Why, despite myself, I am not leaving Facebook. Yet.

As my Facebook friends and Twitter followers know, like many others I’m angry at Facebook. I haven’t written a blog post about it because so many others have been making most of my points so eloquently (forgive me for not linking to them). But I relent, and here it is anyway, in the form of responses to the criticisms of criticism that I keep hearing:

(1) Twitter’s public, where’s the rage against Twitter?

Here’s the difference, and it’s a big one: When I signed up for Twitter, like everyone else who signed up for a public Twitter account, I knew it was public. There was an easy box to click: private or public? It said right there that if I chose private my tweets wouldn’t appear in the public timeline. Now there may be some users who didn’t infer that if they picked public, their tweets would appear in that timeline, but Twitter was always above board from the start that a public twitter account meant decontextualized public display and searchability of your tweets. That has never changed. Some whom I really respect are upset with the Library of Congress archiving tweets, but I view the Library of Congress as a very different entity from the unknown agencies to whom Facebook sells our data and don’t think a tit-for-tat comparison makes sense.

When I signed up for Facebook in early 2006, it boasted of its strong privacy, of my ability to control who saw what. I used it as a place to share things I didn’t want publicly searchable. Now I’ve been teaching about the internet long enough to know not to post things anywhere that I don’t want in the newspaper, but it nonetheless felt like a safe place to target messages toward a known audience rather than the hundreds of strangers who follow me on Twitter.

And then they changed the rules. Regularly. Repeatedly. And every time they did it required more research to understand what they’d done and more unclicking to preserve the premises they’d offered when I signed up. I was President of The Association of Internet Researchers, I read articles about Facebook every day, I check my settings regularly, and I still can’t keep up and I still get confused.

Facebook has engaged in a bait and switch. They promised privacy, they encouraged us to invest our data in it and build connections on that premise, and then, when we had built networks that really mattered to us, they changed the rules. Which brings me to…

(2) If you think it’s so evil, just leave.

Don’t think I don’t think about it. Every day. I look with admiration and envy on my friends who have left. I’ve also watched sadly as several have returned. And I note above all that very few of my friends, who by nature of our professional connections are probably more attuned to these issues than most, have left. I don’t like supporting Facebook at all. But I do.

And here is why: they provide a platform through which I gain real value. I actually like the people I went to school with. I know that even if I write down all their email addresses, we are not going to stay in touch and recapture the recreated community we’ve built on Facebook. I like my colleagues who work elsewhere, and I know that we have mailing lists and Twitter, but I also know that without Facebook I won’t be in touch with their daily lives as I’ve been these last few years. I like the people I’ve met briefly or hope I’ll meet soon, and I know that Facebook remains our best way to keep in touch without the effort we would probably not take of engaging in sustained one-to-one communication.

I know that I don’t NEED these little interactions but I also know that I like them very much and that my daily life would be less fun without them. The rewards of Facebook are concrete and immediate. The costs are abstract and ideological. When I try to balance the two, the rewards win, but that is because of my friends and despite Facebook. It is not evidence that Facebook is acting appropriately. Telling people with complaints to leave ignores the very real value of the networks they have built and what should be their right to continue those networks on the grounds on which they were built.

(3) Facebook needs to make money.

I agree. Facebook should make money. But I have yet to hear a convincing case that their strategy of itemizing every bit of data we give them, repackaging it into groups of people into that thing or into profiles they can sell for advertising purposes is the best way to do this. I haven’t heard compelling arguments that it is the only way to do this. What I hear is “Facebook needs to make money. Facebook thinks they can make money this way. Ergo, this is the way Facebook can make money.” You know, I’d gladly pay a subscriber fee to opt out of being data mined, though I wouldn’t propose it as a sole solution since it would mean privacy is only for people who can afford it. It is sad that such creative minds can only think of one business model. Where’s the innovation?

(4) If you don’t want it shared, don’t share it.

Setting aside the assumptions of privilege that this claim entails (like the legitimate safety of marginalized and oppressed people who should have a right to affiliate though social networking sites without fear of being identified as dissidents, GLBT, etc), ‘if you don’t want to share it, don’t post it’ completely misses the point. The willingness to disclose all our data to marketers should not be required to socialize. Imagine if AT&T said “we’re going to track all your calls and all your networks and we’re going to store keywords you mention and personal connections in your profile we’ll sell to others so we can insert ads before and after your phone calls. And if your friend calls from another carrier, we’ll share that data with their carrier too.” People would be mortified, legislators would snap to attention, and most users would probably switch carriers. But there is no other Facebook. We can’t switch carriers. We can only give up what we have now and go back to what we had before. You might say, “but you pay for AT&T” which brings me back to #3: Paying for Facebook with money is not an option.

So for now I’ve decided I am better off fighting the system from within. I AdBlock the ads, I have removed almost all my connections. My info is nearly empty. My settings are as locked down as I can figure out how to make them. Like many of my friends, my contributions to the site are increasingly pithy. Most of my posts these days serve to inform my friends who are not obsessed with the ethics of Facebook about what bad behaviors they’re up to this week. Using Facebook with the rules I signed on for makes me a subversive user. That’s wrong.

What I want is a Facebook that is premised on a belief that first and foremost human relationships are valuable and sacred, not the ground on which money trees grow, but that if the value of relationships is genuinely nurtured, there will be ways to earn money.

I want a Facebook that really believes that people have a right to select how their information will be shared, instead of a belief that they’re too dumb to figure it out if the settings are too confusing so it’s okay to dupe them.

I want a Facebook that can find creative ways to make a profit using the rules they originally set for their own game.

I want an ethical Facebook.

That shouldn’t be too much to ask.

22 Ways to Adjust Privacy Settings In Facebook

Keep Facebook safe by changing your Privacy 

Uncovered for you are 22 privacy settings you can change to keep your private information safe when networking on Facebook. When you join a site like Facebook you take the chance of letting your private information run wild. By adjusting your privacy settings you'll find that the Internet can be a safe, and very fun, place.

You're able to change your personal profile information privacy settings, photo and video privacy settings, keep your personal information secure, and decide who can contact you or see your profile and who can't. Start adjusting your Facebook privacy settings by going tothe privacy settings page in your Facebook account page. Now you're ready to start making your privacy settings more, or less, secure.

