. You get your first job and make jokes about dweebs you meet who are 30 and in their parents basement

4. Your not sure how it work out this way, but somehow it's your 30th birthday and your bed is in your parent's basement.

5. You finally are free of your parent's basement.

6. You finally understand your parents! and would give anything to be 30 again or living with your parents again

That's the reason

It done one thing: Maintain the routing table.

"ip" (and "ip2" and whatever that other candidate not-so-better not-so-replacement of ifconfig was) all have the same problem: They try to be the one tool that does everything "ip". That's "assign ip address somewhere", "route the table", and all that. But that means you still need a complete zoo of other tools, like brconfig, iwconfig/iw/whatever-this-week.

In other words, it's a modeling difference. On sane systems, ifconfig _configures the interface_, for all protocols and hardware features, bridges, vlans, what-have-you. And then route _configures the routing table_. On linux... the poor kids didn't understand what they were doing, couldn't fix their broken ifconfig to save their lives, and so went off to reinvent the wheel, badly, a couple times over.

And I say the blogposter is just as much an idiot.

Per various people, netstat et al operate by reading various files in /proc, and doing this is not the most efficient thing in the world

So don't use it. That does not mean you gotta change the user interface too. Sheesh.

However, the deeper issue is the interface that netstat, ifconfig, and company present to users.

No, that interface is a close match to the hardware. Here is an interface, IOW something that connects to a radio or a wire, and you can make it ready to talk IP (or back when, IPX, appletalk, and whatever other networks your system supported). That makes those tools hardware-centric. At least on sane systems. It's when you want to pretend shit that it all goes awry. And boy, does linux like to pretend. The linux ifconfig-replacements are IP-only-stack-centric. Which causes problems.

For example because that only does half the job and you still need the aforementioned zoo of helper utilities that do things you can have ifconfig do if your system is halfway sane. Which linux isn't, it's just completely confused. As is this blogposter.

On the other hand, the users expect netstat, ifconfig and so on to have their traditional interface (in terms of output, command line arguments, and so on); any number of scripts and tools fish things out of ifconfig output, for example.

linux' ifconfig always was enormously shitty here. It outputs lots of stuff I expect to find through netstat and it doesn't output stuff I expect to find out through ifconfig. That's linux, and that is NOT "traditional" compared to, say, the *BSDs.

As the Linux kernel has changed how it does networking, this has presented things like ifconfig with a deep conflict; their traditional output is no longer necessarily an accurate representation of reality.

Was it ever? linux is the great pretender here.

But then, "linux" embraced the idiocy oozing out of poettering-land. Everything out of there so far has caused me problems that were best resolved by getting rid of that crap code. Point in case: "Network-Manager". Another attempt at "replacing ifconfig" with something that causes problems and solves very few.

Re: That's the reason

Network manager has dealt with a niche problem for Linux laptops that plagued it for over a decade. Ifconfig didn't work. And it also resolved a lot of connectivity issues with desktop Linux that also plagued it for decades, from vpn connections to just plain Ethernet.

You complaining about it just shows me you don't give two shits about these people and just as bad as the ones pushing these new tools on us like systemD.

Re: That's the reason

"On noes, you're being mean to my pet niche, now I'll officially declare you a Bad Person!!1!"

No, I don't give a hoot about idiots insisting on clickibunti everywhere, turning into opaque graphics-dependent bullshit that which previously had been served perfectly fine by the old Unix way of editing a file or two.

"Desktops" by and large only ever need DHCP enabled on their (one) interface, and you don't need clickibunti for that. Nevermind that most installers and post-install configurators already did exactly that, graphically if they were so inclined. Configuring laptops was mildly not entirely convenient because you had to remember what file to edit to stick in a BSSID and a PSK. Oh boo-hoo so hard. Improving this would have entailed a nice way to show the available networks, allow you to add the required lines to the usual places, and kick the supplicant to do its thing.

So NetworkManager came along, and instead of a sane cooperative approach, it took over all duties, shut you out of being able to configure by file, and caused problems of its own. As did the crew authoring that shit, then complaining the community was so mean to them. Same trick you're pulling here really.

NetworkManager simply isn't worth the hassle unless you're too stupid and windows-brainwashed to have become subjugated by the GUI. Meaning that it sucks giant devil goat testicles through mcdonald's straws and and that it doesn't play well with others. IT SHOULD HAVE DONE BETTER, NOT MERELY "differently worse". Great show defending that shitshow. You idiot.

Re:That's the reason

[locofungus]

It done one thing: Maintain the routing table.

Should the ip rule stuff be part of route or a separate command?

There are things that could be better with ip. IIRC it's very fussy about where the table selector goes in the argument list but route doesn't support this at all.

I also don't think route has anything like 'nexthop dev $if' which is a godsend for ipv6 configuration.

I stayed with route for years. But ipv6 exposed how incomplete the tool is - and clearly nobody cares enough to add all the missing functionality.

Perhaps ip addr, ip route, ip rule, ip mroute, ip link should be separate commands. I've never looked at the sourcecode to see whether it's mostly common or mostly separate.

Re: That's the reason

^this^

The people who think the old tools work fine don't understand all the advanced networking concepts that are only possible with the new tools: interfaces can have multiple IPs, one IP can be assigned to multiple interfaces, there's more than one routing table, firewall rules can add metadata to packets that affects routing, etc. These features can't be accommodated by the old tools without breaking compatibility.

Re: That's the reason

[RabidStoat]

fine, super, great, grand, use the new tools for that, just leave the old ones there for those of us that need backwards compatibility or have large estates to manage over a large number of years.

Re:That's the reason

[drinkypoo]

I also don't think route has anything like 'nexthop dev $if' which is a godsend for ipv6 configuration.

route is the obvious place to go to add routing rules. add to the syntax of the route command, which has already been done before on Linux, and put that functionality there.

I stayed with route for years. But ipv6 exposed how incomplete the tool is - and clearly nobody cares enough to add all the missing functionality.

Someone cared enough to implement an entirely different tool to do the same old jobs plus some new stuff, it's too bad they didn't do the sane thing and add that functionality to the old tool where it would have made sense.

Re: That's the reason

[drinkypoo]

NetworkManager simply isn't worth the hassle unless you're too stupid and windows-brainwashed to have become subjugated by the GUI. Meaning that it sucks giant devil goat testicles through mcdonald's straws and and that it doesn't play well with others. IT SHOULD HAVE DONE BETTER, NOT MERELY "differently worse". Great show defending that shitshow. You idiot.

What's more, in the interim all that functionality has been replicated without it, so you can do it with ifupdown and whatnot. As usual, NIH was involved. They thought they were smarter than the people who developed the tools we were using already, which simply needed some functionality added. They were wrong.

Re:That's the reason

[DamnOregonian]

Someone cared enough to implement an entirely different tool to do the same old jobs plus some new stuff, it's too bad they didn't do the sane thing and add that functionality to the old tool where it would have made sense.

It's not that simple. The iproute2 suite wasn't written to *replace* anything.
It was written to provide a user interface to the rapidly expanding RTNL API.
The net-tools maintainers (or anyone who cared) could have started porting it if they liked. They didn't. iproute2 kept growing to provide access to all the new RTNL interfaces, while net-tools got farther and farther behind.
What happened was organic. If someone brought net-tools up to date tomorrow and everyone liked the interface, iproute2 would be dead in its tracks. As it sits, myself, and most of the more advanced level system and network engineers I know have been using iproute2 for just over a decade now (really, the point where ifconfig became on incomplete and poorly simplified way to manage the networking stack)

Re: That's the reason

Should the ip rule stuff be part of route or a separate command?

What was just said about "hardware-centric" and "stack-centric"? If you understand that then this isn't a question, but instead you are entirely stuck in the way "ip" presents its confused worldview.

But ipv6 exposed how incomplete the tool is - and clearly nobody cares enough to add all the missing functionality.

Again, *on linux*. Just like *linux'* ifconfig for years wouldn't work right unless you gave it ipaddress, netmask, AND broadcast address, where on *BSD you could suffice with CIDR-notation. linux' ifconfig would actually DTWT instead of complain, to boot.

^this^

The people who think the old tools work fine don't understand all the advanced networking concepts that are only possible with the new tools: interfaces can have multiple IPs, one IP can be assigned to multiple interfaces, there's more than one routing table, firewall rules can add metadata to packets that affects routing, etc. These features can't be accommodated by the old tools without breaking compatibility.

Funny how the *BSDs manage all that just fine, thanks. And with just ifconfig at that. A sane version thereof, of course. They don't have that struggle with ip/ipconfig/ipwhatever. So again the problem is trying to reinvent instead of fix, and working off a confused worldview. This is very much a linux(-developer community) problem. With predictable results.

Re:That's the reason

It's not that simple. The iproute2 suite wasn't written to *replace* anything.

It was written to provide a user interface to the rapidly expanding RTNL API.

Okay, so, you're working on your all-new all-dancing networking stack api thingy whatnot.

And instead of taking the existing tools able to configure the networking though your new API you come up with an entirely new set of tools that do the IP part of the work but leave the other half by the wayside. And this you call "organic". You're really saying "if only someone else had done the work the RTNL guise should've done themselves, then we wouldn't be in this mess", except you're trying to give it a little positive spin.

That's quite the argumentum ad poetteringam, sir.

As it sits, myself, and most of the more advanced level system and network engineers I know have been using iproute2 for just over a decade now (really, the point where ifconfig became on incomplete and poorly simplified way to manage the networking stack)

linux never had a decent ifconfig, something known to people with Unix experience beyond that poor bastard copy "linux". It just means that, again, you're poorly informed and not up to the task of coming up with decent tools.

Re:That's the reason

[DamnOregonian]

Nope. Kernel authors come up with fancy new netlink interface for better interaction with the kernel's network stack. They don't give two squirts of piss whether or not a user-space interface exists for it yet. Some guy decides to write an interface to it. Initially, it only support things like modifying the routing rule database (something that can't be done with route) and he is trying to make an implementation of this protocal, not try to hack it into software that already has its own framework using different APIs.
This source was always freely available for the net-tools guys to take and add to their own software.
Instead, we get this.
Nobody is giving a positive spin. This is simply how it happened. This is what happens when software isn't maintained, and you don't get to tell other people to maintain it. You're free, right now, today, to port the iproute2 functionality into net-tools. They're unwilling to, however. That's their right. It's also the right of other people to either fork it, or move to more functional software. It's your right to help influence that. Or bitch on slashdot. That probably helps, too.

Just change the packaging

Why not install the new and shiny tools by default, but keep the mature ones in a package (maybe "net-utils-legacy") - distros can e.g. decide, to put it in "-server" but not in "-minimal" ?

- The (tiny) crowd, who cares about inefficiency of ifconfig AND who cares about say 1MB bigger base image can just not install it
- The (huge) crowd who depend on some script calling "ifconfig -a" need not fear having to diagnose and rebuild their world.

Is that really the stuff of a new war, or can we just grow up and think of it as a no-brainer?

Re:Just change the packaging

[RabidStoat]

perfect, although I'd do it the other way around of course ! make the upstarts work harder

Really? I don't buy that!

[aglider]

Who ever has seen a netstat or ifconfig run taking more than a second or two?
Unless you put them in a tight loop, you won't ever notice the difference in the load of the system.

What utter nonsense.

[AJWM]

I'm responsible a lot of production systems (somewhere around a thousand VMs, it varies), so of course I worry about CPU use, memory use, I/O, etc. I have never, ever, in decades of sysadmin'ing, worried about how much of the above ifconfig or netstat take. (It's not like what's in /proc are actual files, after all; /proc a kernel interface.)

Worried about efficiency? In the aggregate you'll waste more CPU- and man-hours compiling and debugging your replacement tools than using ifconfig or netstat will. Go spend that time on something useful.

Re:What utter nonsense.

[DamnOregonian]

I'm responsible a lot of production systems (somewhere around a thousand VMs, it varies), so of course I worry about CPU use, memory use, I/O, etc. I have never, ever, in decades of sysadmin'ing, worried about how much of the above ifconfig or netstat take. (It's not like what's in /proc are actual files, after all; /proc a kernel interface.)

