Your post and others like your's smacks of zealotry.
Your post smacks of illiteracy, so I'll restrict my comments to observing that I couldn't give a flying fuck about the popularity or size of the "OSS" community.
Tenable, and Renaud, are spitting in the faces of everyone (like me) who tested, used and promoted their software on the understanding that it was Free. We (the community) contribute to a project every time we execute their code. CVS perms are not required...
Apart from which, Renaud was never exactly a model project leader. One reason they didn't get many contributions was because those they did get were routinely ignored - like the bug in gdlib which produced broken piecharts in the HTML output, or caused the Nessus process to silently hang. A colleague of mine found the bug, reported it, then (when nothing happened) dug into the source himself to find it. AFAIK, his patch was ignored (certainly nothing had happened six months later, last time I checked.)
I would like to appeal for a minute's silence for my dear friend Inego. A humble Pentium II bought in late 1997, it arrived with 64Mb of RAM (I paid extra to double up from 32!) and Windows 95. Rapidly migrated to NT4, Inego was gradually beefed up with first one, then two extra disk drives; a replacement CDROM after the first one died from DRM (a CD wouldn't rip; I angrily pushed the tray back into the drive with alarming grinding noises, and it was never the same since.) The RAM went to 128Mb and then 192Mb. I abandoned the 33.6K modem I originally bought for it and it ended life with a 10/100 ethernet card, though I never got around to replacing the awful 8Mb STB Velocity video. In 98 I made my first GNU/Linux install on this box, Debian 2.0; at the end, it was running Mandrake 10.1.
RIP, Inego. Your components will be recycled but your motherboard is gone forever.
(*Oh, and the relevance - it was named after Inigo Montoya from TPB, which of course I misspelled as Inego.)
Yes. Just to be clear, I'm talking about Free (not Open Source) software. Free software is always open source, but open-source software is not always Free... just as free-as-in-beer binary software (like Nessus v3) isn't Free (libre.)
In the week that Nessus went closed source, spitting in the face of all those who helped the project thinking it was free software, let's hope that the Gnessus project (based on the last Free version of Nessus) takes off, and that the continuing-Free Snort and Nmap continue to flourish. The progress of Sourcefire and Snort will be particularly interesting to compare with that of Tenable (Renaud's company) since Marty Roesch has been clear that Sourcefire (his company) being bought by Checkpoint won't affect Snort, which will continue to be Free software under the GPL.
Ha, you think I get invited to parties, with a like in debilitating cynicism, sarcastic abuse and snide innuendo like that? Why do you think I'm so gnarly in the first place?;)
Wow. I came across your post in metamod & had to see it in context... what you've summed up in three or four sentences has taken me the last thirty years to learn by trial and error...
[ObPython]You lucky, lucky bastard!;)
Which reminds me of the other thing I think I've worked out in that time... when you find yourself enjoying something (say, Monty Python's Life of Brian for example) - really, really enjoy it, whilst you can. Easier said than done, of course...
The rest of the companies had pieces. Wouldn't be much of a competition to be had. Next year there will be races (rocket racing league).
I think you'll find that before long, pieces will make a reappearance. Sizzling, white-hit pieces, embedding themselves in the landscape at high velocity...
But... but... but... I don't understand! For years on Slashdot, we've been constantly reminded that the laws of capitalism, U.S. style, mean that a company's directors can be jailed if they fail to do absolutely everything to maximise revenue and profit, no matter how morally distasteful or unpleasant such actions might be. (This usually comes up in the context of Free vs. proprietary software, but also in the long-running space exploration holy war, the **AA, and many other perennial Slashdot stories. )
So, surely IBM are in trouble now! The first time someone wants to make easy money, surely they'll just buy some token IBM stock, wait a year, then start a class action alleging a failure to maximise revenue by screening out employees who are, for example, likely to become seriously ill later in life. (Imagine the cost of a DNA test vs. the money required to pay a senior engineer or exec to sit around at home in a wheelchair for years - if the tests aren't dirt cheap now, they probably soon will be.)