Profile, Privacy Settings
Go to: Privacy -> Profile -> Basic

Adjust who can see your profile information. You have four choices; My Networks and Friends, Friends of Friends, Only Friends, or you can create customized settings. The parts of your profile you can change privacy settings for here are:

• Profile 
• Basic Info 
• Personal Info 
• Status Updates 
• Photos Tagged of You 
• Videos Tagged of You 
• Friends 
• Wall 
• Education Info 
• Work Info

Photos, Privacy Settings
Go to: Privacy -> Profile -> Basic -> Edit Photo Albums Privacy Settings

Edit privacy settings for each photo you have on your Facebook profile individually. Every single photo can have it's privacy settings changed separately. Choose to have everyone see your photo, only networks and friends, friends of friends, only friends or you can customize your privacy settings for each photo.

Personal Information, Privacy Settings
Go to: Privacy -> Profile -> Contact Information

Adjust who can see your more personal information. You may want to go change this one right now. These are things like:

• IM Screen Name 
• Mobile Phone Number 
• Other Phone Number 
• Current Address 
• Your Website 
• Your Email Addresses

Searching For You, Privacy Settings
Go to: Privacy -> Search

These privacy settings will determine who can search for you and find you on Facebook. If you leave the choice at "anyone" then everyone can find you on Facebook. You can even choose to have your Facebook profile entered into search engines if you really want to be found.

Contact Information, Privacy Settings
Go to: Privacy -> Search

When you want your Facebook profile to be private then you need to change some of these privacy settings. They determine what someone can see when they come across your Facebook profile, but are not yet your friends. They also make it so non-friends can contact you, or make is so they can't. These are the privacy settings you have under contact information:

• See Your Picture 
• Send You a Message 
• Add You As a Friend 
• View Your Friend List

Seeing a Twitter #Hashtag Spread

#CheeringForTheYankeesIsLike is a hashtag created by @mattsly the morning of October 26th. He submitted the following snarky message – ‘Go Phillies. #CheeringForTheYankeesIsLike hoping investment bankers get really huge bonuses of at least 8 figures‘ – hoping to entertain his friends, and possibly get others to participate. Matt had 182 followers at the time, not sizeable by any means on Twitter. Little did he expect that some 9 hours later, 271 different users, most of whom have no connection to him whatsoever, would participate, posting around 500 messages in total.


How did this happen and what prompted this message to spread?

#CheeringForTheYankeesIsLike

About an hour after Matt sent out his first message, one of his followers, @lizzieohreally, wrote the following message ‘@jaketapper? @abcdude? …Hoping someone w/ more Twitter than I can help popularize #CheeringForTheYankeesIsLike (via @mattsly)‘. Lizzie clearly understood that in order to get many others to play, she would have to get someone with a large set of followers to participate. Lizzie had only around 500 followers at the time, so posted this message in an attempt to seek @jaketapper or @abcdude’s attention.

Sure thing, some twenty minutes later, @abcdude see’s the message and adds his own variation to the meme: ‘#cheeringfortheyankeesislike pulling for Regina George in “Mean Girls.”‘ He enjoys it so much that he promptly posts another message and attaches the hashtag. @abcdude is a new york based correspondent for ABC news. He dubs himself a RedSox fan and a cosmic power broker. Not as cosmic as Lizzie had hoped, but still, he has some 7,000 followers, which could certainly help give the meme some traction. We see a small spike after @abcdude’s participation, and by now, some 3 hours after Matt sent the original message, there have been 34 different messages posted with this unique hashtag.

But it wasn’t until @jaketapper joined in that the conversation really took off. The hashtag came to Jake’s attention after @DetourJazz, whom he follows, participated. Jake reacted by posting:  ’RT @DetourJazz: #cheeringfortheyankeesislike rooting for “Craterface” in Grease to beat Danny (via @Laura_Martin)’. He then added a new message that he posted to his followers. Jake is a senior White House correspondent for ABC news with over 30,000 followers. Before he took part in this meme, new posts appeared at a frequency of one every 5 minutes. Immediately after he joined, we see a sharp rise in participation, with multiple messages from a variety of users every minute.

Seeing it Spread

1. Graphing the Network – Every user who participated in the meme is represented by a gray circle (Matt, whom first started the meme, is shown in yellow). Edges represents the person who most likely influenced the other to first participate.

2. Seeing the Flow – in this applet, a user is represented by their twitter icon. As the timeline moves forward, each profile lights up when they post a new message with the hashtag. Tthe moment that @jaketapper chose to participate is evident – there’s a clear, sudden spike in participation after his profile picture lights up.

3. Seeing the distance – the following applet highlights the total social distance that this hashtag traveled between users. Each user is represented by a circle, the more influence a user has, the larger their circle is drawn. Edges in this example represent the social ties – when there’s a follower/friend relationship between two users, a line is placed between their representation on the screen. The first column includes only Matt who first used the hashtag. The second row consists of only those people he directly influenced to participate (his followers). While there are a total of 9 columns, it is crystal clear that the most important phase happened in the second and third column, when a core cluster of users chose to participate, and a mini tipping point was reached.

Parsing the Data

#CheeringForTheYankeesIsLike lasted for a total of 9 hours that day, activated 271 different users and included around 500 messages in total. From looking at this meme, it is clear that on Twitter, there’s great advantage to having many followers if one intends to spread a message. It is also clear that having the right followers is key. If it were not for @lizzieohreally who knew to actively pass the message onwards to heavy Twitter users, the meme would never have spread out the way it did. In order to come to these conclusions it was necessary for me to look at social ties in addition to the semantics of the messages posted.

I used the Twitter API to discover the follower/friend relationships between all users who participated in this meme. This is extremely important  data, especially when modeling  the flow of participation and influence within this hashtag. For example, lets look at a simple case where user B follows user A. If user A first participates and is followed by user B participating, user A is rewarded some number of influence points – this is assuming user B saw the hashtag posted by user A, and decided to participate. Additionally, if a user is retweeted or ‘@’ messaged they are rewarded some number of influence points. Real life situations can easily become complicated, as user B might also be following user C, who participated in the meme as well. Now how do we know if user B was influenced by user A or user C? Hard to tell, but we can build an influence model that takes these situations into account, which is exactly what I did.