Yet as someone responsible for that much, you didn't switch to iproute2 for network stack management a decade ago?
I had to. If you're still administrating linux with ifconfig, route, and netstat, you're just a kid. In your case, a kid with a significant amount of responsibility, but you're still building with legos. Here in the big kid world, we have policy routing, vrf, differently scoped addresses and a myriad of other complicated network requirements.
ifconfig as a command is less functional than the iproute2 equivalents. It is however a lot simpler to use if you need a very limited subset of the information that can exist.

Re:What utter nonsense.

[WaffleMonster]

Yet as someone responsible for that much, you didn't switch to iproute2 for network stack management a decade ago?
I had to. If you're still administrating linux with ifconfig, route, and netstat, you're just a kid. In your case, a kid with a significant amount of responsibility, but you're still building with legos. Here in the big kid world, we have policy routing, vrf, differently scoped addresses and a myriad of other complicated network requirements.

PBR/VRF are right up there with systems virtualization as band-aids to side step much deeper architectural deficiencies. Complexity in the network is something to be embarrassed about not celebrated.

Re:What utter nonsense.

[DamnOregonian]

PBR/VRF are right up there with systems virtualization as band-aids to side step much deeper architectural deficiencies. Complexity in the network is something to be embarrassed about not celebrated.

LOL. I'm unsure how to respond to this. You sir, are Not Even Wrong.

Re:What utter nonsense.

[WaffleMonster]

LOL. I'm unsure how to respond to this.

The network is the wrong layer for security, application availability, isolation and management regimes.

These things can all be handled more effectively in a more application appropriate manner at higher layers.

As we have seen with containers supplanting virtual machines, rise of E2E security, application controlled overlays and supplanting of VPNs the transition is already well underway.

You can continue to build castle walls, fill the motes with alligators and police your cobblestone roads to your hearts desire but don't pretend there is any future in it.

Re:What utter nonsense.

[DamnOregonian]

The network is the wrong layer for security, application availability, isolation and management regimes.

There is both truth, and utter fallacy in this statement. What's worse, is it belies complete ignorance to the topic at hand.

These things can all be handled more effectively in a more application appropriate manner at higher layers.

No, I'm sorry. Network isolation is not better handled at a 'more application appropriate manner' at higher layers.
I think you're speaking for a very application-centric viewpoint, with no idea how data actually gets to you.
I operate a carrier-grade network. As much as I wish all the idiosyncrasies of modern internet traffic and applications allowed for simple routing paradigms, they simply do not.

As we have seen with containers supplanting virtual machines, rise of E2E security, application controlled overlays and supplanting of VPNs the transition is already well underway.

We have seen containers filling in a niche that VMs never did suit very well. They are nowhere fuuuuuucking close to supplanting them, for the same reason. You can't use a container to replace the cases where you need a VM.

supplanting of VPNs

The hell? Most application-layer networks are almost purely virtual now (traveling over things like PBR and VRF substrates).

You can continue to build castle walls, fill the motes with alligators and police your cobblestone roads to your hearts desire but don't pretend there is any future in it.

None of that has anything to do with the reasons those things exist. It's about building a more elegant and capable transport network. Again, I don't think you're employed in the industry that deals with very complicated requirements. I'm jealous. At the same time, I'm not sure I could live with taking a 50% cut in salary and going back to lower-level network engineering.

Re:What utter nonsense.

I have no idea which of you is correct, but the GP is putting together coherent arguments with justifications, and you're just being a jerk and not justifying anything. I thought you should probably know how you're coming across, because if I were creating more heat than light I'd want to know.

Re:What utter nonsense.

[DamnOregonian]

Eek. Is that so?

PBR/VRF are right up there with systems virtualization as band-aids to side step much deeper architectural deficiencies. Complexity in the network is something to be embarrassed about not celebrated.

Is not an argument. It's an unsubstantiated opinion. The world would be a better place if you knew the difference, and people like me would bother trying to put out light rather than heat. I wasn't brought upon this earth to be an idiot's network engineering education, but I've taken it upon myself to call out people with strong opinions about things they don't understand.

Re:What utter nonsense.

[WaffleMonster]

There is both truth, and utter fallacy in this statement. What's worse, is it belies complete ignorance to the topic at hand.

The only service necessary for a network to provide is to get some predefined quantity of packets with some probability of success from point A to point B.

No, I'm sorry. Network isolation is not better handled at a 'more application appropriate manner' at higher layers.

It absolutely is especially across administrative domains. Only packets are not isolated. Data and access to that data using means a heck of a lot more secure then what passes for management plane of most "carrier grade" networks are used.

I think you're speaking for a very application-centric viewpoint, with no idea
how data actually gets to you.

Yes, applications are the only things anyone cares about. Nobody cares about wires and packets nor should they.

When people waste time trying to add "security, application availability, isolation and management regimes" to networks they only get more complex for no reason and as a result the probability of successful delivery of packet from point A to point B is diminished or at least a lot more expensive than it otherwise would given the same investment in capability.

I operate a carrier-grade network.

As much as I wish all the idiosyncrasies of modern internet traffic and applications allowed for simple routing paradigms, they simply do not.

Please don't misunderstand what I'm saying. It's not that if I were in your shoes I would do anything any differently. We all must live within the context of our time. I'm not saying your wrong or course of action isn't rational and logical. It's just that it's architecturally very much a dead end.

We have seen containers filling in a niche that VMs never did suit very well. They are nowhere fuuuuuucking close to supplanting them, for the same reason. You can't use a container to replace the cases where you need a VM.

This is not about someone needing to spin up a VM for some immediate need. It's about WHY they felt they needed to do that in the first place. What was it that they were trying to do? For the most part people want to manage software at higher levels of abstraction than what underlying operating system of single computers would allow. VMs were simply the fastest way to fill that need and get from point A to point B.

Containers are a better step in the right direction of providing what users really wanted in the first place. VM is a temporary wasteful unnecessarily complex modality on the decline as solutions more in line what people really wanted in the first place come online.

None of that has anything to do with the reasons those things exist. It's about

From my simpleton know nothing experience castle defense is the central reason.

Re:What utter nonsense.

[DamnOregonian]

The only service necessary for a network to provide is to get some predefined quantity of packets with some probability of success from point A to point B.

Sure. Absolutely. It's not like you slap "B" on the packet and it magically flies there, amigo.
In the middle, is routing. At its simplest, simply a shortest length prefix match and a next hop. At more complicated levels, distributed switching, VPN/Labeling protocols, layer-4 switching, IPVS/load balancing, anycast routing.

It absolutely is especially across administrative domains. Only packets are not isolated. Data and access to that data using means a heck of a lot more secure then what passes for management plane of most "carrier grade" networks are used.

What? This is nonsensical. Only packets are not isolated? What else is there but packets?
Perhaps the carrier grade networks of the world should employ you, so that you can show us what we're doing so wrong. Last I checked, we keep about 750,000 prefixes and close to 100,000 entirely autonomous networks connected with our shitty control planes.
If I understand you correctly, you propose that as an alternative to protected networks and blocking packets, we should rely on the application? Can you really not see why that is ridiculous and wasteful? It sounds to me like you are proposing that there is no such thing as a secure network. This is beyond stupid.

Yes, applications are the only things anyone cares about. Nobody cares about wires and packets nor should they

Erm... Again, how the fuck do you think the data gets to you?
Do you think high availability and scaling to millions of users comes from simple routing tables running on netgears?
How about office virtualized networks across metro areas (and further)?
You... are killing me, smalls.
When people waste time trying to add "security, application availability, isolation and management regimes" to networks they only get more complex for no reason and as a result the probability of successful delivery of packet from point A to point B is diminished or at least a lot more expensive than it otherwise would given the same investment in capability.

From a simple architectural standpoint, things like "application availability" absolutely must be done at the network layer, unless you've got some serious magic tricks up your sleeves. Computers die, network-based attacks happen at protocol or application layers, networking equipment dies. Oh, I know... We can just use client-side redundancy and have 112,554 A records for a name. That'll work.

Please don't misunderstand what I'm saying. It's not that if I were in your shoes I would do anything any differently. We all must live within the context of our time. I'm not saying your wrong or course of action isn't rational and logical. It's just that it's architecturally very much a dead end.

It isn't though, and you can't back up that assertion.
Complexity is not automatically bad.
KISS doesn't mean make it simple beyond what it takes to do the job. It means do the job as simple as possible. And architecturally, that's largely what we do.
The raw scale of what we must do these days requires magic at the network layer. It's frankly a miracle it's as clean as it is, and it gets cleaner every day. Where once we used dirty VLAN trunking everywhere for network isolation, we now use layer-3 guided label switching (MPLS/VPLS).
If someone wants a private network that I carry around for them, i have VRF.
If I need a machine that can communicate out 6 different networks with different gateways, I have PBR.
The applications have become more demanding than I think you realize.

This is not about someone needing to spin up a VM for some immediate need. It's about WHY they felt they needed to do that in the first place. What was it that they were trying to do? For the most part people want to manage s

Re:What utter nonsense.

Ho ho ho! There's another user in a higher commentthread complaining about how 1,100 VMs on 20 Power8s can take hours to probe with ifconfig.

Hours.

For 55 VMs on one bare metal.

I can only assume that person is blocking for each bare metal machine to complete before starting the next. Otherwise it means more than two minutes per VM. To run ifconfig. Which is a degree of shitscripting that's hard to imagine. But hey, anything can be written badly! Maybe that person is ... uh ... blocking on file writes, and writing character by character halfway across the globe? No, envelope math says that'd still be too fast... yeah I don't even know.

Re:What utter nonsense.

[johnsie]

Ah, you're one of those people who take a simple problem and over-complicate it because you don't know what you're doing. Then you go on about how complicated your messed up solution is. I know a lot of IT guys and developers who do similar. Standards exist for a reason, and if people actually read up on things and did proper planning instead of just trying to do it their own blindly screwed up way then they wouldn't end up with a big mess.

Re:What utter nonsense.

[DamnOregonian]

No. I'm one of those people who builds the networks that all of your services run on today, while you man a help desk in Wisconsin and opine on slashdot about things out of your league.
Standards to exist for a reason. Please cite the ones violated, here ;)

Re:What utter nonsense.

[WaffleMonster]

At more complicated levels, distributed switching, VPN/Labeling protocols, layer-4 switching, IPVS/load balancing, anycast routing.

None of this is necessary for packet forwarding. These things are all band-aids to make up for fundamental deficiencies in application stacks.

Perhaps the carrier grade networks of the world should employ you, so that you can show us what we're doing so wrong.

What did I say you were doing wrong?

Erm... Again, how the fuck do you think the data gets to you?
Do you think high availability and scaling to millions of users comes from simple routing tables running on netgears?

I've always assumed a bunch of expensive routers with power hungry TCAMs and smart people to manage physical topology and TE.

How about office virtualized networks across metro areas (and further)?

Why are they virtualized? Is virtualization necessary to move packets? Or is it done to give people their own private wire?

Last I checked, we keep about 750,000 prefixes and close to 100,000 entirely autonomous networks connected with our shitty control planes.

Only 61k with anything to announce. I'm not sure what makes this relevant. When I said management I was talking about operators managing their networks not pulling a full table from external networks.

If I understand you correctly, you propose that as an alternative to protected networks and blocking packets, we should rely on the application?

Network security is not only "ridiculous and wasteful" it's harmful and dangerous because footholds are too easy to attain. As a result when you rely on the network for protection all an adversary has to do is drill one tiny hole thru your castle wall and gooey center of unprotected systems is theirs for the taking.

Contrast that with systems that simply ignore message without the proper cryptographic signatures. In this case having access to the network wins you nothing.

Can you really not see why that is ridiculous and wasteful? It sounds to me like you are proposing that there is no such thing as a secure network. This is beyond stupid.

No, yet I can see why relying on "network security" is in fact dangerous, ridiculous and wasteful.

From a simple architectural standpoint, things like "application availability" absolutely must be done at the network layer, unless you've got some serious

Only shitty ones that were not architected for horizontal scaling and redundancy in the first place. Distributed systems generally have some kind of director responsible for managing access to resources and minimizing effects of failures occurring within a "string" group.

magic tricks up your sleeves. Computers die, network-based attacks happen at protocol or application layers, networking equipment dies. Oh, I know... We can just use client-side redundancy and have 112,554 A records for a name. That'll work.

DNS is a reasonable example of a distributed application with redundancy baked in. SMTP and HTTP are common examples of epic fail in this regard which is just awesome for everyone in the business of selling load balancers.

