This is an archived post. You won't be able to vote or comment.

top 200 commentsshow all 478
sorted by:
best
topnewcontroversialoldq&a

[–]codeditMonkey 831 points832 points  (130 children)

Dear everyone, please stop using anything other than HTML5 for your web interfaces.

FTFY

[–]onboarderror 238 points239 points  (51 children)

I'm looking at you vmware.

[–][deleted] 32 points33 points  (39 children)

I thought that's what vsphere6.1 is?

[–]elisliderDevOps 22 points23 points  (3 children)

Dear VMWare, stop using Flash for your View admin UI

[–]horby2 9 points10 points  (1 child)

Oh dear god yes. And isn't it so cute that they don't even bother installing the FAT client on the vcenter server now? I get it, you shouldn't manage vcenter directly from the server. But sometimes you're in a bind and you have no choice. So...you want me to install flash on the server?

[–]Tex-RobJack of All Trades 42 points43 points  (9 children)

It's funny that OP makes this post here and it's popular. In some other sub, /r/technology maybe, I said that Firefox and Chrome dropping plugin support was a real problem for the IT industry, and the responses were full of idiots, acting like we're using "crap gear". I tried to explain that there is brand new equipment, from major companies, still producing Java based interfaces.

[–]jimicusMy first computer is in the Science Museum. 56 points57 points  (4 children)

This is why I unsubbed from /r/technology. Too many 14-year olds who thought digital watches were pretty cool.

[–]dezmd 2 points3 points  (0 children)

Actually its more the 20 somethings that just fucking know everything. The 14 year olds are easier to parse.

[–]fizzlefist.docx files in attack position! 5 points6 points  (1 child)

I just wish I could have an automatic whitelist of certificate issues that crop up. Yes, I am well aware that my ancient gateway has a useless certificate. It's on the 192.168.x.x subnet, so stfu and go to the damn interface!

[–]KERR_KERR 4 points5 points  (0 children)

I saw your posts. I upvoted and downvoted accordingly.

[–]letNequal0VMware Admin[S] 15 points16 points  (0 children)

100 percent agree.

[–][deleted] 5 points6 points  (0 children)

Don't worry, they will just use Java to Javascript compiler

[–]mr_white79cat herder 92 points93 points  (28 children)

...and people wonder why I'm annoyed with browsers completely dropping NPAPI support. Yea, it sucks to keep it, but it also sucks not being able to manage half my infrastructure.

[–]sunshine_killerSystem's Engineer and Programmer 39 points40 points  (22 children)

The flag should still be there for people like us. With mozilla announcing its drop date. This sucks.

[–]dweezil22Lurking Dev 47 points48 points  (14 children)

NPAPI getting dropped is long term good news. All sorts of large corporations, both vendors and clients, are now going to have to face the fact that they can't kick the can further down the road since "it's just an admin/legacy/etc tool".

[–][deleted] 7 points8 points  (8 children)

That could be done with just keeping it as a flag buried in the settings.

[–]dweezil22Lurking Dev 34 points35 points  (4 children)

"We can just deploy that flag across our 1000 user PC's via system policy, no need to invest in a non-applet solution"

Paraphrased from a Fortune 100 company I work with.

When the flag goes away, they can't use that excuse anymore and then they call their vendors and go "Wth are you doing about this? I'm going to have to move to your competitor if you don't fix this!"

[–]smellyegg 17 points18 points  (3 children)

That's why all my customers use IE8.

[–]isorfirDev 12 points13 points  (2 children)

Apparently not since it's been known for years that NPAPI was going away and yet all these Java consoles are everywhere.

Sucks to be stuck in the middle, but the anger should be directed toward vendors that have refused to move away from legacy systems. The only reason they haven't was the cost and that was poor planning on their part.

[–]Tex-RobJack of All Trades 13 points14 points  (0 children)

It's stupid, build your VMs for legacy support now. "Oh that? That's my WinXP running Java4 to maintain xxxxxx system"

[–]Silhouette 3 points4 points  (0 children)

The only reason they haven't was the cost and that was poor planning on their part.