Translating the semantics and social ties from the dataset into a visual language that made sense was key to helping me understand this hashtag experiment. I am a big fan of visualization as a means to parse large datasets, however dealing with social, implicit data is tricky, and extremely challenging to represent visually. But when done right, these representations can shine a whole new light and hopefully help us better understand some of the dynamics at play.

[tags] design, interactive, processing, twitter, visualization | [/tags]

Facebook Diss|Like: Designing Digital Warning Signs

Like many friends, I have been horrified to see Facebook take aggressive measures to make as much of its content publically available. Since its shift in privacy defaults last December, Facebook has been working diligently to take away our privacy in an attempt to ‘colonize’ the web’s social graph (as Kara Swisher suggests). It is now ridiculously easy for any website to embed Facebook functionality, and thus personalize its experience per visiting user. Truth is, I am torn; torn between hating Facebook as a user and excited for the opportunity as a web entrepreneur; mostly excited at the prospect of creating compelling, contextualized socially-rich user experiences. And as much as I despise Facebook, I will not delete my account.



I am sure I’m not the only one who feels this way, since ceasing to exist on Facebook so will drastically reduce my ability to communicate with many friends. And this gets to the crux of the challenge: are we so addicted to Facebook that we can’t tell whats good for us anymore? Is Facebook an Evil? Are they trying to Monopolize the social web? All of the above??

Last December, Facebook broke the social “contract” that we all signed up for by changing its privacy defaults. It switched the context right under our noses, prompting some 65% of users to go public without even knowing it. Many users still have no clue how visible their profile information and photos are (we all know how unintuitive FB privacy controls are). While this is totally unacceptable behavior and places some users in potentially risky situations, I can’t help but also look at the flip side. Facebook is on its way to becoming the first truly global social network platform that has potential to fundamentally change the way we experience the web. By placing social information in context and not in a single, aggregated feed, Facebook might actually succeed at creating some fantastically useful socially-aware and personalized browsing experiences. All that simply traded for our privacy!
Well, not so simple.

Some think that it is possible to bring the demise of Facebook by creating applications that will scare users; creepy apps that know way too much about you. While this might make headlines, it is unlikely that such an approach will prove to be successful in the long term. As a society, we’ve become so hooked on Facebook, that we are willing to take potential future risks in return for current socializing. And realistically, unless I were a hormone-fluctuating, socially uncomfortable teen, what content could your app possibly surface that is so detrimental to my life?

Raul Pacheco hits the spot when he writes that Facebook’s actions are ‘not enough for us to care’:

There has been a lot of debate online about how Facebook keeps making it more difficult for users to keep their privacy. My question to everyone is — if Facebook is that “evil,” why are we all still using it? Why not be completely democratic and demonstrate (with our vote, e.g. with our not having a Facebook account) that this loss of privacy is unacceptable?
The answer is — because not enough of us care. If the millions of users of Facebook really cared that much about their privacy, they would make the Big Brother/Sister accountable. But in a society that is valuing privacy less and less, accountability has become an afterthought and not mainstream. Sadly, that also means that we have lost the power of protecting our privacy to commercial interests.

I wouldn’t say that Facebook users don’t care about privacy. I just think that many don’t care enough to be obsessing and worrying about potential future risks. Even if one recognizes a slightly riskee photo or comment, it is tempting to just leave online, as the fun of social interaction trumps the thought about potential future uncomfort. While these types of actions most likely don’t affect users in the near term, there are two things that we should be aware of: (1) the consequences of our actions onto others, and (2) the long term implications of sharing our data.

This is where User Experience Design can play a significant role, as we are facing an extremely difficult design challenge. We need to create a visual language that helps users understand these potential risks taken by making content visible. Not unlike the automobile association in West London who set the first warning signs on roads in 1908, or the cigarette manufacturers who were mandated to highlight the medical issues correlated with smoking, we need to figure out best practices to display potential risks without scaring users away. We need to design digital warning signs that keep attracting people’s attention and not fade into the background. We should be aware of our privacy controls at all times – perhaps by placing icons of just how many people can see an item before it is submitted.

I shouldn’t have to dive into complicated settings that give the fiction of privacy control but don’t — since they’re so hard to understand that they’re ignored. I shouldn’t need a flowchart to understand what friends of friends of friends can share with others. Things should be naturally clear and easy for me . . .

Would you like to see your dad, teacher and ex-girlfriend’s icons next to an item before submitting it? Probably not.
Is there a system that can helps us visualize the audience to which we are writing? That’s something users don’t want to see, and thus a challenging design problem.

There is a growing need for applications that help us understand our personal online brand: how we are portrayed online, and what potential risks we face. What’s the equivalent of an anti-virus application, that instead of protecting our computer, protects our online persona? We need something that can warn us when a risky action was taken online (either by us or our within our social network).

Facebook’s new APIs makes is super easy for web developers to build on top of its social graph. Almost too easy. By embedding widgets in the form of like buttons and status update boxes, websites can easily personalize their views according to you. For a growing number of services, this is done without even requiring users to login. For example, on likebutton.me you will see your Facebook friend’s activities from a variety of websites, as long as have previously logged into Facebook. A central listing of what my friends recommend, separated by topics. Creepy, but potentially useful.

The same type of connection happens with both yelp and pandora. At first feels creepy, yet as an experience, potentially something we may get used to, or even like.

Here are two examples where things can get out of hand:
(1) There are Facebook “community pages” that automatically add any status updates that include the page keyword. From CIA and FBI to Terrorism, they’ve got it all, with your name and thoughts right there, thanks to your inability to understand their privacy defaults! As a user, without even knowing it, your name is automatically associated with a community that algorithmically formed around a used keyword.

(2) It is dead simple to create Evil “Like” Buttons – by hacking the button to point to another page. Again, adding the risk that our usernames would be associated with something we are not aware of.