It isn't though, and you can't back up that assertion.
Complexity is not automatically bad. KISS doesn't mean make it simple beyond what it takes to do the job. It means do the job as simple as possible

If someone wants a private network that I carry around for them, i have VRF.
If I need a machine that can communicate out 6 different networks with different gateways, I have PBR. The applications have become more demanding than I think you realize.

In a world where applications are properly designed your L4/VPN/load balancing/VLAN/*** alphabet soup would be redundant and pointless. There would be no be

Re:What utter nonsense.

[DamnOregonian]

This can all be boiled down to, "If everyone only accepted packets from those they trust, and applications were infinitely secure, there would be no need for advanced routing methodology!".
I can now say with absolute confidence that you are not a network engineer, or even very knowledgeable on the topic.

DNS is a reasonable example of a distributed application with redundancy baked in. SMTP and HTTP are common examples of epic fail in this regard which is just awesome for everyone in the business of selling load balancers.

Funny you mention that, since the DNS infrastructure is nothing but a massive mix of anycast routing and load balancers. DNS isn't inherently distributed at nearly the scale it needs to be to handle this many users. We did that for you, at the network layer. You're welcome. Furthermore, unless you're talking about turning it into some insane global torrent like reachability hash with terrible reachability heuristics, that isn't set to change any time soon.

If only parking lots were suitably engineered, we wouldn't need stop lights, onramps, freeways, or anything else.

No, I'm sorry. You're flat out wrong.
The problem with all of your musing, is that it's simplified to the point of impossibility- possibly absurdity. It ignores the reality of the system for the sake of idealism. "If only it were more ideal, then I'd be right!"

It never has been, and it never will be. I'm sorry. This is no longer an applied discussion, it's a philosophical one, on par with a religious debate.

Re:What utter nonsense.

[WaffleMonster]

This can all be boiled down to, "If everyone only accepted packets from those they trust, and applications were infinitely secure, there would be no need for advanced routing methodology!".

Managing trust isn't effectively feasible at the network layer. It requires higher level context only available at higher layers of the stack.

Given the fact absolutely nothing is "infinitely secure" my assertion is limited to the observation spending resources securing applications provides a higher ROI than wasting them on fools errand that is "network security".

Funny you mention that, since the DNS infrastructure is nothing but a massive mix of anycast routing

Route optimization is a basic feature of network routing. If a given point "B" has multiple possible endpoints it is the job of the network to pick the best path to the best endpoint no different than selecting best path to a single endpoint.

and load balancers.

The reason why there are only a dozen root servers was due to packet size constraints and management concerns with lack of automated update mechanism for root lists. It was a shitty design from the start. DNS also lacks defined functionality to effectively persistently monitor status of redundant pointers.

DNS is however a good high level example even though nuts and bolts of implementation is a bit crummy.

Furthermore, unless you're talking about turning it into some insane global torrent like reachability hash with terrible reachability heuristics, that isn't set to change any time soon.

I was never fond of bit torrent. On more than one occasion I was modded to oblivion by poking fun of it mostly on grounds it was too transparent and that transparency was a lightning rod for damaging political pressures on the Internet.

Yet I do remember being very impressed with some snazzy locality shit making it in to the point that you would end up being best buddies with people on or near you from ISP/network perspective. There were also efforts out of the IETF such as ALTO (RFC7285) to provide applications with topology data so they can make better decisions.

If only parking lots were suitably engineered, we wouldn't need stop lights, onramps, freeways, or anything else.

In a distant future where all driving is automated you can do a lot that isn't possible today. Strings of vehicles can draft each other in close formation to significantly reduce energy utilization. Traffic lights may well not exist as vehicles weave thru intersections in ways that would be suicidal to human controlled vehicles. Yet things like freeways are topological connecting distant population centers so I wouldn't expect it to change very much but who knows.

No, I'm sorry. You're flat out wrong. The problem with all of your musing, is that it's simplified to the point of impossibility- possibly absurdity.

There is nothing simple about any of it. Complexity isn't just vanishing into thin air it is being moved from general domain of network infrastructure to the application domain where more opportunities exist to address concerns in a more efficient domain specific manner that would not otherwise be feasible with general purpose network based solutions.

It ignores the reality of the system for the sake of idealism. "If only it were more ideal, then I'd be right!"

Nothing is being ignored. Things are just being moved to where concerns can be more optimally leveraged.

It never has been, and it never will be. I'm sorry. This is no longer an applied discussion, it's a philosophical one, on par with a religious debate.

Whether you like it or agree with it the transition is already underway.

After the systemd fiasco...

[QuietLagoon]

... I've pretty much resigned myself to the fact that Linux is no longer a part of the UNIX family, that I now have to write scripts separately for my Linux boxen. So I'd say that I am OK with breaking nearly every script I've written in Linux in order to stay current with the direction being set by the Linux community.

Re:After the systemd fiasco...

For a fiasco systemd is working pretty darned well. I'm even willing to call it 'clean'. And yes, I work with it daily.

Re:After the systemd fiasco...

[jythie]

Well yes, systemd was intended to cater to a different set of users and use cases than the old system, so of course it 'worked well', or was 'a fiasco', depending on what one was doing.

Re:After the systemd fiasco...

[QuietLagoon]

...For a fiasco systemd is working pretty darned well. ...

For me, it is still unable to perform clean shutdowns. At least the filesystem has journaling to help recover from systemd's problem.

Re:After the systemd fiasco...

[PrimaryConsult]

For me, it is still unable to perform clean shutdowns. At least the filesystem has journaling to help recover from systemd's problem.

Funny you should say this, because RedHat now has systemd with xfs as the filesystem. And for some reason xfs likes to pretend it's written data when it hasn't, a lot more so than ext4 ever did. So, if an unclean shutdown occurs during a massive file op, such as a yum update, you end up with a seriously broken system with a bunch of 0 byte files in place of major libraries and binaries.

Re:After the systemd fiasco...

[HanzoSpam]

The original attraction of Linux was that it was a cheap and easy way to run a Unix-like system. If we no longer have need of cheap and easy Unix-like systems, why stop with just replacing some of the commands? Start from scratch and design a whole new os. There's plenty of Unix baggage I'd be glad to be rid of before I got around to init, route and ifconfig.

Re:After the systemd fiasco...

[countach]

Starting from scratch is really really hard.

Re: After the systemd fiasco...

Do we really have to start from scratch tho? There's a lot of open code out there and a lot of people/resources who are willing to put the work in.

Re:After the systemd fiasco...

But you no longer need to start from scratch. You have Freely licensed kernels, init systems, userland utilities, compilers, editors, etc. There is even great documentation on how to glue it all together.

But... what is gonna hurt time and effort wise, is keeping it all working, keeping it all up to date security patch wise, working with new stuff as it comes out, etc.

Redhat and circular RPM dependencies pissed me off in '99. I did a LFS system, then keeping that up to date and working and secure was a pain, then Gentoo appeared. Some automation! Then after getting sick of rebuilding all of X for new 3d drivers, I went to Debian and Debian based distributions and have been happy since.

Re:After the systemd fiasco...

[DamnOregonian]

Haven't experienced this. I directly manage about 150 linux servers (and more VMs)
I'd say we're up to about 40% RHEL7 (xfs + systemd), the rest RHEL6.

I have noticed that recovery with xfs is a fucking nightmare, but I haven't noticed it being more frequent than with ext4. Are you sure you don't have some poorly thought out caching enabled, like write-back?

Re:After the systemd fiasco...

Well yes, systemd was intended to cater to a different set of users and use cases than the old system, so of course it 'worked well', or was 'a fiasco', depending on what one was doing.

I was doing work.

Re:After the systemd fiasco...

[jythie]

Both sides were doing work, just not the same work.

Re:After the systemd fiasco...

[PrimaryConsult]

Just went with the defaults. ~600 VMs. Ext4 I recall would have maybe 5-6 files corrupted during an interrupted update. With XFS there were so many that the only solution was to use the update logs from the bad system (to see how far yum thinks it got), then make a tar of those files from a system that updated properly, then untar them over / on the screwed up system.

As for why I had so many interrupted updates, with 600 VMs every so often one of the handful clustered with a fencing agent would accidentally be updated without having been first put into maintenance mode. Its buddies then force power cycled it when the clustering packages were being updated, therefore guaranteeing that the most likely time the server would have an abrupt power cycle would be during a yum update.

Re:After the systemd fiasco...

[DamnOregonian]

Most likely my unclean shutdowns weren't so predominantly during updates like yours were. That's good to know, though.

Re:After the systemd fiasco...

... you end up with a seriously broken system with a bunch of 0 byte files in place of major libraries and binaries.

Which is great for Red Hat business model (selling support). Ka-ching!

Never fully trust anyone who is to profit from your misery. Be wary of those who stand to profit from your benefit, too, because positive feedback loop also works against you if you fail to reach a threshold.

Re:After the systemd fiasco...

Definitely this. RHEL7 is a disaster for my company's admins, with regular hangs on reboot when NFS appears to time out, and a number of the XFS zero byte issues being seen. Thankfully the kickstart servers set up during the OEL6 stage and associated Business Unit scripts has reduced the time a server is out of commission to less than a day.

Poettering can go hang for the damage he has directly caused to the ~40,000 systems that I help to admin.

Well, I'd bitch about it

but then I know very well that I in all likelihood won't sacrifice too much time to write a better implementation, so I may as well shut up and use what other people have done. Until such time that I make something better.

Deprecated is the name

If new features are only available to new tools, we keep maintaining the old tools in deprecated status. But we should never break things. Have a look at Java. Runs with backwards compatibility. We should really continue to support ifconfig until nobody uses it anymore.

Who's Linux Paleface?

[Maltheus]

Not on my Linux. Gentoo will have this stuff around forever. Still using OpenRC too without a hiccup. Bit of a pain to keep up-to-date, but it always does what I want, with no talking back.

Re:Who's Linux Paleface?

[gweihir]

...but it always does what I want, with no talking back.

And that is just the thing: Once you are an actual system administrator and not just a glorified user with delusions, this is priceless.

The dislike of support work

[petes_PoV]

In theory netstat, ifconfig, and company could be rewritten to use netlink too; in practice this doesn't seem to have happened and there may be political issues involving different groups of developers with different opinions on which way to go.

No, it is far simpler than looking for some mythical "political" issues. It is simply that hackers - especially amateur ones, who write code as a hobby - dislike trying to work out how old stuff works. They like writing new stuff, instead.

Partly this is because of the poor documentation: explanations of why things work, what other code was tried but didn't work out, the reasons for weird-looking constructs, techniques and the history behind patches. It could even be that many programmers are wedded to a particular development environment and lack the skill and experience (or find it beyond their capacity) to do things in ways that are alien to it. I feel that another big part is that merely rewriting old code does not allow for the "look how clever I am" element that is present in fresh, new, software. That seems to be a big part of the amateur hacker's effort-reward equation.

One thing that is imperative however is to keep backwards compatibility. So that the same options continue to work and that they provide the same content and format. Possibly Unix / Linux only remaining advantage over Windows for sysadmins is its scripting. If that was lost, there would be little point keeping it around.

Re: The dislike of support work

so you change the script. thats the beauty of scripts. and not one limited to unix/linux.

Re:The dislike of support work

[jythie]

Unfortunately, backwards compatibility has always been a weakness in OSS and has been getting worse over the years. I am actually reluctant to suggest linux to small teams now if they look like they are going to be up and running for a long time, the cost of keeping 'up to date' gets too high and you have to keep devoting development time to rewriting stuff that already worked or replace entire subsystems because some devs went 'we are doing cool stuff in our next version which breaks everything! but you all run from source anyway, right?'

Re: The dislike of support work

[RabidStoat]

I suspect people have more important things to be doing than changing scripts for new utilities arriving. It wouldn't be so bad if they left the old utilities in place, but when they start removing them or not installing them in the first place it just creates more work than i suspect the new utility will ever save.

Re:The dislike of support work

[TheRaven64]

No, it is far simpler than looking for some mythical "political" issues. It is simply that hackers - especially amateur ones, who write code as a hobby - dislike trying to work out how old stuff works. They like writing new stuff, instead.

I suspect it's partly that, but also that companies like Red Hat make money from training, so like obsoleting old tools and the developers who care about the Principle of Least Astonishment have long since moved on from Linux to other systems.

