cies wrote:
the solution can be new: why not do the configuring from a webpage (that at the same time has a command line interface)?
I'm writing just to add some more pieces of information into this shaker :)
reasons why: - no gnome/kde/whatever dilemma - today with AJAX we can make very good looking interfaces. - webpages are easier to 'fix' (usability wise) - more people can help
We were doing some research in web-based technologies for YaST web-interface and I'd like to present it here just to avoid the same mistakes we did. All of the following comes from myself (and my experience) and SUSE/Novell is not responsible for the flame-war that could be started by some of my thoughts :) This is a reply to the initial mail, that's why the text has a form of a reply... reason why not: - we don't have any dilemma concerning GNOME/KDE/whatever but we had a dilemma which browsers would be supported because we had realized that every single browser supports CSS/JavaScript/HTML in its own way and even the same browser (Firefox) might differ from Linux to Windows. - It's true that AJAX can help creating very cool-looking web-interface but consider the high price we would have to pay: AJAX is very insecure and very unreliable when used for development by non-super-web-hackers. Some links: * AJAX Vulnerabilities Could Pose Serious Risks http://www.eweek.com/article2/0,1895,1998795,00.asp * Fortify identifies JavaScript vulnerability in AJAX apps http://www.networkworld.com/news/2007/040207-javascript-ajax-applications.ht... * http://www.owasp.org/index.php/Testing_for_AJAX_Vulnerabilities http://www.owasp.org/index.php/Testing_for_AJAX_Vulnerabilities * Ajax Exploit Threatens Web 2.0 Security http://www.profy.com/2007/04/06/ajax-exploit-threatens-web-20-security/ * Google http://www.google.com/search?q=ajax+vulnerabilities - AJAX also causes quite high network traffic and quite high server load - Web-pages might be better-understandable for common people than currently YaST is because browsing web is something that people do all the day ;) But a saw a lot of people confused and lost in AJAX-driven web-pages, particularly because of the slower server response. - More people can help wit development, but on the other hand, more people can do more security errors. That's the very same with PHP - it's such an easy programming language for web-interfaces that so many people try developing with it. PHP is not dangerous when developers know what they are doing, but a very high percent of them certainly don't know even if they think they know. - Consider the fact that we need, at least, some part of the web-server running with root privileges. That's what actually all clever web-administrators refuse to do ;) - Authentication a connection must be encrypted (SSL) otherwise you would have to use the web-interface only locally. So where is the advantage of web now? Web makes sense for remote administration. (And YaST allows a secure remote administration, ssh+YaST in ncurses or ever in ssh+forwarded_X(Qt/GTK). - Actually I could image installation process through a web-server but I can't see any advantages of it, rather disadvantages. If you still want to install using Firefox with JavaScript, try VNC installation: http://en.opensuse.org/Linuxrc (VNC, VNCPassword)
features: - plugin based - written in ruby (or python) ((biased? who, me?)) - stylesheets can be used for theme creation - a command line interface (new to the locally served web page) - runs on gecko/khtml (with the accompanying javascript engines) - put in a specially crafted browser, to look very clean
feature problems: - Ruby / Python or even Perl doesn't provide so much controllability as YCP does. It rarely happens that YaST is killed by some exception that is not handled properly, it's mainly because YCP has a very good syntax checker and doesn't allow you to make mistakes. If only I could say that about web-scripting languages :( How often an 'Internal Server Error' happens if you think that everything goes smooth? - Stylesheets (CSS) si the problematic part of almost all web-browsers (almost all, because some of them just don't support CSS at all). Actually you can't find two web-browsers that would support CSS the same way as another one does. That's why using CSS might become rather a disadvantage. Yes, I know, that's life and we have to deal with it, CSS are cool :) - YaST already has a commandline interface for the most important modules, even for the majority of less-important ones ;) - Putting all this into a specially-crafted browser can be a feature. That would be two disadvantages at least: 1.) Very limited usage (only one browser) 2.) Somebody would have to maintain such a big package just for one purpose
strategic: - try to cooperate with other distributions - share the development - seek cooperation with openusability.org - uniformize linux configuration -- users benefit
- I saw a lot of articles about openSUSE and it seems that YaST is loved for its usefulness. - We pro-actively seek cooperation with opensuse.org - Other distributions (RedHat, Debian, ...) tried / are trying to port YaST and we actually offered them our help. - CIM or something similar seems to be better for unifying Linux configuration. Almost all web-based technologies have problem to distinguish between web-interface and logic-layer. YaST has even three layers: SCR (works with system), Logic (API), UI. I've tried a simple example of using YaST libraries connected via Perl to the web-based UI handled by apache (using FCGI). It was a YaST-Firewall in web and worked well :) Moreover, we had/have an OpenExchange Server having quite nice and useful web-interface. http://images.google.com/images?q=suse%20linux%20openexchange%20server Conclusion? Do we need any just now :)? -- Lukas Ocilka, YaST Developer (xn--luk-gla45d) ----------------------------------------------------------------- SUSE LINUX, s. r. o., Lihovarska 1060/12, Praha 9, Czech Republic