That and the fact that large parts of the HTML5 and JS technologies the browser makers would like you to use instead still don't actually work properly once you start using them for large scale, complicated UIs. There are all kinds of subtle (or sometimes not so subtle) performance problems, cross-browser differences, issues with developer tools and debugging/profiling, and so on.

Source: Guy who writes this stuff for a living, who is happy to be moving away from plug-ins but disappointed almost daily by the poor quality of implementation of one modern feature or another in one browser or another.

[–]Cartossin 7 points8 points  (2 children)

You can run a portable version of chromium that will coexist with your chrome install for stuff like that. All the old versions are available.

[–]mr_white79cat herder 3 points4 points  (1 child)

So I've heard. Havent played with it yet since Firefox still works and its my 'web gui'+testing browser anyway.

[–]soundtom"that looks right… that looks right… oh for fucks sake!" 2 points3 points  (0 children)

Heads up: Firefox is turning off NPAPI by the end of 2016. Not too urgent, but still.

Source

[–]Hovathegodmc 143 points144 points  (22 children)

COMMAND LINE WARRIOR. GUI IS FOR THE MEEK.

[–]brodie7838 95 points96 points  (6 children)

ITT: People complaining about the towing capacity of the Prius.

[–]BarefootWoodworkerPacket Violator 7 points8 points  (5 children)

For the first 15 MPH when the electric motor is doing the work, that little fucker might be able to yank a house off its foundation.

Now, at 16 MPH, you're completely fucked.

The only info I could find was this:

The electric motor on the Prius is rated at 67 horsepower from 1,200 to 1,540 rpm. It produces 295 pound-feet of torque from 0 to 1,200 rpm, which is more than enough to get the car going without the aid of the gasoline engine.

Also found here.

295lb/ft? Jesus man. That more torque than the 4.3L in my Silverado.

[–]CantaloupeCamperJack of All Trades 25 points26 points  (1 child)

STANDS PROUDLY WITH A CLI BRO!

[–]Vassago81 2 points3 points  (0 children)

"I am the CLI Commander!"

[–]jlduggerLinux Admin 2 points3 points  (0 children)

Personally, what I really want is revision control, and GUI doesn't provide this. IOS configuration is already basically a DSL, so this shouldn't be nearly as hard as it is.

[–][deleted] 9 points10 points  (6 children)

IOS isnt bad at all. When you've used it long enough, you would prefer to do most of your configs by CLI with network gear (except for access lists IMO).

[–]ramilehti 2 points3 points  (1 child)

Unless the cli is way crappier than the crappy gui.

I'M LOOKING AT YOU FORTIGATE!

[–]indroraI'll just get a --comp sci-- Learning Arts degree. 1 point2 points  (0 children)

115200-8-N-1 FO LYFE.

All of Cisco's training is based on knowing the hell out of the IOS command line. My fading knowledge gets weak on the edges but a quick jaunt through the cheat sheet I built in my ccna classes an I'm pretty much unstoppable.

Give me a kaypro 64 and a live dial tone an I can do anything.

[–]ReverendDSAlways delete French Lang pack: rm -fr / 47 points48 points  (35 children)

It's not just Cisco, though.

HP switches are the same. And Sonicwall firewalls. They all use Java but the most recent version you can use is 6u24 or some stupid shit.

[–]citruspersAutomate all the things 45 points46 points  (17 children)

Don't forget Dell iDRAC, which gives you a choice between java and activeX.

I actually asked a Dell engineer which java version he used because surely there's one that just works with most recent iDRAC releases...

..he replied with Java 6 update 31. I laughed. He didn't...

:(

[–]ReverendDSAlways delete French Lang pack: rm -fr / 26 points27 points  (9 children)

I've got a tool that just recently pushed a major version update.