As a User Experience designer my task is to think about users first, place them in the center of my design, protect them, respect their needs, and help them accomplish whatever they come to do in the best possibly way. However, Informing users of privacy hazards is a difficult design challenge, one that Facebook obviously doesn’t want to handle. As web entrepreneurs, should we be leveraging this powerful yet scary technology that Facebook has enabled?
If so, how do we warn our users without scaring them away? How do we show users what they don’t really want to see or deal with? How can we warn of risks that only affect the far future?

We should also ask ourselves if regulation is needed. And if so, what would it look like and how it might further complicate the matter?

IOS Tips and Tricks

Introduction

There are some helpful things we can do with Cisco’s IOS to make our lives easier. I will present
some useful commands, followed (in parentheses) by their most concise shortcuts (at the time of this writing).

But we begin, please note that nothing requires you to use the briefest shortcuts. For example, many people
shortcut the command configure terminal as conf term, config t, or config term. You can find the
shortcuts you like, and use them. Remember that when shortcutting commands, you can only shortcut the key-
words, not the variables (such as names or IP addresses). Finally, don’t forget that you can use the “Tab” key to
complete keywords (but not variables, of course).

Also note that although this white paper is illustrating these commands on a router, they also work on the IOS-
based switches. With these basics in mind, let’s move on to some ways to streamline our work environment.

User versus Privileged Mode

As you may know, when interacting with IOS from the command line interface (CLI), there are two main EXEC
modes, user and privileged (the latter is also referred to as enabled mode). In user mode, you can do
limited examination of the device (via show commands), and the prompt appears as the device’s hostname
(Router in this example) followed by the greater-than (>) symbol:

• Router>

In contrast with user mode, in privileged mode you can see everything the device is capable of displaying
(via show commands), access the various configuration modes, and execute the copy and debug commands,
among others. To access privileged mode, use the command enable:

• Router>enable (“en”)

• Router#

As you can see, when in privileged mode, the hostname is followed by the pound sign (#). If necessary, you can
move from privileged mode back to user mode with the disable command:

• Router#disable (“disa”)

• Router>

You can enter global configuration mode from privileged mode:

• Router#configure terminal (“conf t”)

• Router(config)#

Hostname Lookup

By default, if you mistype a command, the router will attempt to resolve it as a hostname via DNS. This will ulti-
mately fail if there is no DNS server available, but it will take time (behind the scenes it makes twelve attempts).
To speed things up, you can tell the device not to bother, like this:

• Router(config)#no ip domain-lookup (“no ip domain-lo”)

Speaking of name-to-address resolution, you can manually build a host table that allows you to use the IP utili-
ties (ping, trace, telnet, etc) by host name:

• Router(config)#ip host Big_Switch 1.2.3.4

• Router(config)#ip host SmallSwitch 10.20.30.40

• Router(config)#ip host TFTP-Server 100.200.50.150

Once you’ve created it, you can display the host table:

• Router#show host (“s ho”)

Console Messages & Terminal Commands

When various events occur, the device will display informational messages on the console. If you’re annoyed by
these console messages, you can shut them off:

• Router(config)#no logging console (“no logg con”)

Unfortunately, if you disable console logging, you won’t receive any more of those very informative console
messages! Nor will you see any debug output, even if debugs are running. I suggest that a better way is to leave
the console logging enabled (logg con), and synchronize the console output with your typing, like this:

• Router(config-line)#logging synchronous (“logg s”)

Now if a console message appears while you are typing, it will display the message, and then re-display your
input right where you left off, so that you can keep typing. It’s the best of both worlds.

In a lab environment, it’s sometimes handy to disable the inactivity timeout for the console line (the default set- ting is ten minutes):

• Router(config)#line console 0 (“lin c 0”)

• Router(config-line)#exec-timeout 0 (“exec-t 0”)
It also works for the aux and vty lines. You can also use no exec-timeout, but be careful not to shortcut it to
no exec, which shuts off the EXEC process, preventing future logins via the line. I made this mistake once, so I
don’t recommend it.

Aside from saving a router or switch configuration to NVRAM, it’s always a good idea to have a backup copy of your current configuration in a separate location in case the device bursts into flame and needs to be replaced.
You can do this with copy run tftp (or similar), but this requires a file server.

Another way is to do a show run, and capture the output to a file. The problem is that as the config is dis-
played, it will give the “more” prompt every 24 lines (by default). You can disable the “more” function like this:

• Router#terminal length 0 (“ter l 0”)

Now you can do the show run (or whatever) and obtain a continuous output stream. When you’re done with
the capture, don’t forget to reset the terminal length to enable the “more” function:

• Router#terminal length 24 (“ter l 24”)

And speaking of termina commands, remember that to see console messages and debug output in a vty ses-
sion (telnet or SSH) or the aux port, you have to specifically request it from within the session:

• Router#terminal monitor (“ter mon”)

Debugs

While we’re on the subject of debugs, you can display a list of all of the debugs that are currently running:

• Router#show debugging (“s deb”)

And you can disable all of the running debugs with:

• Router#no debug all (“no deb all”)

To save a few keystrokes, you can also do it like this:

• Router#undebug all (“u all”)

Config Commands

To see the startup config (stored in NVRAM):

• New#show startup-config (“s start”)
• Old#show config (“s conf”)
Note that show config does not display the running config, it displays the startup config. To erase the startup
config:

• New#erase startup-config (“erase start”)

• Old#write erase (“wr er”)

To display the running config (also referred to as the active or current config):

• New#show running-config (“s run”)

• Old#write terminal (“wr t”)

To save the running config to NVRAM:

• New#copy running-config startup-config (“copy run start”)

• Old#write memory (“wr”, you don’t need the “mem”)

Although Cisco no longer officially endorses the old commands (due to confusion over what “show config”
does), you might see “old-timers” using them, especially “wr”. Why type fourteen or so keystrokes (“copy run
start”) when two (“wr”) will do?