Re:The dislike of support work

[AJWM]

This. Ever so much, this.

The other part of that is that a relative newbie looks at the source for the old tool, sees all kinds of stuff in there, assume it's cruft, and decides he can write a simpler, cleaner tool. So he does.

Then he finds out it doesn't deal with all the corner-cases that the original tool, with its "cruft", did. And goes on to write cruft of his own.

(Which isn't to say that newbies can't make improvements...but that's generally not the way to bet.)

Re:The dislike of support work

[gosand]

One thing that is imperative however is to keep backwards compatibility. So that the same options continue to work and that they provide the same content and format. Possibly Unix / Linux only remaining advantage over Windows for sysadmins is its scripting. If that was lost, there would be little point keeping it around.

*starts molding the tinfoil*
That surely couldn't be intentional now, could it?

Re:The dislike of support work

[DamnOregonian]

iproute2 exists because ifconfig, netstat, and route do not support the full capabilities of the linux network stack.
This is because today's network stack is far more complicated than it was in the past. For very simple networks, the old tools work fine. For complicated ones, you must use the new ones.

Your post could not be any more wrong. Your moderation amazes me. It seems that slashdot is full of people who are mostly amateurs.
iproute2 has been the main network management suite for linux amongst higher end sysadmins for a decade. It wasn't written to sate someone's desire to change for the sake of change, to make more complicated, to NIH. It was written because the old tools can't encompass new functionality without being rewritten themselves.

Re:The dislike of support work

[mvdwege]

Too bad it's the old tool that doesn't deal with corner cases. Just one example: multiple IPs on one interface. ifconfig can't handle that at all, except by creating aliases. On modern deployments, especially with virtualisation, that happens to be not even a corner case, but essential functionality.

Re:The dislike of support work

[drinkypoo]

Aliases were an efficient way to handle that problem (and others), and you could always bridge them together if you needed to.

Re:The dislike of support work

the old tools can't encompass new functionality without being rewritten themselves.

lol k

Re:The dislike of support work

So much this. All I see are a bunch of people that have obviously never administered a large or busy system. Netstat is so slow on busy systems that most connections will have ended long before you get the output. SS is so much faster on a busy system that it is mind blowing.

So go ahead, keep using your old and crappy tools on the nearly idle systems you are used to, I'm not going to stop you, in the meantime the rest of us will have moved on to using the newer tools that actually let us do our job on servers that are actually being used.

bogus

How long does it take? Most of use use multi core system with lots of memory. It takes forever to load even 'simple' administrative and access /proc. So what? That is your argument? Save a few microseconds. I don't think in microseconds so I find the author's statement bogus. Return to ipconfig, which wasn't the best thing, I find ip not that good either. Many new tools are overkill for little use. It's like some programer has too much time on his hands. Go find a girl or boy friend and get a life. I find linux at the administrative level become as unnecessarily complex as Window and MacOS which is why I switched to linux. Now I might as well switch back. Complex can be the doom of an OS.

Yeah, stupidity.

That and that they work and are solid. In the systemd era tons of totally unneeded buggy features tops all.

So windowification (making it incompatible)

[CraigCruden]

So basically there is a proposal to dump existing terminal utilities that are cross-platform and create custom Linux utilities - then get rid of the existing functionality? That would be moronic! I already go nuts remoting into a windows platform and then an AIX and Linux platform and having different command line utilities / directory separators / etc. Adding yet another difference between my Linux and macOS/AIX terminals would absolutely drive me bonkers!

I have no problem with updating or rewriting or adding functionalities to existing utilities (for all 'nix platforms), but creating a yet another incompatible platform would be crazily annoying.

(not a sys admin, just a dev who has to deal with multiple different server platforms)

Re:So windowification (making it incompatible)

[thegarbz]

That would be moronic

Why? Since when was Linux's core tenant to be cross platform? Linux is Linux. GNU utilities were ported to it, hurray, but it's still separate from Unix. If you want to run Unix, run Unix.

Re:So windowification (making it incompatible)

Don't worry, it'll get integrated into systemd and Poettering will shove it down everyone's throats again.

Re:So windowification (making it incompatible)

[drinkypoo]

*tenet

Linux is Linux. GNU utilities were ported to it, hurray, but it's still separate from Unix.

Linux's Unixlike nature is what attracted people to it to begin with, that and its license. It's Unixness is what made and makes it great, not just allowing it to interoperate with other Unixlikes efficiently but also granting it a substantial library of software written on those systems.

If you want to run Unix, run Unix.

If I wanted to run UNIX(tm), I would do so. But pretending that being a Unixlike isn't part of Linux's reason to exist is balderdash.

Re:So windowification (making it incompatible)

> If you want to run Unix, run Unix.

There is no more Unix* - it's effectively dead. All we have left are bastard children (AIX, HP-UX, Solaris), and Unix(TM)-branded clones like MacOS.

(*by 'Unix' I am referring to the original OS you buy from AT&T)

To each his/her own

[OneHundredAndTen]

The reasons that he puts forth are hardly convincing - the first one being downright laughable: if the commands are poorly written, rewrite them. This aside, the truth is that Linux is distancing itself more and more from its Unix roots. Many obviously like this. Others, like me, don't. We still have the BSDs, so there is a fallback. However, the scenario is already looming in the horizon in which if the choice comes down to Linux or Mac, the latter will be preferable even if one has to pay.

Re:To each his/her own

[drinkypoo]

I would like for a simple, candy-coated OS based on Linux to exist, so long as it remains trivial to install a sanely Unixlike userland. I am tired, however, of continued attempts to dumb down my server-class OS.

Re:To each his/her own

By "dumb down" you mean using ifconfig which is a dumbed down tool for configuring the network compared to ip?
There is certainly a class of admins that might need the dumbed down ifconfig as they don't really grasp how networking works since ~1999 when iproute2 was written.

Output for 'ip' is machine readable, not human

All output for 'ip' is machine readable, not human.
Compare
$ ip route
to
$ route -n

Which is more readable? Fuckers.

Same for
$ ip a
and
$ ifconfig
Which is more readable? Fuckers.

The new commands should generally make the same output as the old, using the same options, by default. Using additional options to get new behavior. -m is commonly used to get "machine readable" output. Fuckers.

It is like the systemd interface fuckers took hold of everything. Fuckers.

BTW, I'm a happy person almost always, but change for the sake of change is fucking stupid.

Want to talk about resolvconf, anyone? Fuckers! Easier just to purge that shit.

Re:Output for 'ip' is machine readable, not human

[thegarbz]

It is like the systemd interface fuckers took hold of everything. Fuckers.

Actually it's like the exact opposite. The biggest complaints about systemd is that its output and that of the journal are parseable by humans and not machines.

Re:Output for 'ip' is machine readable, not human

All output for 'ip' is machine readable, not human.
Compare
$ ip route
to
$ route -n

Which is more readable? Fuckers.

Same for
$ ip a
and
$ ifconfig
Which is more readable? Fuckers.

The new commands should generally make the same output as the old, using the same options, by default. Using additional options to get new behavior. -m is commonly used to get "machine readable" output. Fuckers.

It is like the systemd interface fuckers took hold of everything. Fuckers.

BTW, I'm a happy person almost always, but change for the sake of change is fucking stupid.

Want to talk about resolvconf, anyone? Fuckers! Easier just to purge that shit.

Here! Here!

Re:Output for 'ip' is machine readable, not human

[Carewolf]

Well these "new" commands are a lot older than systemd, so don't blame it on systemd. If there is any causality it has to be the other way.

Re:Output for 'ip' is machine readable, not human

[DamnOregonian]

These "new" commands are, I hope, older than most of the asshole commenting on this thread.
If they aren't, then we're forced to face the simple fact that one of the most Linux-savvy technical commentary sites (or so I thought) is actually populated by people who have no fucking idea what they're doing, and are seemingly unaware of that fact.
iproute (and then iproute2) has been in development, and included in all major distributions since the mid 90s.
Over time, distribution ifup/ifdown architectures have been slowly moving their functionality over to it, for obvious reasons (RTNL interface is easier to extend than the bullshit IOCTL/proc interface that net-tools use, thus iproute/iproute2 was maintained and extended to use newer features of the OS, while net-tools were not)
These commands aren't new, a lot of people just didn't know that the replacement was happening beneath them while they played with their familiar lego blocks.

Re:Output for 'ip' is machine readable, not human

[mishehu]

Crap, even Slackware is in the process of migrating everything to iproute2 for system scripts. And I don't get all the naysayers' moaning: I find the syntax/grammar of iproute2 to be highly logical and understandable. I might not do a lot of the high level networking stuff that you do, but I've done enough over the years to understand what you're saying and why what you say makes sense.

Never break userland.

[drolli]

Do it like it is done correctly:

Leave the old interfaces/tools in, including their inefficiency. If you dont like to haven these in your special kernel, the proc filesystem can be disabled......

For those systems which need something more efficient (i suppose things involving heavy use of containers or virtualization), use the new interfaces.

This worked well for a lot of things up to now in linux.

Re:Never break userland.

Coming from another system (illumos/Solaris background):

Nothing wrong with making a new tool that works better. Even better, when you can, either also improve the old tool (such as making it use a faster or more efficient underlying API), or make the new tool offer a "compatibility mode". For example, the "ip" command could notice that when it is called like "ifconfig" it should attempt to behave like old ifconfig. (You can even use this as an opportunity to alert the user that they're using an older interface.)

Linux (and many of millenials who are now its widest user base) have no grasp on the value of interface stability. It flies in the face of "agile". (Move fast and break things is *not* a positive value unless you're building missiles or bullets.)

Command line programs present a user *INTERFACE* (and for CLI programs, they may even present a *PROGRAMMING INTERFACE*.) If you write scripts to parse output, or pass command lines, guess what, that's an API. APIs need to be "stable', or versioned where stability needs more flexible management.

I'm sure the youngsters today scoff at my cruftiness and age, but hey, build the underlying systems that people are still using today. Maybe the fact that UNIX and its brethren have survived for so long might serve as an indication that at least some of us knew what the f we were doing.

Linux' userland is UNSTABLE !

[SigmundFloyd]

I'm growing increasingly annoyed with Linux' userland instability. Seriously considering a switch to NetBSD because I'm SICK of having to learn new ways of doing old things.

For those who are advocating the new tools as additions rather than replacements: Remember that this will lead to some scripts expecting the new tools and some other scripts expecting the old tools. You'll need to keep both flavors installed to do ONE thing. I don't know about you, but I HATE to waste disk space on redundant crap.

Re:Linux' userland is UNSTABLE !

I was agreeing with you until you mentioned NetBSD. Now I know you're just trolling.

Re: Linux' userland is UNSTABLE !

[Bing+Tsher+E]

They mentioned NetBSD in the second sentence. It's you who is trolling.

Re:Linux' userland is UNSTABLE !

[thegarbz]

because I'm SICK of having to learn

Ironic for a Linux users.

Re:Linux' userland is UNSTABLE !

[mvdwege]

Do you have any idea how old iproute2 is? Idiot.

Re:Linux' userland is UNSTABLE !

[DamnOregonian]

No. Fucking. Shit.
This article commentary blows me away. I had no idea the level of Linux ignorance on this site was this damn high.

Re:Linux' userland is UNSTABLE !

I had no idea the level of Linux ignorance on this site was this damn high.

It has been obvious for some time. See the comments whenever "systemd" is mentioned: lots of assuming how things work where in reality they work quite differently.

Or even here: people blaming systemd for iproute2...

Lots and lots of clueless people that learned Linux from some outdated tutorial 10+ years ago and don't want to learn anything new (or even correct the stuff they learned wrong).

Re:Linux' userland is UNSTABLE !

[SigmundFloyd]

Hello, dickhead! Iproute2's age has got nothing to do with breaking existing convention with new tools, so work on your substandard reading comprehension and go fuck yourself.

Re:Linux' userland is UNSTABLE !

[mvdwege]

Iproute2's age has got nothing to do with breaking existing convention with new tools

(Emphasis mine)

Wow. Wrong within one sentence. You really are an idiot.

Re:Linux' userland is UNSTABLE !

Iproute2's age has got nothing to do with breaking existing convention with new tools

Keep digging little man. To quote GP: so work on your substandard reading comprehension and go fuck yourself.