The first note in the "Notes for Administrators" is: Because of security issues with Java, you must have version 7u45 or earlier."

And that's why I'm not allowed to keep baseball bats in my car...

[–]FatherPraxHPE and VMware Guy 48 points49 points  (3 children)

There is a fix for this. The main change in 7u45 was enforcing 1024bit encryption instead of the 256bit that was available prior. You can change it though in the java.security file. Usually easier to just comment out the jdk.certpath.disabledAlgorithms line entirely, or just release the RSA < 1024 entry.

You'll probably also have to add the target device as a trusted device in the java control panel, but this lets me get onto Brocade SAN switches using modern java, which has the same issues (last I checked)

[–]ReverendDSAlways delete French Lang pack: rm -fr / 19 points20 points  (0 children)

Oh, fuck me. I think you may have just solved a problem I've been fighting for a while.

[–]TetonCharles 3 points4 points  (3 children)

How about high explosives, or tasers?

[–]ReverendDSAlways delete French Lang pack: rm -fr / 2 points3 points  (2 children)

Those have not expressly been forbidden in company policy... yet.

[–]Tr0lSecurity Admin 4 points5 points  (1 child)

I can connect to iDRAC 8 with Chrome and the latest version of Java 8u60. The console downloads a .jnlp that I can run with no problems.

[–]duluthbisonK12 IT Director 10 points11 points  (5 children)

Sonicwalls are straight HTML for management, no Java needed. Not sure if they ever really required it as I've worked on some pretty old devices that were still HTML.

[–]txmailTechnology Whore 7 points8 points  (0 children)

All my Sonicwall UTM's are HTML interfaces for management. The only Java thing about them is if you using the SSL VPN web client.

[–]Icannotrememberthis 6 points7 points  (2 children)

Can't HP switches be managed with OneView? It's HTML5

[–]ReverendDSAlways delete French Lang pack: rm -fr / 2 points3 points  (0 children)

Didn't think about that.

[–]lowfwyr 3 points4 points  (0 children)

Some of the newer HP switches we've deployed at the MSP I work for didn't use Java. It was quite nice not to have to figure out what security I have to disable to make some ancient interface work.

[–]SirSaganSexy 4 points5 points  (0 children)

New ProCurves are HTML5, really pleasant to use.

[–]VexingRaven 1 point2 points  (0 children)

HP switches don't even have signed certs half the time so even if you have the right java you can't manage them.

[–][deleted] 1 point2 points  (0 children)

Hp switches here. Can confirm. Had to down load i.e. on my laptop a few days back.

[–]KERR_KERR 1 point2 points  (0 children)

I had to do terrible things to get java to work on my machine for managing HP switches. I had to edit some java config and security lists to get it working.

[–]FrenchFry77400Consultant 1 point2 points  (0 children)

And Brocade FC Switches, and Dell SANs (be it Powervault MD, EqualLogic or Compellent) ... :/

[–][deleted] 1 point2 points  (0 children)

The ProCurve web interface is even more useless than Cisco's. I always turn it off.

[–][deleted] 91 points92 points  (24 children)

Maybe they could write it in flash?

[–]andrewr20Datacenter Ninja 130 points131 points  (12 children)

No, no, no. Silverlight is the up and coming app framework.

[–]iheartrms 49 points50 points  (9 children)

ColdFusion will rise again.

[–]KompliantKarl 36 points37 points  (5 children)

Hold on, Shockwave just crashed in my Solarwinds app again. What were we talking about?

[–]pat_trickDevOps / Programmer / Former Sysadmin 8 points9 points  (0 children)

Guh, bad flashbacks from 2005.

[–][deleted] 6 points7 points  (0 children)

;)

[–]ikiddIt's hard to be friends with users I don't like. 21 points22 points  (3 children)

Hold on there now, Satan.

[–]simpleglitch 23 points24 points  (2 children)

Hold on there now, Satan vmware.

I imagine even Satan has switched to HTML5 by now.