Speaking of configurations, to display only the lines of the running config that contain a specific alphanumeric
string (such as “rip”), “pipe” it into “include”:

• Router#show run | include rip (“s run | in rip”)

The pipe (redirect) symbol (which looks like a vertical bar) is often found as a shifted backslash, above the
Enter key. To display the section of the running config that begins with a specific alphanumeric string (for
example, “ospf”), pipe it into begin:

• Router#show run | begin ospf (“s run | beg ospf”)

Among other options, you can also do an exclude (show all lines that do not include the string). Use the ques-
tion mark to see the other options:

• Router#s run | ?

• Router#s start | ?

Note that the include, begin and exclude options are case-sensitive. To display the section of the running
config for a specific interface or subinterface, you could pipe it into begin, but you have to identify the interface
exactly as it appears in the config:
• Router#s run | beg FastEthernet0/0

The problem with this is that you can’t shortcut the interface type (for example, “fa”), and the search string is
case-sensitive. A slicker way to display the interface-specific config info is:

• Router#s run int fa0/0

When you use this option, it’s not case-sensitive, and you don’t have to bother with the pipe. Although you can
shortcut it, you do have to be precise when specifying the interface identifier. For example, if you want to display
the Serial 1/2.345 subinterface config, this will work:

• Router#s run int s1/2.345

But this will not:

• Router#s run int s1/2.3

As always, no shortcutting of variables! These options also work when viewing the startup config. And
speaking of show start, you can also display the startup config with line numbers, which can sometimes be
handy when reviewing or discussing it:

• Router#s start linenum (“s star li”)

As with show run, you can use the question mark with show start to see any other available options:

• Router#s run ?

• Router#s star ?

Some IOS features require PKI certificate data, which appears in the running config as a large block of nonsense
text. To bypass the PKI certificate data when displaying the running config, use the brief option:

• Router#s run brief

Remember, when the output of any show command displays –More– at the bottom, you have several options:

• To see the next line, hit the Enter key

• To see the next screen, hit the spacebar

• To return to the CLI prompt, hit any other alphanumeric key

Keyword “Do” Commands

With recent versions of IOS you can execute privileged mode commands from the various config modes by
prefacing the command with the keyword do. Here are some examples:

• Router(config)#do show running-config (displays the running config)

• Router(config-if)#do sh start (displays the startup config)

• Router(config-line)#do copy run start (saves the running config to NVRAM)

• Router(config-ext-nacl)#do wr (also saves the running config to NVRAM)

• Router(config-subif)#do ping 1.2.3.4

• Router(config-router)#do trace 10.20.30.40

Unfortunately, once you’ve gotten into the habit of typing do to the point where you can’t type a command
without it, you’ll find that if you try to use it from user or privileged mode, it doesn’t work:

• Router>do show interface (this doesn’t work)

• Router#do sh run (neither does this)

• Router#do wr (nor this)

Changing Interfaces

On a related topic, you can move from a subordinate config mode, such as config-if or config-router, to
global config mode (GCM) with the exit command:

• Router(config-if)#exit

• Router(config)#

In other words, exit took us one level up. You can also move from a subordinate mode to GCM by executing
any GCM command. Note how this moves us to GCM, executes the command, and leaves us in GCM:

• RouterA(config-router)#hostname RouterB

• RouterB(config)#

You can also jump from one subordinate config mode to another:

• Router(config-if)#router rip

• Router(config-router)#

Note that if you jump from one interface to another, the prompt doesn’t change, but you’re wherever you last
told the router to be:

• Router(config)#int fa0/0 (places us into interface config mode for fa0/0)

• Router(config-if)#shutdown (shuts down fa0/0)

• Router(config-if)#int s1/1 (moves us to serial 1/1)
• Router(config-if)#shut (shuts down serial 1/1)

Since the prompt does not indicate which interface you’re configuring, if at any time you’re not sure where you
are, execute the commands necessary to put yourself back where you need to be. This applies to routing proto-
cols, as well, for which the prompts all appear as config-router:

• Router(config)#router rip (places us into router config mode for RIP)

• Router(config-router)#version 2 (selects RIP v2)

• Router(config-router)#router ospf 1 (moves to OSPF process 1)

• Router(config-router)#router-id 1.2.3.4 (configures router ID for OSPF 1)

Tab Key Completion

Online help and tab-key completion for a command are only available at the native prompt for that command.
For example, this will display the available IP routing protocols:

• Router(config)#router ?

But this will not:

• Router(config-if)#router ?

Likewise, this will display the interface types:

• Router(config)#int ?

But you can’t display the interface types from within interface config mode:

• Router(config-if)#int ?

The tab key will work here, displaying interface as the complete keyword:

• Router(config)#int

But not here:

• Router(config-router)#int

Reloads & Restarts

To get a router to begin using the new IOS after an upgrade, you either have to power-cycle it or execute the
privileged mode reload (software restart) command:

• Router#reload

Let’s imagine that we’ve established a Telnet (or SSH) session to a router for some remote-control configuration.
What if we make a mistake that not only terminates our session, but also prevents us from reconnecting, such
as a misconfigured access list? The result could be a CLE (Career-Limiting Event).

To prevent this, we connect to the router, instruct it to perform a reload in five or ten minutes, then make the changes to the config. Assuming that all goes well, we save the config, and cancel the reload. If, on the other
hand, all does not go well (and we cut ourselves off), the scheduled reload will occur. After the router reboots, it
will come up with the old config, allowing us to reconnect and try again.

You can schedule reloads for the future by using the in option. For example, to reload five minutes from now:

• Router#reload in 5
You can also reload at a certain time and date with the at option. For example, to reload on August 31 at 1:00 am:

• Router#reload at 1:00 31 august

To display a reload scheduled via the in or at options:

• Router>show reload (“s rel”)

When there is one minute remaining before the scheduled shutdown, the system will display messages to all ac-
tive lines (console, aux, and vty). The system will also display a message just prior to the reload, but at that point
it’s too late to stop the reload from occurring.

To cancel a scheduled reload:

• Router#reload cancel (“rel can”)

You should see a message confirming that the shutdown was aborted. Make sure that you see this message,
because if you mistyped the “cancel” command, the reload clock is still running. Note that you can view a
scheduled reload from user mode, but you must be in privileged mode to schedule or cancel a reload.