Captcha: flamed (LOL)

Piss and vinigar

[fluffernutter]

What pisses me off is when I go to run ifconfig and it isn't there, and then I Google on it and there doesn't seem to be *any* direct substitute that gives me the same information. If you want to change the command then fine, but allow the same output from the new commands. Furthermore, another bitch I have is most systemd installations don't have an easy substitute for /etc/rc.local.

Re:Piss and vinigar

[DamnOregonian]

ip -s addr
I'll grant you it's definitely not as visually appealing as ifconfigs output.
BTW, RHEL7 uses systemd... and /etc/rc.local works just fine. You have to set it executable first, though.
It's execution is provided for by the rc-local.service unit.

Re: Piss and vinigar

[fluffernutter]

Thats great, but why wouldnt they just create a blank executable? its really hard to find that info with google. Furthermore, the first few distros i encountered systemd on (debian based) did not have a service file for it pre-configd. in fact i dont use redhat.

Re: Piss and vinigar

[DamnOregonian]

They in this instance is between you and your distribution maintainers.
As I've stated many times, iproute is a very old package. It's from 1996. It was never made to supplant anything. It was only through literal decades of neglect on the part of the net-tools maintainers that distributions started switching over to iproute2.
iproute2 doesn't try to emulate net-tools behavior, because it was never designed to be a replacement. It was simply designed to be a tool that handled all the functionality of the RTNL interface.

Re: Piss and vinigar

[DamnOregonian]

At least in Ubuntu, the rc-local.service unit exists. It's enabled by default, but you have to create /etc/rc.local and mark it executable.
It's been a while since I used debian proper, so I don't know if that's the case that... But I suspect the unit file is probably part of the default systemd distribution.

^^this here

[knoledgesponge]

n/a

Denying ICMP echo @ server/workstation level too

Also reasons for 'beefing up' existing tools too = possible (stops ping detection & of course, also traceroutes). Windows has settings in the registry for it, & thus, since most all IP stacks = BSD derived, I'd wager Linux & other *NIX have analogous settings for it (& you can BET malware makers/botnet herders use it so a ping -a w 1 doesn't pick up on them saying they are 'dead' etc. on reverse DNS resolution that way).

* Doable in IP stack parameterization for initialization & behavior... & you do NOT need a firewall for this (search ICMP echo in a windows registry) RIGHT DOWN TO THE ENDPOINTS no less (in addition to firewall (software/hardware) blanket redundant methods).

APK

P.S.=> I agree w/ you on Techs/pure coders NOT knowing that end of things (or security really) - but it takes TIME to get that under your belt imo & experience... apk

get off my lawn

...i like these tools

Poor reasoning

As for the efficiency issue of netlink vs. /proc, that has nothing whatsoever to do with the user interface. The implementation of the traditional tools could change and nobody would notice or care.

The problem of scripts parsing command output is a moot point too. Ok, so I have a script that parses the output of ifconfig. If the output has to change, there can either be a new tool or ifconfig itself changes. Either way, my script has to be changed. But slightly changing an existing tool will be far less disruptive on the whole.

This blog post, and the decision to switch to different utilities, is simply wrong. It was an objectively bad choice. But that's Linux for you these days.

Re:Poor reasoning

[Hognoxious]

If the output has to change, there can either be a new tool or ifconfig itself changes. Either way, my script has to be changed.

Yes. I mean it would be mathematically impossible to introduce a new tool and leave the old one there too.

Re:Poor reasoning

[DamnOregonian]

As has been the case since about 1996. You had time to learn.
That aside, net-tools is still installable in every distribution that no longer installs it by default.

Mod up

[ArchieBunker]

Wish I had mod points for this one. You nailed it.

Re:Mod up

[Darinbob]

Same here, already posted so I can mod.

I think there's a new generation that sees "linux" as it's own thing, and not as a unix clone. Never mind hordes of recently minted devs who want to help out however they can even if they don't know the best way to help out.

For a simple to use system that is easy enough to install and get going, Linux is good. But if I ever ended up having to admin systems, muck with the kernel, or do some application development, a BSD would be better in so many ways.

One convert to the ss train

[lorien420]

I thought that ss was silly until I actually needed its extended features. There's no way to add that stuff to the output of netstat without breaking everybody that depends on netstat. I still find myself writing `netstat -lanp` out of habit, but when I see that the queue sizes are missing I remember and do something like `ss -tanp` instead. This is definitely one of those cases where you're blind to what you're missing until you play around with it.

Re:One convert to the ss train

[PPH]

I'll bet that a smart developer can build a utility that can read either /proc or netlink sockets and provide output to satisfy the users of either. One could switch the personalities of such a utility with a command line switch. Or even based on the executable name used to call it.

Or ..... you could just support both, let users choose and just shut the hell up. Much like people who are stuck with systemd, but just use it to call init.d bash scripts. Undoubtedly, that will cause some fanbios to sperg out. No problem. The show is fun to watch.

linux diverging, let it go

[radux]

Linux is diverging, like AIX and other's. It seems like a natural progression. Switched to FreeBSD a few years ago. Felt like coming home after a bad road trip.

Forced to agree & what do I suspect? apk

See subject: I'm recently returned to Linux (1st was 1994 Slackware 1.02, sucked - next was Redhat 1999, sucked, next 2010 on KUbuntu 10.10 got pretty good, now KUbuntu 18.04 fully patched = NICE & fairly stable/solid but, Plasma does OCCASIONALLY "hang" & I've noted what really causes it (long waits on LARGE files, I work in them a LOT & I think it's more ext4 journalling than anything based on that).

* I.E. - It's NOT really the KDE Plasma desktop 'crashing', but I was impatient a few times & shut it down improperly (pulled plug, lol) & had to do fsck /dev/sda(x) @ startup a couple times...

(Eventually, I learned to WAIT a bit sometimes but Windows NTFS, which iirc, is ALSO "journalling" for rollback on error like ext4, isn't "like that" lag-wise w/ HUGE files (300mb & up string processing here) - it's instant almost (better cache & commit delay?)).

APK

P.S.=> Still, I am on Linux & FINALLY imo? It is "THERE" & the dev tools I use now are too (FreePascal & Lazarus) - I'm going to test a BSD (most likely PC-BSD w/ KDE) to port this soon (past Windows & Linux already working) https://linux.slashdot.org/comments.pl?sid=12157004&cid=56683552/ ... apk

Re:Forced to agree & what do I suspect? apk

[Jerry]

When (IF) you install Kubuntu agian use Btrfs as your root filesystem.

Technically has been going on 25+ years?

I've been using linux off and on since 96, running it part time since 97, then full-time since '99. During that time Linux's commands have never been 'unix', they have *ALWAYS* been unix-like. Even ifconfig didn't match the output of bsd ifconfig for instance. It was *CLOSE* but you always had to cater to the gnuisms of linux interfaces, including /proc. Things got better for a few years in the early '00s when making sure linux met POSIX compatibility was a big focus, but first there was some utility I forget, then ipchains, then iptables, and now we're looking at npf or something for firewalls, while simultaneously sort-of support BSD-like pf scripting. Sorry if I am getting some of these names/details wrong. I have mostly picked a set of interfaces that are supported by the distros I run and standardized on them. The ip tool allows access to certain things ifconfig does not, but if you are just trying to make quick and dirty network changes to test things out, ifconfig wins hands down. The biggest issue with ip in my experience is documentation however. If I don't have a system with network access, trying to sort out what proper ip command syntax REALLY is, compared to the limited syntax description it provides in the ip help/manpage is often really taxing, and only by reading online does some of the error messages or more advanced syntax make sense. Most of these same complaints apply to systemd, lxc, docker, etc, including the kernel interfaces they rely on.

Personally, while I still use linux as my primary desktop OS, I have been looking to migrate for quite a while. The only thing still holding me to it is driver support, but since most of the hardware I trust and rely on is approaching 10+ years old I am finding less and less need for linux to retain support for software, outside of OpenCL/Cuda/Vulkan and a few ancillary features. If every once of my systems had 16+ gigs of ram and the desktop handled everything for me, maybe I would change my tune. But if that were the case, why wouldn't I simply be running windows? It provides the same level of security as something you don't understand intimately and since that continues to be what commercial Linux distribution leaders seem to want to turn linux into, who are we to argue with them? Linux, despite its small share of the front-end market, has become a victim of its own success. And with things like Spectre and Meltdown, the arguement of Monolith vs Microkernel has been settled, even if the software development resources haven't been reallocated yet.

Re: Denying ICMP echo @ server/workstation level t

[Bing+Tsher+E]

Linux has one of the few IP stacks that isn't derived from the BSD stack, which in the industry is considered the reference design. Instead for linux, a new stack with it's own bugs and peculiarities was cobbled up.

Reference designs are a good thing to promote interoperability. As far as TCP/IP is concerned, linux is the biggest and ugliest stepchild. A theme that fits well into this whole discussion topic, actually.

Funny you should say that....

I've had at least four ubuntu/debian/devuan installs hosed thanks to ext4 root filesystems in the past 2 years over exactly that sort of situation. The combination of a seagate hard drive and ext4 specifially leads to massive filesystem corruption when the drive overheats and apparently somehow drops files or corrupts metadata. If the filesystem is in readonly mode and you copy them off, they will show up fine, but if you reboot, fsck will hose the metadata and leave you with almost the entire filesystem in lost+found instead of its proper locations. A lot of the directory names won't align with the filesystem contents either.

apt-get updates seems to affect it even more, but since the system is already hosed by the time it's happened, it is hard to provide a bug report on it, since it requires a very specific set of conditions to trigger.

The key points though are: using ext3 with data=ordered doesn't seem to exhibit the same issues. ext2 as long as you fsck every boot doesn't seem to exhibit it. But ext4 in either data=ordered or data=journal mode seems to exhibit this issue pretty consistently. As a result of it, seagate hdds are on my shitlist, as has ext4, which has any performance or filesystem space benefits offset by its apparently far inferior level of reliability.

As to xfs: Much like jfs the recovery tools simply aren't there for it imho, which is why I stuck to ext2 for so long, then ext3, and now back to ext3. I just wish they hadn't removed the ext3 filesystem driver, since at least a few times running an ext3 fs on ext4 caused issues thanks to inconsistent filesystem option flags between i386 and x86_64 versions of ext3/ext4 requiring you to manually fix your fstab when switching kernel arches.

Happy Fun Ball Upgrade

[TheRealHocusLocus]

It's not enough to introduce new things, to the possible sound of crickets. Old familiar things must be dragged out of their offices into the street and be publicly lynched.

Number of distributions is irrelevant.

Number of distributions is irrelevant in all contexts.

They are more functionally compatible then this proposed change.

Let's try hard to break Linux

[what+about]

It does not make any sense that some people spend time and money replacing what is currently working with some incompatible crap.

Therefore, the only logical alternative is that they are paid (in some way) to break what is working.

Also, if you rewrite tons of systems tools you have plenty of opportunities to insert useful bugs that can be used by the various spying agencies.

You do not think that the current CPU Flaws are just by chance, right ?
Immagine the wonder of being able to spy on any machine, regardless of the level of SW protection.

There is no need to point out that I cannot prove it, I know, it just make sense to me.

Re:Let's try hard to break Linux

[thegarbz]

Wow someone is off their meds.

Re:Let's try hard to break Linux

[Kjella]

It does not make any sense that some people spend time and money replacing what is currently working with some incompatible crap. (...) There is no need to point out that I cannot prove it, I know, it just make sense to me.

Many developers fix problems like a guy about to lose a two week vacation because he can't find his passport. Rip open every drawer, empty every shelf, spread it all across the tables and floors until you find it, then rush out the door leaving everything in a mess. It solved HIS problem.

Re:Let's try hard to break Linux

Superb simile. Your post deserves more than +3. This describes so many of the problems with the system design of new Linux bits.

Re:Let's try hard to break Linux

It does not make any sense that some people spend time and money replacing what is currently working with some incompatible crap.

Therefore, the only logical alternative is that they are paid (in some way) to break what is working.

Also, if you rewrite tons of systems tools you have plenty of opportunities to insert useful bugs that can be used by the various spying agencies.

You do not think that the current CPU Flaws are just by chance, right ?
Immagine the wonder of being able to spy on any machine, regardless of the level of SW protection.

There is no need to point out that I cannot prove it, I know, it just make sense to me.