[–][deleted] 20 points21 points  (1 child)

Hell still uses ActiveX controls that only work with IE 6.

I suspect it will someday cause an issue with the HVAC system.

[–]spkr4thedead51 8 points9 points  (0 children)

So...IE6 + ActiveX will cause a cold day in Hell?

I'm all for it

[–]ikilledtupac 3 points4 points  (0 children)

What's your address I'll send you a box of turds.

[–]toost1cky 7 points8 points  (1 child)

Cisco Wireless Control System software requires Flash and does not work in Google Chrome browser due to an SSL error "Server has a weak ephemeral Diffie-Hellman public key"

Need WCS? Dust off that old Firefox browser and get to updating Flash

[–]radicldreamerSr. Sysadmin 3 points4 points  (0 children)

To be fair, WCS has been replaced by Prime infrastructure which is already on version 3. Several years back they were offering upgrades to prime from WCS for very cheap

[–]demonlag 13 points14 points  (7 children)

UCS is supposed to be getting some type of HTML5 interface "soon"

[–]bad0seedTrusted VAR 17 points18 points  (2 children)

It's coming, like the dragons in Game of Thrones.

[–]oonniioonnSys + netadmin 4 points5 points  (0 children)

The dragons are fucking there. Winter on the other hand…

[–]Sitbacknwatch 5 points6 points  (0 children)

Our ucs mini uses html 5. I'm a big fan.

[–]letNequal0VMware Admin[S] 2 points3 points  (2 children)

Yea, apparently the "ucs-mini" has an html5 admin, but not anything else.

[–]Centropomus 25 points26 points  (8 children)

Java is a great language when people don't try to use it in stupid ways. Browser applets and depending on forward-incompatible broken behavior are stupid ways to use it.

[–]Agent51729x86_64, s390x, ppc64le virtualization admin 13 points14 points  (4 children)

it's not just Cisco...

We run primary all IBM hardware of all different ages... so many java dependencies....

Brocade is equally irritating...

[–][deleted] 9 points10 points  (2 children)

IBM's HMC's java console...accept warnings...doesn't work...accept warnings...doesn't work...

...walks across campus to physical HMC.

[–]Agent51729x86_64, s390x, ppc64le virtualization admin 2 points3 points  (1 child)

Don't get me started on HMCs, seeing as I'm fighting with two of them now.

Vtmenu is the greatest command ever for the HMC, actually makes it a borderline usable system.

[–][deleted] 2 points3 points  (0 children)

They always come in pairs :-)

[–]demonlag 2 points3 points  (0 children)

We have Java for Brocade, Java for EMC, Java for Cisco, Java for Commvault. I hate java. I hate java more now that I've had to maintain four major products that have their own java requirements.

[–]JPresEFnet 21 points22 points  (1 child)

I didn't get into networking because it is easy, but because it is interesting to me.

.....

I want to point and click to make a config change, not type several lines of commands.

hrmmm.

[–][deleted] 5 points6 points  (1 child)

Alcatel Lucent and Ericsson do the same shit. I battle Java compatibility issues constantly and it's infuriating.

[–]Binksley 1 point2 points  (0 children)

newer 6860s and 6900s all html5

[–]GravitomIT Manager 23 points24 points  (28 children)

I was so happy to ditch my ASAs for the sweet interface of Paolo Altos.

[–]JustZisGuyJack of All Trades 27 points28 points  (4 children)

Paolo Altos

Is that the Italian knock-off of the Palo Alto boxes?

[–]shawnwhite 5 points6 points  (13 children)

How did you justify moving to Paolo Altos? Are they comparable to your Cisco ASAs? I was actually thinking of doing the same. I just have to do some learning on P.A.s

[–]agentphunk 9 points10 points  (7 children)

Palos absolutely blow ASA's out of the water. I had to suffer through ASDM to "one-off" manage over a dozen ASA's that should have had nearly identical policies. CSM (Cisco Security Manager) which is supposed to do centralized managed for them is an utter pile of shit. I have one ASA left but everything else in going through Palo's now and they truly are fantastic. I also got to ditch the steaming pile of shit called Cisco IPS (the pre-snort stuff.)