Traceroute

Every programmer thinks that his or her way of doing things is the best way, but I often wish that they would
make a little more effort to be consistent. A case in point is the Traceroute command, which exploits the TTL
field in the IP header to determine the routers traversed on the way to a specified destination. Like UNIX, the
Cisco IOS implementation of Traceroute uses UDP with high port numbers, whereas Microsoft’s implementation
uses ICMP Echo Requests (“Pings”). The result of this is that a trace from a Cisco machine may make it through
firewalls and router access lists, while a trace from a Microsoft machine may not, or vice-versa.

Another difference is that Cisco’s command is traceroute (which can be shortcut as trace or even tr) and Micro-
soft’s command is tracert, which can’t be shortcut at all. What makes this really annoying is that Cisco’s trace-
route (or trace or tr) and the like don’t work on a Microsoft machine, and Microsoft’s tracert doesn’t work on
Cisco. This means that if you work in a mixed Cisco/Microsoft environment (as lots of us do), you have to think
about which machine you’re on every time you do a trace.

Cisco has given us a way around this, though … the alias. What we can do is set up an alias on the Cisco, so
that typing the Microsoft tracert command on a Cisco machine will invoke the Cisco traceroute. First, create the alias:

• Router(config)#alias exec tracert traceroute

Now, whenever the router (or switch) sees the string tracert from an Exec prompt (that is, user or privileged
mode), it substitutes the string traceroute in its place. You can now execute the tracert from user or privileged
mode:
• Router>tracert 1.2.3.4

From privileged mode you can also invoke the extended tracert, which like extended ping, will prompt you for
additional information. Granted, we’ve just “dumbed-down” Cisco IOS to the Microsoft level with regard to
trace, but at least now tracert will work on both platforms. The other option, as mentioned before, is to just use
tra on a Cisco and tracert with Windows.

By the way, if you work in a Microsoft environment, don’t forget about the Windows pathping command
which is similar to Cisco’s extended trace, but using ICMP echoes, of course. Try this on a Windows machine:

• C:\WinXP>pathping /?

Alias

The alias feature of IOS can be used for other things. For example, if you make frequent use of the show ip
ospf neighbor detail command, you might have discovered that you can shortcut it, like this:

• Router#s ip o n de

Or, you could set up an alias, such as siond, from global config mode:

• Router(config)#alias exec siond show ip ospf neighbor detail

Now you can use siond (or whatever you set up) in place of the full-blown command, including any options,
such as:

• Router#siond fa0/0

To display what a particular alias represents:

• Router#siond? (with no space between the alias and the question mark)

To display all existing aliases:

• Router#s alias

And, of course, to delete an alias, precede it with “no” in global config mode:

• Router(config)#no alias exec siond show ip ospf neighbor detail

Summary

These are just a few ways that IOS commands can help streamline your work, and give you more insight to your system. Note that the shortcuts shown here are not necessarily the most concise possible. Use the question mark option to find shortcuts that you like, and use them.

IOS Tips and Tricks

Introduction

There are some helpful things we can do with Cisco’s IOS to make our lives easier. This white paper will present
some useful commands, followed (in parentheses) by their most concise shortcuts (at the time of this writing).

But we begin, please note that nothing requires you to use the briefest shortcuts. For example, many people
shortcut the command configure terminal as conf term, config t, or config term. You can find the
shortcuts you like, and use them. Remember that when shortcutting commands, you can only shortcut the key-
words, not the variables (such as names or IP addresses). Finally, don’t forget that you can use the “Tab” key to
complete keywords (but not variables, of course).

Also note that although this white paper is illustrating these commands on a router, they also work on the IOS-
based switches. With these basics in mind, let’s move on to some ways to streamline our work environment.

User versus Privileged Mode

As you may know, when interacting with IOS from the command line interface (CLI), there are two main EXEC
modes, user and privileged (the latter is also referred to as enabled mode). In user mode, you can do
limited examination of the device (via show commands), and the prompt appears as the device’s hostname
(Router in this example) followed by the greater-than (>) symbol:

     •  Router>

In contrast with user mode, in privileged mode you can see everything the device is capable of displaying
(via show commands), access the various configuration modes, and execute the copy and debug commands,
among others. To access privileged mode, use the command enable:

     •  Router>enable (“en”)

     •  Router#

As you can see, when in privileged mode, the hostname is followed by the pound sign (#). If necessary, you can
move from privileged mode back to user mode with the disable command:

     •  Router#disable (“disa”)

     •  Router>

You can enter global configuration mode from privileged mode:

     •   Router#configure terminal (“conf t”)

     •   Router(config)#

Hostname Lookup

By default, if you mistype a command, the router will attempt to resolve it as a hostname via DNS. This will ulti-
mately fail if there is no DNS server available, but it will take time (behind the scenes it makes twelve attempts).
To speed things up, you can tell the device not to bother, like this:

     •   Router(config)#no ip domain-lookup (“no ip domain-lo”)

Speaking of name-to-address resolution, you can manually build a host table that allows you to use the IP utili-
ties (ping, trace, telnet, etc) by host name:

     •   Router(config)#ip host Big_Switch 1.2.3.4

     •   Router(config)#ip host SmallSwitch 10.20.30.40

     •   Router(config)#ip host TFTP-Server 100.200.50.150

Once you’ve created it, you can display the host table:

     •   Router#show host (“s ho”)

Console Messages & Terminal Commands

When various events occur, the device will display informational messages on the console. If you’re annoyed by
these console messages, you can shut them off:

     •   Router(config)#no logging console (“no logg con”)

Unfortunately, if you disable console logging, you won’t receive any more of those very informative console
messages! Nor will you see any debug output, even if debugs are running. I suggest that a better way is to leave
the console logging enabled (logg con), and synchronize the console output with your typing, like this:

     •   Router(config-line)#logging synchronous (“logg s”)

Now if a console message appears while you are typing, it will display the message, and then re-display your
input right where you left off, so that you can keep typing. It’s the best of both worlds.