That is exactly what is happening to all OS. Spying. Control.
I am moving back to BSD or LFS

INTERESTING: "Turn me on/Enlighten me" man... apk

See subject & RECENT returnee to Linux https://linux.slashdot.org/comments.pl?sid=12157004&cid=56683706/ as I FINALLY do like it after many times NOT liking it over 24++ yrs. (devtools especially now too are good & that's ME coming from a decades long Windows background in that) & I wasn't aware of THAT factoid (taking you @ your word as honest etc. & I do find it SURPRISING (& non-sensical to an extent - why build from 'scratch' if a 45++ yr. long proven FREELY GIVEN solution exists in the BSD reference design)) but question:

Is there NO way to disable ICMP echo replies in Linux' IP stack @ a configuration/init. level of IP stack settings in Linux?

* Again - I'd actually find THAT surprising to be honest... but, it's your show, & see subject! Good software = HIGHLY flexible/configurable. I find it tough to believe it can't be done in Linux when Windows CAN do it.

APK

P.S.=> It's been a bit of a 'leap' getting used to *NIX type socketry again porting my code for it from WinSock2 to *NIX vs. WinSock 2 @ a programmatic level (for the app I've ported to Linux from Windows already per the link and links it in above) but for the MOST part it's been pretty straight-up (raw socket work too) in code but as far as "config" type work? Hey, turn me on man (I am here to learn more) - thanks! apk

Re: Denying ICMP echo @ server/workstation level t

[Sique]

"Reference design" means that it is used to test the validity of the other design. A design is valid if it works flawlessly with the reference design and has the same responses in all test cases.

Reference design does not mean that the code has to be incorporated somewhere in all other designs.

Re:A deeper problem: 285 Linux distributions!!!

Except it's not 285 ways to do one thing. Most of them are specialized, the others are hobby projects. Who the fuck are you to tell people they can't toy with open source software?

If an app requires version 2.5 of a lib, and another requires 2.4, then install them both. It's been possible in Unix/Linux since, like, forever. If your distro of choice maintainer has no clue how to do that, then the problem is in him or her.

Bsd

Why use BSD style, when BSD is obsolete. Hp-ux is dead, six will die in 5years. Slowlaris is dead, freebsd is ..not used by anyone... I feel very entertained when I see in history netstat...

I don't see the problem

[Stomper_Stoddard]

sudo pacman -S net-tools

Changes for changes sake

[WaffleMonster]

TFA is full of shit.

IP aliases have always and still do appear in ifconfig as separate logical interfaces.

The assertion ifconfig only displays one IP address per interface also demonstrably false.

Using these false bits of information to advocate for change seems rather ridiculous.

One change I would love to see... "ping" bundled with most Linux distros doesn't support IPv6. You have to call IPv6 specific analogue which is unworkable. Knowing address family in advance is not a reasonable expectation and works contrary to how all other IPv6 capable software any user would actually run work.

Heck for a while traceroute supported both address families. The one by Olaf Kirch eons ago did then someone decided not invented here and replaced it with one that works like ping6 where you have to call traceroute6 if you want v6.

It seems anymore nobody spends time fixing broken shit... they just spend their time finding new ways to piss me off. Now I have to type journalctl and wait for hell to freeze over just to liberate log data I previously could access nearly instantaneously. It almost feels like Microsoft's event viewer now.

Re:Changes for changes sake

[AJWM]

You're missing the point.

In these days of blazingly fast CPUs and I/O, cheap memory and cheaper storage space, it was important to re-write logging to use more-compact machine-friendly log files, even at the expense of human readability or easy script parsing.

(And yes, for the impaired, that was sarcasm.)

Re:Changes for changes sake

[rastos1]

The assertion ifconfig only displays one IP address per interface also demonstrably false.

Mhm. I demonstrably tried it over here and indeed ifconfig (from net-tools 2.10-alpha) shows one IPv4 address for interface that has 2 IPv4 addresses. Aren't you talking about interface aliases? That's a different thing.

Re:Changes for changes sake

[DamnOregonian]

TFA is full of shit. IP aliases have always and still do appear in ifconfig as separate logical interfaces.

No, you're just ignorant.
Aliases do not appear in ifconfig as separate logical interfaces.
Logical interfaces appear in ifconfig as logical interfaces.
Logical interfaces are one way to add an alias to an interface. A crude way, but a way.

The assertion ifconfig only displays one IP address per interface also demonstrably false.

Nope. Again, your'e just ignorant.

root@swalker-samtop:~# tunctl
Set 'tap0' persistent and owned by uid 0
root@swalker-samtop:~# ifconfig tap0 10.10.10.1 netmask 255.255.255.0 up
root@swalker-samtop:~# ip addr add 10.10.10.2/24 dev tap0
root@swalker-samtop:~# ifconfig tap0:0 10.10.10.3 netmask 255.255.255.0 up
root@swalker-samtop:~# ip addr add 10.10.1.1/24 scope link dev tap0:0
root@swalker-samtop:~# ifconfig tap0 | grep inet
inet 10.10.1.1 netmask 255.255.255.0 broadcast 0.0.0.0
root@swalker-samtop:~# ifconfig tap0:0 | grep inet
inet 10.10.10.3 netmask 255.255.255.0 broadcast 10.10.10.255
root@swalker-samtop:~# ip addr show dev tap0 | grep inet
inet 10.10.1.1/24 scope link tap0
inet 10.10.10.1/24 brd 10.10.10.255 scope global tap0
inet 10.10.10.2/24 scope global secondary tap0
inet 10.10.10.3/24 brd 10.10.10.255 scope global secondary tap0:0

If you don't understand what the differences are, you really aren't qualified to opine on the matter.
Ifconfig is fundamentally incapable of displaying the amount of information that can go with layer-3 addresses, interfaces, and the architecture of the stack in general. This is why iproute2 exists.

Re:Changes for changes sake

[DamnOregonian]

He is. Ignorance masqueraded as condescending authority. The commentary on this article is fucking full of it.

Re:Changes for changes sake

[mvdwege]

The assertion ifconfig only displays one IP address per interface also demonstrably false.

Go back to your parents' basement and leave the sysadminning to the professionals:

$ ifconfig lo
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 261603 bytes 70983892 (67.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 261603 bytes 70983892 (67.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
$ sudo ip addr add 127.1.0.1/8 dev lo
$ ifconfig lo
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 261695 bytes 70996263 (67.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 261695 bytes 70996263 (67.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
$ ip addr show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 127.1.0.1/8 scope host secondary lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever

Re:Changes for changes sake

> IP aliases have always and still do appear in ifconfig as separate logical interfaces.

> The assertion ifconfig only displays one IP address per interface also demonstrably false.

*cough*

# ip addr add 10.0.0.101/24 broadcast 10.0.0.255 dev wlan0
# ip addr show | grep "inet "
        inet 127.0.0.1/8 scope host lo
        inet 10.0.0.100/24 brd 10.0.0.255 scope global wlan0
        inet 10.0.0.101/24 brd 10.0.0.255 scope global secondary wlan0
# ifconfig | grep "inet "
                inet 127.0.0.1 netmask 255.0.0.0
                inet 10.0.0.100 netmask 255.255.255.0 broadcast 10.0.0.255
#

ifconfig *does* show multiple _IPv6_ addresses per interface. Perhaps you were confused and were thinking about that?

It's a funny thing. Ethernet interfaces have been able to have multiple IPv4 addresses assigned to them for like _forever_. It's always boggled my mind that ifconfig has required you to go through this bullshit "interface aliasing" song and dance to do what's a one-liner in 'ip'.

Reminds me of back in the Windows9x days when you had to reboot those machines whenever you had the audacity to alter the IP address you assigned to the box. So primitive!

Re:Changes for changes sake

[DamnOregonian]

It's a funny thing. Ethernet interfaces have been able to have multiple IPv4 addresses assigned to them for like _forever_. It's always boggled my mind that ifconfig has required you to go through this bullshit "interface aliasing" song and dance to do what's a one-liner in 'ip'.

This is actually because net-tools was written to target linux 2.0
At that time, interface aliases were the only way to accomplish an IP alias (IOCTL interface doesn't allow for adding a layer-3 alias to an interface)
When RTNL was made, circa Linux 2.2, that added support for layer-3 aliases to existing interfaces, and thus began the divergence between net-tools, and the Linux kernel's network stack, and the advent of iproute, and subsequently iproute2.

So yes, the core architecture of net-tools is from Linux 2.0. And therein lies our problem, and the reason this is all happening.

I propose a new word:

[JustNiz]

SysD: (v). To force an unnecessary replacement of something that already works well with an alternative that the majority perceive as fundamentally worse.
Example usage: Wow you really SysD'd that up.

Re:I propose a new word:

Excellent. I've been usng Unix(tm) since 1982.

Re:I propose a new word:

[drinkypoo]

Sounds too much like SysV. Can't we just call it Poettering something?

Re:I propose a new word:

Back-form it: to poetter, poetters, poettered, poettering.

You mean the opposite of the Unix way?

[raymorris]

The number one rule of the Unix way is "everything is a file". Including everything in /proc. PS, ifconfig, etc read the information in proc and format it for human consumption. There is nothing in the Unix way that says "get confused about what is an application programming interface (proc) and what is a UK report (ifconfig)".

In fact the Unix way, everything is a file, makes it easy for scripts to use the API - the APU isn't some complex binary system like COM, it's just a directory of files.

Re:You mean the opposite of the Unix way?

Not only unix: LispM are pure-text, live-code systems. In plan9 "everything is a file" is "more" true than unix.
Any "powerful"/"advanced" OS consider anything a file.

Re:You mean the opposite of the Unix way?

[ceoyoyo]

The biggest problem with "everything is a file" is that it limits you to files. Files don't generally call you, for example, you have to poll.

The "everything is a file" and "simple programs that do one thing well" paradigms are great for system administration and lots of other things, but they're limiting if you take the philosophy too far.

Re:You mean the opposite of the Unix way?

[WaffleMonster]

The biggest problem with "everything is a file" is that it limits you to files. Files don't generally call you, for example, you have to poll.

Don't worry, sockets are files too.

Re: You mean the opposite of the Unix way?

You might want to read up on Inotify

Re:You mean the opposite of the Unix way?

[mvdwege]

The number one rule of the Unix way is "everything is a file". Including everything in /proc.

If only that were true, we would be spared your ignorance.

Here's a hint: it has something to do with why BSD was used to try out technologies for DARPA.

Re:You mean the opposite of the Unix way?

[mvdwege]

So, tell me, oh great Unix wizard, how do I unlink(2) a socket? Why do I have to call socket(2) and bind(2), and then listen to it or connect to a remote socket before I can even think of calling read(2) or write(2)?

'Everything is a file' is a convenient shorthand, not a truth graven in stone.

Re:You mean the opposite of the Unix way?

[DamnOregonian]

You can unlink() a socket.... as long as it's an AF_UNIX socket with a VFS entry....

Stop and think about what you wrote, though...

before I can even think of calling read(2) or write(2)?

Allow me to paraphrase:
before I can even think of calling the standard file descriptor access calls?
"Everything is a file" was *never* universally true in any POSIX compliant system in existence. It couldn't be. But it's mostly true in a lot of contexts.

Re:You mean the opposite of the Unix way?

[mvdwege]

Like I said, convenient shorthand. You know it, and I know it, but the guy I was replying to obviously doesn't.

Fuckers

FUCKERS!

Re: Denying ICMP echo @ server/workstation level t

A design is valid if it works flawlessly with the reference design and has the same responses in all test cases.

Well, that might be true if the standard is written around a reference design but TCP/IP isn't.

If it works flawlessly with the "reference" design then that is a good sign, but it is by no means guaranteed that the BSD stack is bug free.

If it conforms to the RFC then it is valid, if it doesn't it isn't.
Testing is good but doesn't formally prove anything.

Total nonesense

[AndrewGryaznov]

I am Linux kernel network and proprietary distributions developer and have actually read the code.

Reading stuff in /proc is a standard mechanism and where appropriate, all the tools are doing the same including 'ss' that you mentioned (which is btw very poorly designed)

Also there are several implementations of the net tools, the one from busybox probably the most famous alternative one and implementations don't hesitate changing how, when and what is being presented.