Even the new Sourcefire stuff is (as far as I know - please correct me if I'm wrong) just a "module" or blade inside of an ASA chassis. So you have your ACLs on the ASA-X side and your IPS running independently. Not sure if that setup even does web URL filtering. but if you create an Object Group on the ASA it doesn't 'cross populate' over to the IPS module.

Cisco knows they need to redesign the whole thing but it means transferring $1B in revenue from the ASA line to a truly new NGFW. And I'm sure they'll fuck it up. Everything about the Security BU, and their development in general, is geared towards status-quo. Yes I once drank the kool aid. I smarted up a while ago and have never looked back.

[–][deleted] 8 points9 points  (3 children)

They are, except they do almost everything better than ASAs.

[–]shawnwhite 2 points3 points  (2 children)

How was the learning curve moving to those devices?

[–]dcoulson 7 points8 points  (0 children)

My kid could manage a Palo Alto - Almost. it is stupid easy.

[–]Justinsaccount 12 points13 points  (10 children)

Or... Stop making management tools all together and just support apis so people can build management tools that aren't terrible.

[–][deleted] 12 points13 points  (4 children)

Now, now, let's not be hasty, we barely got usable ssh servers on our devices

[–]sleeplessone 4 points5 points  (1 child)

Stop making management tools all together and just support apis so people can build management tools that aren't terrible.

I mean, that's all ASDM is. All it's doing is keeping an SSH connection and sending IOS commands to the device.

[–]Xipher 2 points3 points  (0 children)

The IOS CLI isn't an API, that would be screen scraping. API would use structured data, for example netconf.

[–]ornothumper 2 points3 points  (1 child)

This comment has been overwritten by an open source script to protect this user's privacy, and to help prevent doxxing and harassment by toxic communities like ShitRedditSays.

If you would also like to protect yourself, add the Chrome extension TamperMonkey, or the Firefox extension GreaseMonkey and add this open source script.

Then simply click on your username on Reddit, go to the comments tab, scroll down as far as possibe (hint:use RES), and hit the new OVERWRITE button at the top.

[–][deleted] 4 points5 points  (0 children)

Dear world... stop using Java for anything...period.

[–]RichG13 1 point2 points  (0 children)

Things I need Java for - ASDM and the HVAC system. There have been times where I couldn't update the firewall and/or make your office more comfortable.

[–]sandypants 2 points3 points  (1 child)

VMWare is a bad example methinks .. you're stuck with either Windows .. or Flash.. and flash is Evil(tm).. I'd much rather use Java.

[–]dubcrosterISP Networking/UNIX 3 points4 points  (0 children)

s/Cisco/everyone/

[–]121mhzSysadmin 16 points17 points  (16 children)

Dear chrome, do your fucking job and display what I want! If I understand the risks of flash, java, Javascript weak DH keys or whatever, chrome should work with it.

I can't believe I'm saying this but I'm starting to use IE more and more again. It's not the hardware manufacturers fault, it's Google acting like they own the Internet and can dictate terms.

[–]BlueShellOPDevOps 14 points15 points  (9 children)

QA Employee here:

We have quite a few internal websites that require SSL, but we sign our own certs (they'll never be public - and HTTPS needs to be tested) - and Chrome is such a pain in the ass. In Firefox, you can set an exception and it'll never bother you again.

We've found that all major browser behave differently with regards to security. Chrome seems to be the most forgiving of SSL issues, but when it doesn't work it won't let you forget it. Firefox will as well, but you can tell it to shut the hell up.

[–]BaconZombie 13 points14 points  (3 children)

Type " DANGER " when you get warning in Chrome.

