One of the big controversies in the ‘evolution vs creation’ debate concerns the eyeball: people who don’t believe in evolution claim the eyeball is so fearsomely complicated a thing that how could it get to be both so complex, and so useful, by accident? Richard Dawkins demolishes this objection with stunning simplicity in Climbing Mount Improbable, and re-reading this recently has helped me understand a couple of trends in the humid jungle of network IT.
The central thesis of Climbing Mount Improbable is that just because you can see a sheer cliff surrounding one side of a problem (the fearsomely complicated eye being an excellent example of such a probability precipice), it doesn’t mean there might not be a nice, easy slope around the other side of it. In the context of evolution, these slopes represent rates of change, and the existence of a gradual slope means there’s no need to postulate a leap from no eyeball at all to the piercing stare of the buzzard all in one go. A very long series of very tiny changes is sufficient to explain how we got from a bacterium’s photosensitive spot to the super-specialised eyeballs you, I and the buzzard have. Or, in more general terms, you can get from the undifferentiated to the super-specialised by a sequence of small steps.
Where such arguments rang a bell in my head is in connection with my recent exploration of two related network areas; namely, firewalls and server consolidation. Bear with me a while and I’ll try to show you how thinking about the eye stalks of slugs is a good way to teach yourself to think about how to secure your network and cheapen its running costs.
I’ve been a fan of SmoothWall as a firewall product for a long time, but lately regular readers may have noticed me defecting, for my larger network deployments, to WatchGuard. The choice between these two products isn’t a matter of ‘this one good, that one bad’, but rather it’s all about a fine balance between various strengths and weaknesses. SmoothWall has always offered a natural way forward for those people who’ve recently evolved from primitive PC fiddlers into higher network nerds – it assists them in getting their heads around what exactly happens within a firewall.
To implement SmoothWall, you download the ISO image file from www.smoothwall.org (or from the PC Pro DVD), then dig up a PC of not too dubious a pedigree and feed the CD you created from that ISO image into it. After a few minutes of fiddling and writing down of relevant IP addresses, you have an operating firewall. There are only two serious criticisms of SmoothWall I can come up with when used this way. One of them is that, like a lot of long-term projects based on open-source development, its history has been made somewhat rocky by bickering and personality clashes (a spin-off from one of the bigger disputes is called IPCop and is largely American, whereas SmoothWall is largely British). My other criticism is that SmoothWall has caused me to buy about six sets of CD-labelling felt tips – you need to mark the Ethernet cards in your PCs as red and green in the simplest configuration, and some trick of memory always makes me remember to take the setup CD I made but forget the coloured sticky labels whenever I go somewhere to build a firewall.
By comparison, WatchGuard offers few rewards to the fiddler. To set one up, you’ll need a pre-existing Internet connection in order to complete product registration and get the latest software updates. The smaller WatchGuards act similarly to SmoothWall and SonicWALL and the other competitors at this scale, in that they show you a web page for you to set up your connection inside and then let you out, but the big ones don’t work that way. They present you with a ‘blank slate’ box for which you must build a configuration using a PC-based – and strangely laid-out – configuration utility, then upload this configuration to the box as a separate operation. Get it right and everything springs to life; get it wrong and you can quite easily lock yourself out of the configuration loop altogether.