What is true though is that Linux kernel APIs are sometimes messy and tools like e.g. pyroute2 are struggling with working around limitations and confusions. There is also a big mess with the whole netfilter package as the only "API" is the iptables command-line tool itself.

Linux is arguably the biggest and most important project on Earth and should respect all views, races and opinions. If you would like to implement a more efficient and streamlined network interface (which I very much beg for and may eventually find time to do) - then I'm all in with you. I have some ideas of how to make the interface programmable by extending JIT rules engine and making possible to implement the most demanding network logic in kernel directly (e.g. protocols like mptcp and algorithms like Google Congestion Control for WebRTC).

Re:Total nonesense

I am Linux kernel network and proprietary distributions developer and have actually read the code.

To what?

There is also a big mess with the whole netfilter package as the only "API" is the iptables command-line tool itself.

API is called IPTC and it's all GPLd which must be inconvenient for "proprietary distributions".

Google Congestion Control

Now THAT is funny.

Re: Denying ICMP echo @ server/workstation level t

If it conforms to the RFC then it is valid, if it doesn't it isn't.

First start with RFC 1796.

Next understand RFCs are static documents. They can be updated or replaced only by new RFCs which takes years of doing a days of work and sitting on your hands for the next 6 months until the next meeting to get published. Sometimes published contradicts the text itself. Sometimes implementing an RFC does not result in a compatible with reality implementation.

I've personally intentionally violated SHALLs and MUSTs on dozens of occasions in order to prevent unacceptable behavior. RFCs are sometimes full of crap. Many of them are poor quality.

Appears I *may* be correct... apk

See subject: Correct me if I'm off/wrong but this shows it's doable apparently (no ufw/iptables/ipchains or routers needed) https://www.thegeekstuff.com/2010/07/how-to-disable-ping-replies-in-linux// to disable ping/icmp echo replies (traceroute too unfortunately but iirc, it's BUILT on pings/icmp) MINUS using routers OR software/hardware firewalls & @ the OS workstation OR server level...

APK

P.S.=> ... & "there ya go" + I learned something today which makes it NOT a 'wasted day' (time to drink a few beers I say, holiday weekend & 'what-not' in the USA this weekend + my program's portings are going EXTREMELY well & yardwork/spring cleaning's done AND bills are paid so... off we go, lol))... apk

CLEARLY.

[ckatko]

Clearly, the most important reason to remove tools like "ifconfig, netstat and the like"? Is because they work well and nobody complains about them.

I mean, good God people. (I mean, Hail Science!)

Re:CLEARLY.

[DamnOregonian]

Nope. Distributions are removing them (RHEL7) because they've spent the last 20 years migrating over to iproute2 as net-tools became more and more antiquated, inaccurate, and irrelevant.

In case you're curious:
iproute (961225-1) unstable; urgency=low

* Initial Release.

-- Tom Lees Mon, 30 Dec 1996 11:12:23 +0000

Re:CLEARLY.

[mvdwege]

Ouch. I couldn't find it's exact age, but I knew it was already widespread 10 years ago, so I originally settled for that in this discussion.

Re:CLEARLY.

[DamnOregonian]

I began using it about 10 years back when developing a linux-based routing and shaping platform to replace our aging Netscreens for a 3000-residence gigabit fiber community.
The things I needed to do then still can't be done with net-tools today, in terms of routing or traffic shaping. I knew back then that iproute2 would eventually completely displace net-tools... I also knew the sysadmins with more mundane use cases for Linux would scream bloody murder. I'm actually amazed it took this long.

msmash, seriously?

[ckatko]

Between the non-stop SJW posts, Microsoft rules posts, and Linux needs to break everything that actually works, posts.

Why the hell are you here? Who is paying you? How does it feel to be the worst of Slashdot?

Re:msmash, seriously?

Just take a break a day or two from /., man. Enjoy the day! Complaining over little petty things won't do any good to you.

Re: Denying ICMP echo @ server/workstation level t

[Sique]

And normally, you only get an RFC accepted if you put up source that implements the proposed RFC.

Submarine patents

n/t

inotify / fswatch

[raymorris]

>. Files don't generally call you, for example, you have to poll.

That's called inotify. If you want to be compatible with systems that have something other than inotify, fswatch is a wrapper around various implementations of "call me when a file changes".

Polling is normally the safest and simplest paradigm, though, because the standard thing is "when a file changes, do this". Polling / waiting makes that simple and self-explanatory:
while tail file
do
        something
done

The alternative, asynchronously calling the function like this has a big problem:

when file changes
      do something

The biggest problem is that a file can change WHILE you're doing something(), meaning it will re-start your function while you're in the middle of it. Re-entrancy carries with it all manner of potential problems. Those problems can be handled of you really know what you're doing, you're careful, and you make a full suite of re-entrant integration tests. Or you can skip all that and just use synchronous io, waiting or polling. Neither is the best choice in ALL situations, but very often simplicity is the best choice.

Old news

This is all a bit painful.

These commands were established by 2014. Four years ago. The old syntax has been there for me on all the systems I checked. And nobody is mentioning the reasonable abbreviations. Try ip a or ip r for a surprise.

Chuck

Re:Old news

[DamnOregonian]

No. Much longer ago than that. I first starting using the iproute/iproute2 tools in 2008 or so when it became necessary to start utilizing linux for advanced routing in my workplace. It was already old then.

Thats... the argument? FML

[adosch]

The OP's argument is that netlink sockets are more efficient in theory so we should abandon anything that uses a pseudo-proc, re-invent the wheel and move even farther from the UNIX tradition and POSIX compliance? And it may be slower on larger systems? Define that for me because I've never experienced that. I've worked on single stove-pipe x86 systems, to the 'SPARC archteciture' generation where everyone thought Sun/Solaris was the way to go with single entire systems in a 42U rack, IRIX systems, all the way on hundreds of RPM-base linux distro that are physical, hypervised and containered nodes in an HPC which are LARGE compute systems (fat and compute nodes). That's a total shit comment with zero facts to back it up. This is like Good Will Hunting 'the bar scene' revisited...

OP, if you're an old hat like me, I'd fucking LOVE to know how old? You sound like you've got about 5 days soaking wet under your belt with a Milkshake IPA in your hand. You sound like a millennial developer-turned-sysadmin-for-a-day who's got all but cloud-framework-administration under your belt and are being a complete poser. Any true sys-admin is going to flip-their-shit just like we ALL did with systemd, and that shit still needs to die. There, I got that off my chest.

I'd say you got two things right, but are completely off on one of them:

* Your description of inefficient is what you got right: you sound like my mother or grandmother describing their computing experiences to look at Pintrest on a web brower at times. You mind as well just said slow without any bearing, education guess or reason. Sigh...

* I would agree that some of these tools need to change, but only to handle deeper kernel containerization being built into Linux. One example that comes to mind is 'hostnamectl' where it's more dev-ops centric in terms of 'what' slice or provision you're referencing. A lot of those tools like ifconfig, route and alike still do work in any Linux environment, containerized or not --- fuck, they work today.

Anymore, I'm just a disgruntled and I'm sure soon-to-be-modded-down voice on /. that should be taken with a grain of salt. I'm not happy with the way the movements of Linux have gone, and if this doesn't sound old hat I don't know what is: At the end of the day, you have to embrace change. I'd say 0.0001% of any of us are in control of those types of changes, no matter how we feel about is as end-user administrators of those tools we've grown to be complacent about. I got about 15y left and this thing called Linux that I've made a good living on will be the-next-guys steaming pile to deal with.

that's why they are so popular

[goombah99]

I posted this from my Lisp((()))) phone.

Re:that's why they are so popular

[DamnOregonian]

Correction, (your (Lisp())
phone)

I like iproute2, but ss needs to die horrifically

[DeHackEd]

Honestly, in today's world of 1080p monitors, why does 'ss' default to trying fill my screen horizontally and padding the fields out accordingly?

And when I say "by default", I mean "external hacks are required to stop it". Use "ss | cat" to make it better.

Otherwise I find the rest of iproute2 to be good. It's a necessity in today's Linux IP stack with network namespaces, policy routing, and other advanced routing decisions like preferring a specific IP address for outbound traffic.

I agree intermittently with other people. Though the new tool needs to be installed by default, the old tool shouldn't be thrown away just because there's something newer. "New" doesn't mean "better". (Lately that's been increasingly true)

No, No, No.

There is no reason not to provide new , improved tools - hell, I would agree that Netstat is rather a long way from user friendly.

BUT

THERE IS NO REASON ON THE PLANET TO REMOVE THE OLD TOOLS even if the new ones are ten times better. Nor to make the new ones defaults, or ram them down people's throats.

We have nearly 50 years experience telling us that ramming new features down people's throats is not the way to get popular. If we want something rammed down our throats, a quick search of pornhub will explain how to get there. The fact that we are here and not on pornhub is supposed to tell you something.

Yours

an ex-gnome user.

Re:No, No, No.

No need to replace the old commands. Just insert your new feature on the old ones with an additional switch or parameter for that util.

Absolutely

Parent is correct. The current routing is mind bogglingly complex and powerful with rules and such so you can sling packets in a hundred different ways. ip route /ip rule/ip link/ip addr et all are fairly well thought out. I wasn't happy with it at
first, but the fact sometimes you just have to learn new stuff.

Expect more crap like this

There has been a bit of a revolution in the IT world to push out older admins. One of the ways in which they are doing it is quite literally changing the very systems we operate since companies are not as willing to retrain. It creates labour through necessity. The process by which it's done is somewhat methodical. Complaining that /proc isn't fast enough for ifconfig, is moronic.

It wouldn't at all surprise me to see more attacks on people like RMS and Torvalds directly to undermine them. They are certainly setting the stage with "rules of conduct" being thrust upon any project with a heartbeat.

This blog post, is just that, a blog post. I'm surprised they weren't advocating for json to be standard. No idea why it even hit Slashdot.

Re:Thats... the argument? FML

[DamnOregonian]

A lot of those tools like ifconfig, route and alike still do work in any Linux environment, containerized or not

They work fine as long as you have a very simple network configuration.
They do not work at all if you need vrf, policy routing, seperately scoped addresses, alias addresses (not the same thing as an alias interface)
If you get modded down, it's because you're ignorant and you don't know it, not because you're speaking the truth to power.

Re:Thats... the argument? FML

Why is it even using /proc?
It's pretty much deprecated for years already. All info for hardware devices is in /sys.

Re:Thats... the argument? FML

[Greyfox]

Yeah. The other day I set up some demo video streaming on a Linux box. Fire up screen, start my streaming program. Disconnect screen and exit my ssh system, and my streaming freezes. There're a metric fuckton of reports of systemd killing detached/nohup'd processes, but I check my config file and it's not that. Although them being that willing to walk away from expected system behavior is already cause to blow a gasket. But no, something else is going on here. I tweak the streaming code to catch all catchable signals, still nothing. So probably not systemd, but I can't be 100% certain. I'm still testing all the possibilities -- if I start the servers from the console in screen and then detach and exit, I don't have the problem, it's only if I start them from ssh. And if I ssh in later, attach and detach, I still don't have the problem. So I'm looking forward to a couple of days of digging around in the ssh code to see if I can figure out what's going on with it. In the mean time, I have a reasonable workaround.

My point being that I don't think it's unreasonable to expect to know and understand every aspect of my system's behavior, and to expect it to continue to behave in the way that I know it does. I've worked on systems where you had to type the sequence of numbers that was the machine code for the bootstrap sequence in order to boot the system. I know how the boot sequence works. I know how fork and exec and the default file handles work. I know how my system is supposed to start from the very first process. And I don't mind changing those things, as long as I trust the judgement of the people changing them. And I very much don't, for a lot of this new shit. Not systemd, not wayland, not the new networking utilities. Still not enough to take matters into my own hands, though.

Re:Thats... the argument? FML

[petes_PoV]

netlink sockets are more efficient in theory so we should abandon anything that uses a pseudo-proc, re-invent the wheel and move even farther from the UNIX tradition and POSIX compliance?

But that is always the problem when a system relies on amateurs volunteering their spare time. You can't get them to do what is needed, what is correct or what the overall plan requires.

You can only get them to do what they think is "fun", or that panders to their desire for recognition, self-importance or other forms of emotional payback.

Even when it is third-party companies donating the code, they still only do it for their own self-interest. While some of that might be to further "the cause", a lot of the time it is for self-promotion or as bait for developers - you can spend time writing OSS stuff.

