> No; that's the least of the problems.  The most annoying problem is
   > that, e.g/, a trivial typo can turn a CHANGE DEFINITION command into a
   > FORMAT UNIT command -- definitely not what the user intended, and by
   > the time he/she notices, it's way too late.
   > 
   > This is a very unsafe interface, and I would definitely not want
   > random users to experiment with it.

   I'm sure Charles meant that this was a sucky interface for a disk
   formatting utility, and not that it is a sucky interface for a
   general "send an arbitrary CDB" to a SCSI device.

No, and you can see from my example that I didn't mean that.  In the
specific case I cited, the user would indeed be using it to send an
arbitrary command to the device.

There are a few obvious ways it can be made reasonably safe:

* Allow a mnemonic name for the command, and always use the mnemonic
names when suggesting something to a user.

* Verify the CDB length when possible.

* Unless another option is given, disallow any command that would
modify the device's state in a significant way.

None of these would restrict the functionality of the program in any
way, except that the 2nd would disallow sending some invalid CDBs.