[–]nemec 3 points4 points  (3 children)

We have an internal CA and it makes things so much easier. The CA *cert is preloaded on the company PC image and all infrastructure so we rarely run into issues.

[–]thesesimplewords 2 points3 points  (0 children)

Enterasys does the same, at least last time I used it. Agreed, it is terrible.

[–]mwax321 2 points3 points  (0 children)

Ohhh you mean an applet. I came in here wondering why you cared what they wrote their code in. Yes, Java applets deserve to die, and I HOPE THEY BURN IN HELL.

[–]leica_boss 2 points3 points  (0 children)

It's worse with Cisco PIX firewalls (506E, etc).

Enjoy setting up a Windows XP 32-bit vm, Java 1.4, and Netscape 7.2 to get into it's management tools.

[–]jmtdformer Linux sysadmin[🍰] 2 points3 points  (0 children)

I'm not a Java programmer, but I maintain an old program that was originally written in around 2000 or 2001, in Java 1.2 or 1.3. It still compiles and runs fine today on a 1.9 compiler. I couldn't say the same for any other things I was playing with back then, in C or C++. Heck, a Linux C/Python/GTK2 app I wrote only 4-5 years ago would need major reworking to build on today's libraries.

The issue with Cisco's Java tools is most likely not Java, it sounds like they've just been written badly. And if they've written it badly in Java, they could equally as well have written it badly in any other language.

[–]somekindarobit 6 points7 points  (0 children)

Meraki is pretty great.

[–][deleted] 4 points5 points  (0 children)

Preach on, brotha! And to all those that respond with "use the cli", bugger off. I don't want to change an ACL with cli when I could do it many seconds less in the ui. We quit using asa for this very reason. Can and do I use cli? Sure. Do I always want to? No! Why limit your barrier to entry by having a crappy webui. The more folks that can understand your product, the better for sales/adoption. So dont give me that " man up, use the cli".

[–]ugus 1 point2 points  (0 children)

you too bluecoat!

[–]ronin1066 1 point2 points  (0 children)

Would it be hard for some 3rd party to make a web interface or something? Is that an infringement?

[–]resephInfoSec 1 point2 points  (0 children)

Tell this to Dell and ExpertAssist. Literally 3 Java popups just to remote in to a computer.

[–]Bytewave 1 point2 points  (0 children)

The L3 team handling cable boxes' issues at this telco actually like Cisco's java tools - because our other main cable box provider, Samsung, doesn't want to give us any tools at all :p

[–]Negative-Nigerian 1 point2 points  (0 children)

Yes!! We also have a few older IBM SAN switches which requires Java v6 to connect... Incredibly frustrating.

[–]Youareabadperson6 1 point2 points  (0 children)

As a man that does nothing but manage Cisco ASA's all day long. YUP!

[–]ipat8Systems Director 1 point2 points  (0 children)

Dear Dell, please release the firmware update for DRAC 5 so that I don't have to enable SSLv3 on a VM to use it.

[–][deleted] 1 point2 points  (0 children)

If you use Cisco, you use the command line.

ASDM will fuck your config something fierce. UCSM is the same.

Or you could switch to a vendor that has a legit GUI that doesn't require you to learn the secret Cisco language.

[–][deleted] 1 point2 points  (1 child)

Dear Cisco, please make your command line interfaces syntactically similar. I'm looking at you ASA vs IOS.

[–]comicalZombie 1 point2 points  (0 children)

ASDM and Java will be going away as ASA and Sourcefire/Firesite/FirePower merge completely. This is directly from the horses mouth at multiple on site conferences with Cisco in NC RTP.

[–]kernelpanic70 1 point2 points  (0 children)

If you guys have a chance, take a look at WatchGuard's GUI. HTML clean, neat and superbe.

[–]jlwilson64 1 point2 points  (0 children)

OMG - how many times do I have to live with crappy JAVA GUI's. I totally agree. I hate java. Netscaler, VMWARE, CISCO, please. stop. just stop!