In a lab environment, it’s sometimes handy to disable the inactivity timeout for the console line (the default set- ting is ten minutes):

     •   Router(config)#line console 0 (“lin c 0”)

     •   Router(config-line)#exec-timeout 0 (“exec-t 0”)                                               

It also works for the aux and vty lines. You can also use no exec-timeout, but be careful not to shortcut it to 

no exec, which shuts off the EXEC process, preventing future logins via the line. I made this mistake once, so I 

don’t recommend it. 

Aside from saving a router or switch configuration to NVRAM, it’s always a good idea to have a backup copy of your current configuration in a separate location in case the device bursts into flame and needs to be replaced. 

You can do this with copy run tftp (or similar), but this requires a file server. 

Another way is to do a show run, and capture the output to a file. The problem is that as the config is dis- 

played, it will give the “more” prompt every 24 lines (by default). You can disable the “more” function like this: 

     •   Router#terminal length 0 (“ter l 0”) 

Now you can do the show run (or whatever) and obtain a continuous output stream. When you’re done with 

the capture, don’t forget to reset the terminal length to enable the “more” function: 

     •   Router#terminal length 24 (“ter l 24”) 

And speaking of termina commands, remember that to see console messages and debug output in a vty ses- 

sion (telnet or SSH) or the aux port, you have to specifically request it from within the session: 

     •   Router#terminal monitor (“ter mon”) 

Debugs 

While we’re on the subject of debugs, you can display a list of all of the debugs that are currently running: 

     •   Router#show debugging (“s deb”) 

And you can disable all of the running debugs with: 

     •   Router#no debug all (“no deb all”) 

To save a few keystrokes, you can also do it like this: 

     •   Router#undebug all (“u all”) 

Config Commands 

To see the startup config (stored in NVRAM): 

     •   New#show startup-config (“s start”) 

     •   Old#show config (“s conf”) 

Note that show config does not display the running config, it displays the startup config. To erase the startup 

config: 

     •   New#erase startup-config (“erase start”) 

     •   Old#write erase (“wr er”) 

To display the running config (also referred to as the active or current config): 

     •   New#show running-config (“s run”) 

     •   Old#write terminal (“wr t”) 

To save the running config to NVRAM: 

     •   New#copy running-config startup-config (“copy run start”) 

     •   Old#write memory (“wr”, you don’t need the “mem”) 

Although Cisco no longer officially endorses the old commands (due to confusion over what “show config” 

does), you might see “old-timers” using them, especially “wr”. Why type fourteen or so keystrokes (“copy run 

start”) when two (“wr”) will do? 

Speaking of configurations, to display only the lines of the running config that contain a specific alphanumeric 

string (such as “rip”), “pipe” it into “include”: 

     •   Router#show run | include rip (“s run | in rip”) 

The pipe (redirect) symbol (which looks like a vertical bar) is often found as a shifted backslash, above the 

Enter key. To display the section of the running config that begins with a specific alphanumeric string (for 

example, “ospf”), pipe it into begin: 

     •   Router#show run | begin ospf (“s run | beg ospf”) 

Among other options, you can also do an exclude (show all lines that do not include the string). Use the ques- 

tion mark to see the other options: 

     •   Router#s run | ? 

     •   Router#s start | ? 

Note that the include, begin and exclude options are case-sensitive. To display the section of the running 

config for a specific interface or subinterface, you could pipe it into begin, but you have to identify the interface 

exactly as it appears in the config: 

  •   Router#s run | beg FastEthernet0/0 

The problem with this is that you can’t shortcut the interface type (for example, “fa”), and the search string is 

case-sensitive. A slicker way to display the interface-specific config info is: 

     •   Router#s run int fa0/0 

When you use this option, it’s not case-sensitive, and you don’t have to bother with the pipe. Although you can 

shortcut it, you do have to be precise when specifying the interface identifier. For example, if you want to display 

the Serial 1/2.345 subinterface config, this will work: 

     •   Router#s run int s1/2.345 

But this will not: 

     •   Router#s run int s1/2.3 

As always, no shortcutting of variables! These options also work when viewing the startup config. And 

speaking of show start, you can also display the startup config with line numbers, which can sometimes be 

handy when reviewing or discussing it: 

     •   Router#s start linenum (“s star li”) 

As with show run, you can use the question mark with show start to see any other available options: 

     •   Router#s run ? 

     •   Router#s star ? 

Some IOS features require PKI certificate data, which appears in the running config as a large block of nonsense 

text. To bypass the PKI certificate data when displaying the running config, use the brief option: 

     •   Router#s run brief 

Remember, when the output of any show command displays –More– at the bottom, you have several options: 

     •   To see the next line, hit the Enter key 

     •   To see the next screen, hit the spacebar 

     •   To return to the CLI prompt, hit any other alphanumeric key 

Keyword “Do” Commands 

With recent versions of IOS you can execute privileged mode commands from the various config modes by 

prefacing the command with the keyword do. Here are some examples: 

     •   Router(config)#do show running-config (displays the running config) 

     •   Router(config-if)#do sh start (displays the startup config) 

     •   Router(config-line)#do copy run start (saves the running config to NVRAM) 

     •   Router(config-ext-nacl)#do wr (also saves the running config to NVRAM) 

     •   Router(config-subif)#do ping 1.2.3.4 

     •   Router(config-router)#do trace 10.20.30.40 

Unfortunately, once you’ve gotten into the habit of typing do to the point where you can’t type a command 

without it, you’ll find that if you try to use it from user or privileged mode, it doesn’t work: 

     •   Router>do show interface (this doesn’t work) 

     •   Router#do sh run (neither does this) 

     •   Router#do wr (nor this) 

Changing Interfaces 

On a related topic, you can move from a subordinate config mode, such as config-if or config-router, to 

global config mode (GCM) with the exit command: 

     •   Router(config-if)#exit 

     •   Router(config)# 

In other words, exit took us one level up. You can also move from a subordinate mode to GCM by executing 

any GCM command. Note how this moves us to GCM, executes the command, and leaves us in GCM: 

     •   RouterA(config-router)#hostname RouterB 

     •   RouterB(config)# 

You can also jump from one subordinate config mode to another: 

     •   Router(config-if)#router rip 

     •   Router(config-router)# 

Note that if you jump from one interface to another, the prompt doesn’t change, but you’re wherever you last 

told the router to be: 