Unless... either IBM are motivated by additional factors than maximising revenue (like - being able to sleep at night knowing that one isn't helping to destroy human civilisation)... or altrustic acts can themselves improve a company's image, and thus help bring in extra revenue?
See my comment here where I wonder if maybe we're getting way too excited about dark matter without having any material reason (other than "this is the only explanation that fits our current expectations of gravity") to believe it actually exists.
Wow, how lucky we are that you're around to point out to us that all those so-called astrophysicists and cosmologists with their fancy book-larnin' don't know nothin' bout anything. Sheesh, what are you wasting time posting to Slashdot for, when you could be picking up the Nobel Prize for Physics?
Whilst we're on the subject, please, do tell us if there are any other aspects of the current controversies around the Standard Model that you'd like to put us straight on? What about Dark Energy, for instance? What do you reckon to MOND, or quintessence, as theories? How about that flake Ed Witten and his nonsense about M-space? Are you gonna knock that garbage down, are ya? are ya?!?
but people who listen to, say U2, probably aren't big fans of Destiny's Child.
Look, I hate sound as if I'm smug or advancing my own random music taste as a model of a progressive liberal arts appreciation of culture - but I am, so that's how it comes out;) [(c) Bill Hicks]
As it happens, I have a couple of U2 albums and a Destiny's Child album. 'Survivor' is excellent! Good grief, did I actually say that in public? Whoo, I feel kinda liberated now, heh...
Of course there's piles and piles of shite pop, but if it wasn't a difficult thing to do, everyone would be making it. They're not.
And what, pray tell, might you mean by "tier 1 peering"? Hint: the internettrafficreport matrix isn't showing you what you think it is, and tier 1 doesn't mean what you think it does. (It may in fact not mean anything, although informed opinion is divided on the matter...)
There's a rather depressing tendency here on Slashdot for slagging off all contemporary pop (by 'pop' here I mean recordings intended to do little else but lodge in the listener's mind and perhaps convince them to spend money on the artist's recordings.) There has always been disposable crap popular music with little or no merit, it's nothing new. (Read up on the Victorian music hall tradition, certainly in the UK it was overwhelmingly the most popular entertainment for not only the working, but the middle classes too. (Indeed the Gaiety reviews attracted lots of titled Gentlemen and 'crowned heads of Europe'.) For a fascinating work of fiction set in that milleu check out Peter Ackroyd's "Dan Leno and the Limehouse Golem" or Angela Carter's "Nights at the Circus" (which is a little more magical post-realism I suppose, but still excellent.) Some of these cathedrals of mass entertainment are still standing in London, often converted into cinemas or now recycled as modern music venues; the Brixton Academy and the Shepherd's Bush Empire for example.
Anyway what I was trying to say that there is in fact some GOOD pop out there now and then. If you want to see the talent behind Britney, you need to look at the names of the producers, engineers, song-writers and musicians on the record. The thing I find most disturbing is the, um, let's call it the "racial dimension", especially in the US where music is sickeningly segregated by colour.
Anyway, miles off-topic, we now return you, etc etc. Sheessh. Does anyone else find Friday evenings profoundly depressing?
As a UK-er concerned with "hacker rights" I've been following this case since it was first announced. Actually (tho' you are right to be cautious and sceptical of such stories), you're wrong: not only is it as bad as it seems, it's actually many times worse. Informed rumour in the UK scene / community has it that the "unauthorised access" of which he was accused consisted of adding "../ " to the end of an URL. (Try checking boingboing.net's coverage, or that of NeedToKnow (ntk.net).)