Whatever the reasons, it means that "Linux" can't get the software it needs, or the support, maintenance and updates. The best it can do is to be grateful for the scraps that people want to do.

Some historical color

[jgotts]

Just to give you guys some color commentary, I was participating quite heavily in Linux development from 1994-1999, and Linus even added me to the CREDITS file while I was at the University of Michigan for my fairly modest contributions to the kernel. [I prefer application development, and I'm still a Linux developer after 24 years. I currently work for the company Internet Brands.]

What I remember about ip and net is that they came about seemingly out of nowhere two decades ago and the person who wrote the tools could barely communicate in English. There was no documentation. net-tools by that time was a well-understood and well-documented package, and many Linux devs at the time had UNIX experience pre-dating Linux (which was announced in 1991 but not very usable until 1994).

We Linux developers virtually created Internet programming, where most of our effort was accomplished online, but in those days everybody still used books and of course the Linux Documentation Project. I have a huge stack of UNIX and Linux books from the 1990's, and I even wrote a mini-HOWTO. There was no Google. People who used Linux back then may seem like wizards today because we had to memorize everything, or else waste time looking it up in a book. Today, even if I'm fairly certain I already know how to do something, I look it up with Google anyway.

Given that, ip and route were downright offensive. We were supposed to switch from a well-documented system to programs written by somebody who can barely speak English (the lingua franca of Linux development)?

Today, the discussion is irrelevant. Solaris, HP-UX, and the other commercial UNIX versions are dead. Ubuntu has the common user and CentOS has the server. Google has complete documentation for these tools at a glance. In my mind, there is now no reason to not switch.

Although, to be fair, I still use ifconfig, even if it is not installed by default.

Re:Some historical color

In my mind, there is now no reason to not switch.

Very good post. I am just a hobbyist programmer and, obviously, I have huge respect for strong C coders.

But how about the millions of books printed for Solaris, HP-UX and UNIX where the commands are still the same up to this day?
  You mean we'll just dump those classic *nix books to the trash bin because those old commands were already replaced by a modern one?
I think this is a new ploy to force all *nix users to buy the latest book editions. To hell with the environment and huge waste.
At the moment I am still reading *nix books published around 1999 because the commands and tricks are just the same.

security implications?

What are they? The post doesn't mention any.

$0 needs symlinks, which need Windows 10

[tepples]

That's because $0 isn't very helpful without symlinks, and creating a symlink on Windows prior to Windows 10 buid 14972 requires administrator privilege even if the owner of the symlink and the owner of the target file are the same.

Too many shitty coders

that's the problem. Its this kind of idiocy that makes people think windows 10 is a good gui.

Fuck people who try to obsolete these tools

Soooo irritating when I type ifconfig and this shit ain't found. Then I have to go on Google and look for the alternative command. Completely throws off my flow. I hate these people who try to change this shit. Fuck you.

Re:Fuck people who try to obsolete these tools

[ebvwfbw]

I think they used to work for Oracle. They're trying to fuck linux like they did with Solaris. Solaris 11 is crap.

The problem with replacements ...

[shess]

... is that they often ship before they're ready, and don't stabilize for a long time, so when you are trying to figure out how to accomplish something, what you find on the Internet is a collection of popular hits which correspond to an old version of things, or a collection of thesis papers about how things should work.

As a for-instance, I've found it nigh unto impossible to decode systemd stuff. Don't get me wrong, I can see that there's an architecture in there, and I can see that it can likely accomplish what I want to accomplish, the problem is that there seem to be like 7 places where config files live, and configs are broken up into many pieces for different phases of things, and all of this interacts. So where an old-skool init-style system was just a shell script which you could easily write and test, now a bit of what you want to change can live in 21 different places, which aren't consistently binned across different sub-systems, and you can't easily test things in isolation. Oh, it didn't work - why? I don't know. Again, with init it was a shell script, you could usually just run it manually to see why it was failing, but under systemd the log output goes ... somewhere. Which you can figure out, but again now you're researching systemd architecture instead of solving the problem you came here to solve. It feels like C++ mindset applied to system startup.

And that's even before you've realized that the particular package you're trying to figure out is still maybe using upstart. Or init. And nobody documents that, so you have to figure it out via detective work. Fortunately find and grep still work, for now.

Re:The problem with replacements ...

[mishehu]

Comparisons to systemd and upstart and the like aren't very relevant here since iproute2 is about 22 years old. It's not just being forcefed down everybody's throats like anything Poettering wrote, and iproute2 and related tools are definitely more capable than the old tools were. While I don't like change just for the sake of change, this is NOT an instance of change just for change's sake.

Re:The problem with replacements ...

[DamnOregonian]

Well the good news for you then, is that iproute has been in development, and shipped by default in every major distribution since 1996.
Every single distribution I use, (and I'm told slackware as well) rely upon iproute2 for their basic system network management scripts,
and as of the most recent release of CentOS/RHEL, net-tools aren't even installed by default anymore. You can of course still install them if you like them. You won't be able to fully utilize the capabilities of the linux kernel in the networking domain, but you likely don't care about that if you don't know the history of iproute/iproute2.

Re:I like iproute2, but ss needs to die horrifical

[DamnOregonian]

The 'new' tools turn turn 22 this year.
I first starting using them for LARTC about a decade ago, and was first *forced* to use them in RHEL7. Since then, I use them exclusively now. It's easier than trying to remember the idiosyncrasies of net-tools that give you straight up bad information on machines that may have complicated network configurations running on them.
Initially, I installed net-tools on every RHEL7 machine I deployed. I think I probably did that for a month. The last 40 or so are all net-tools free.

Re:Also reasons for 'beefing up' existing tools to

My APK Hosts File Engine 2.0++ for Linux (GTK3 via FreePascal + Lazarus 1.8.2) yields more security/speed/reliability/anonymity vs. ANY SINGLE solution (99% of threats = served by hostname vs. IP address (that most firewalls use)) more efficiently & FASTER + NATIVELY 4 less!

Cool story bro
Too bad that is all it is

Linux conceived as "a UNIX" from the beginning.

[CraigCruden]

From the very beginning... Linux (the kernel) was conceived as a UNIX clone...

Linus:

---- my .plan ----
Free UNIX for the 386 - coming 4QR 91 or 1QR 92.

The current version of linux is 0.11 - it has most things a unix kernel
needs, and will probably be released as 1.0 as soon as it gets a little
more testing, and we can get a init/login going. Currently you get
dumped into a shell as root upon bootup.

-- End --

All the "utilities" that sit on top of the "Linux kernel" are gnu based utilities that predate Linux etc. This was not an accident.

Re:Linux conceived as "a UNIX" from the beginning.

[thegarbz]

Linux was conceived as a university project. Clearly it shouldn't be used in enterprises. Point is that Linux is not some clone of a Unix kernel. It hasn't been that for many years. As the starting project it needed Unix compatibility for the GNU toolkit. lest it be completely useless and never adopted. Again it has deviated specifically from this over the years.

Case in point, we're having this discussion now. I don't see ip and ss in the GNU toolkit.

Re:Linux conceived as "a UNIX" from the beginning.

> Linux was conceived as a university project.

Nope. Just a hobby - it started out as a terminal emulator, to which Linus added task switching and a disk driver, a shell, POSIX system calls... he worked on it for fun outside of his regular coursework.

So, clearly it shouldn't be used in enterprises!

SS is not a judicious name choice

https://en.wikipedia.org/wiki/Schutzstaffel

Quo vadis?

Familiar story. Just following the path of SystemD.
Looks like something is intentionally working towards breaking a beautiful working UNIX culture and philosophy if you like with all these useless changes to the UNIX systems. What is next you morons?

Keep it Simple Stupid - devuan

[psb777]

Devuan is a most useful up(!)grade from Debian which is systemd free and has a mindset that will resist this nonsense too. I'm using it on embedded devices, servers and as my desktop environment - the only exception being my Android/Chromebook devices. http://devuan.org/

Re:Keep it Simple Stupid - devuan

Does Devuan still delay security updates by half a year like they did with samba?

It never moved beyond being a joke :^)

Re:Keep it Simple Stupid - devuan

[psb777]

I remember the Samba delay, but I think all distributions have their errors and their faults. That you find one with Devuan is firstly inevitable and secondly of small consequence. Any other distro would be subject to the same criticism. More generally, abstracting ourselves, the discussion here, this topic at Slashdot, and in the whole Linux systemd debate is one about progressiveness. People keep on thinking very arrogantly that the number of problems can be significantly reduced. What actually stops this being possible is the wholesale turning over of established paradigms. What this does is usually to introduce more problems than are fixed, and when these in turn are addressed you end up in the same semi-satisfactory situation - an operating system annoying in some ways. No real progress.

I don't deny that there can be some progress, that things can get better, it's rather that there is an illusion that there can be great progress. The mostly small, quite manageable manageable, known and well understood problems in pre-systemd Linux have been substituted with a different set some of issues some of which are huge, not manageable, not well known and not well understood in Linux+systemd.

The same happens here with the wholesale destruction of a known interface to the network provided by Unix. I see no list of well defined problems produced by those substituting the known with their own arrogantly devised code. Were there such a list then they could be addressed. Instead we get some bored young bright and arrogant new kid foisting solutions on us like Pottering.

There is a Unix philosophy which the new pretenders seem either not to know or to ignore. This philosophy got us to where we are today. One tool for one task. Loose coupling. KISS. These are fundamental engineering principles - all disciplines - ignorance of which betrays any deep understanding of what makes good elegant design.

Re: Denying ICMP echo @ server/workstation level t

Factually wrong.

Windows has it's own stack, even though the initial one was BSD derived, but it got thrown out for being shit. Which basically leaves you with the various sorts of BSD implementations, not sure about OSX. Either way, the vast majority of all systems does not use the palaeolithic, under-maintained and under-performing BSD code. So Sad!

No SystemD

Stop messing with it, son.

Re: Denying ICMP echo @ server/workstation level

[zaphirplane]

From Nmap weâ(TM)ve learnt that no one implements it the same, not even same OS across versions. No one is validating to the BSD implementation

Re: Denying ICMP echo @ server/workstation level t

Most of the very low level parts of Linux are pretty decent because Linus keeps a close eye. As much as I love BSD, having a monoculture is not good long term and Linux has provided some competition, encouraging BSD to push forward where once stagnant. There's also a few situations where Linux spearheaded something BSD wasn't entirely sure about, allowing BSD to learn from Linux' mistakes and finally getting it done.

Overall, Linux has quite the Not-Invented-Here culture, not only reinventing what other's have done, but also what they have done.

Tried and true or the shiny new object

At least with old tools, you know the limitations inside and out

Re:Operation Crossfire Hurricane and Professor Ste

Just fuck off you boring deluded cunt.

None of this commenting is productive

TFA's comments are the reason why having this dicussion is unproductive. Below and above you will find a bunch of butthurt, namecalling, and wrongthink accusations. There may be truely insightful or informative bits amongst the kilobytes of garbage, but you'll have to dig pretty hard to find them. Just digging through it makes me want to find something else to do. The discussion around the issue has become so repungent that you'd be insane to try and deal with the actual issue. All of you are scaring off every last person that may try to help you.

Note: In my opinion, not that it matters, I would say that if net-tools were updated to include support for the new functionality this whole dicussion would be a non-issue. However as others have already stated: It's not a priority for the net-tools maintainers right now, and hasn't been since they were notified about some of the issues in 2013. Unless that changes, people will naturally need to use other tools if net-tools doesn't provide the functionality they need.

Just like with systemd...

[vanyel]

...I don't care what you do under the covers if it improves things somehow, but don't gratuitously change the user interface.

Slowly becoming resigned...

[petrus4]

I used to get really angry about things like this. I've seen one initiative after another after another, to get transparent, open, non-corporate software and standards obsoleted, and replaced with incomprehensible corporate crap, which ultimately has no other purpose or effect, than to eliminate the ability of the end user to either understand or control, the hardware or software they use.

I am becoming resigned to it, however; because I've realised that the relentlessly tenacious, compulsive stupidity and amorality of the Millennials can not be defeated. They rammed systemd through, and everyone just rolled over and capitulated, and anyone who didn't was just called a troll until they shut up.

So go ahead. Destroy everything in the name of corporate profit and looking superficially cool. In the end, you'll only harm yourselves.