     •   Router(config)#int fa0/0 (places us into interface config mode for fa0/0) 

     •   Router(config-if)#shutdown (shuts down fa0/0) 

     •   Router(config-if)#int s1/1 (moves us to serial 1/1) 

•   Router(config-if)#shut (shuts down serial 1/1) 

Since the prompt does not indicate which interface you’re configuring, if at any time you’re not sure where you 

are, execute the commands necessary to put yourself back where you need to be. This applies to routing proto- 

cols, as well, for which the prompts all appear as config-router: 

     •   Router(config)#router rip (places us into router config mode for RIP) 

     •   Router(config-router)#version 2 (selects RIP v2) 

     •   Router(config-router)#router ospf 1 (moves to OSPF process 1) 

     •   Router(config-router)#router-id 1.2.3.4 (configures router ID for OSPF 1)

Tab Key Completion 

Online help and tab-key completion for a command are only available at the native prompt for that command. 

For example, this will display the available IP routing protocols: 

     •   Router(config)#router ? 

But this will not: 

     •   Router(config-if)#router ? 

Likewise, this will display the interface types: 

     •   Router(config)#int ? 

But you can’t display the interface types from within interface config mode: 

     •   Router(config-if)#int ? 

The tab key will work here, displaying interface as the complete keyword: 

     •   Router(config)#int 

But not here: 

     •   Router(config-router)#int 

Reloads & Restarts 

To get a router to begin using the new IOS after an upgrade, you either have to power-cycle it or execute the 

privileged mode reload (software restart) command: 

     •   Router#reload 

Let’s imagine that we’ve established a Telnet (or SSH) session to a router for some remote-control configuration. 

What if we make a mistake that not only terminates our session, but also prevents us from reconnecting, such 

as a misconfigured access list? The result could be a CLE (Career-Limiting Event). 

To prevent this, we connect to the router, instruct it to perform a reload in five or ten minutes, then make the changes to the config. Assuming that all goes well, we save the config, and cancel the reload. If, on the other 

hand, all does not go well (and we cut ourselves off), the scheduled reload will occur. After the router reboots, it 

will come up with the old config, allowing us to reconnect and try again. 

You can schedule reloads for the future by using the in option. For example, to reload five minutes from now: 

     •   Router#reload in 5 

You can also reload at a certain time and date with the at option. For example, to reload on August 31 at 1:00 am: 

     •   Router#reload at 1:00 31 august 

To display a reload scheduled via the in or at options: 

     •   Router>show reload (“s rel”) 

When there is one minute remaining before the scheduled shutdown, the system will display messages to all ac- 

tive lines (console, aux, and vty). The system will also display a message just prior to the reload, but at that point 

it’s too late to stop the reload from occurring. 

To cancel a scheduled reload: 

     •   Router#reload cancel (“rel can”) 

You should see a message confirming that the shutdown was aborted. Make sure that you see this message, 

because if you mistyped the “cancel” command, the reload clock is still running. Note that you can view a 

scheduled reload from user mode, but you must be in privileged mode to schedule or cancel a reload. 

Traceroute 

Every programmer thinks that his or her way of doing things is the best way, but I often wish that they would 

make a little more effort to be consistent. A case in point is the Traceroute command, which exploits the TTL 

field in the IP header to determine the routers traversed on the way to a specified destination. Like UNIX, the 

Cisco IOS implementation of Traceroute uses UDP with high port numbers, whereas Microsoft’s implementation 

uses ICMP Echo Requests (“Pings”). The result of this is that a trace from a Cisco machine may make it through 

firewalls and router access lists, while a trace from a Microsoft machine may not, or vice-versa. 

Another difference is that Cisco’s command is traceroute (which can be shortcut as trace or even tr) and Micro- 

soft’s command is tracert, which can’t be shortcut at all. What makes this really annoying is that Cisco’s trace- 

route (or trace or tr) and the like don’t work on a Microsoft machine, and Microsoft’s tracert doesn’t work on 

Cisco. This means that if you work in a mixed Cisco/Microsoft environment (as lots of us do), you have to think  

about which machine you’re on every time you do a trace. 

Cisco has given us a way around this, though … the alias. What we can do is set up an alias on the Cisco, so 

that typing the Microsoft tracert command on a Cisco machine will invoke the Cisco traceroute. First, create the alias: 

     •   Router(config)#alias exec tracert traceroute 

Now, whenever the router (or switch) sees the string tracert from an Exec prompt (that is, user or privileged 

mode), it substitutes the string traceroute in its place. You can now execute the tracert from user or privileged 

mode:

 •   Router>tracert 1.2.3.4 

From privileged mode you can also invoke the extended tracert, which like extended ping, will prompt you for 

additional information. Granted, we’ve just “dumbed-down” Cisco IOS to the Microsoft level with regard to 

trace, but at least now tracert will work on both platforms. The other option, as mentioned before, is to just use 

tra on a Cisco and tracert with Windows. 

By the way, if you work in a Microsoft environment, don’t forget about the Windows pathping command 

which is similar to Cisco’s extended trace, but using ICMP echoes, of course. Try this on a Windows machine: 

     •   C:\WinXP>pathping /? 

Alias 

The alias feature of IOS can be used for other things. For example, if you make frequent use of the show ip 

ospf neighbor detail command, you might have discovered that you can shortcut it, like this: 

     •   Router#s ip o n de 

Or, you could set up an alias, such as siond, from global config mode: 

     •   Router(config)#alias exec siond show ip ospf neighbor detail 

Now you can use siond (or whatever you set up) in place of the full-blown command, including any options, 

such as: 

     •   Router#siond fa0/0 

To display what a particular alias represents: 

     •   Router#siond? (with no space between the alias and the question mark) 

To display all existing aliases: 

     •   Router#s alias 

And, of course, to delete an alias, precede it with “no” in global config mode: 

     •   Router(config)#no alias exec siond show ip ospf neighbor detail 

Summary 

These are just a few ways that IOS commands can help streamline your work, and give you more insight to your system. Note that the shortcuts shown here are not necessarily the most concise possible. Use the question mark option to find shortcuts that you like, and use them.