BT's IDS monitors must suck fat donkey's cock; I shall certainly be doing everything I can to avoid putting work in the way of these clowns, and making sure no company that asks me to interview an ex-BT Infosec person will ever hire them. The PHBs at BT (the ones reponsible for seeing the sort of IDS false positive that fill our logs on a daily basis and calling the cops to boot in the door of this uber-haxx0r who was, uh, doing it from his own personal computer (rather than bouncing thru anonymous proxies or other hacked machines) and effectively destroy his career need to be treated with utter contempt and derision for their appalling lack of clue, common sense, and for behaving like what we used to call "little Hitlers". Fuck them. I would not be AT ALL surprised if some of the *real* kiddies out there adopt this unfortunate victim and start defacing sites with calls for him to be exonerated - after all he's infinitely less guilty than Mitnick ever was.
Today I'm disgusted and depressed by the technical illiteracy not only of the police and justice system (which we expect) but of the people hired to host the site. Fuck BT, and may 'OpenRetch' signal the beginning of the end for this first, and most evil monopoly telco ever to blight the bright future of telecoms and technology in the country they battened on to. (Yes, they're supposedly not a monopoly any more, but despite being privatised in 1984(!!) they are only now finally allowing the local loop to be prised from their cold, morally-dead fingers.)
Check the NANOG archive over the last few days for far, far more than you ever wanted to know about "The Art of Peering: The Peering Playbook"... or read the book yourself.
Personally speaking, I find the automatic updates rocks like a Japanese death metal group doing a Peel session. The beta checks for updates daily, and picks up a new nightly build every day as far as I can see... my Firefox install is never more than 24 hours old. Suck it up, Microsoft;)
You're probably right from the PoV of "most functionality for your money" or "software quality"; however I'm one of those weirdos who tries to only use Free (Libre) software. Nessus started as a project, Tenable came along later, much later.
I agree - in principle - but principle doesn't put food in your mouth or pay the rent.
I'm fed up with hearing this cliche. I've got a personal principle that I should not punch people in the face. That principle doesn't see to have lead me to starve. I have another principle that says I won't try to hoard any useful software I write; that hasn't lead me to penury either. Odd, that.
Tenable's complaint seems to be "other companies are making money selling our Free software!" I would much rather they'd asked themselves why customers would rather buy Renaud's Free software from zero-value-add resellers, rather than from a company co-owned by, and providing full-time employment to the project's chief developer and project founder?
Dang, I just submitted this. Ah well, perhaps I'll get a dupe... it'll take a few hours to get to the top of the submissions stack, perhaps Taco will be posting by then;)
Anyway, speaking as a long-term user of Nessus, I have had direct personal benefit from it being Free; it enabled me to get familiar with it on my home network which (along with snort, nmap, ipf, tcpdump and a load of other Free stuff) enabled me to move into network security five years ago. Of course, it's Renaud's code and it's his right to release it under whatever licence he wants; but it's a shame. Let's hope someone's prepared to fork the GPL'd v2 codebase and start adding the improvements it needs.
Of course, I'm assuming that all the plug-in authors are happy with this. When Tenable released a closed-source Windows port (NEWT) I queried the position on a mailing list somewhere, I forget the outcome but it seemed odd to me. It seems really unlikely that Tenable would do this without the plug-in authors' agreement,.. anyone got info on that?
With my 'Free s/w zealot' hat on, I have to say that it'll be interesting to see how the community responds to this. In my copy of the FSZH (FS Zealot's Handbook... version 2 or later:) it says that a benefit of GPL licensing is that the community can pick up and continue with the remaining GPL'd source. Are there any coders out there interested and motivated enough to pick up the GPL'd project? It'll be interesting to see. Fingers crossed....
Nope. More like a workstation suddenly sending, via port 25 (SMTP), to a box outside your network. That's a huge flag.
Yeah, though you'd catch that on the firewall, not with an IDS. For anomaly based detection (which snort can do with 'spade'; I haven't tried it myself) you really want to be able to plug in logs from multiple sources - IDS sensors, internal and external firewall interfaces, etc etc. For most networks, you should be able to iterate over each sensor, f/w interface and other in my dream world, over all the client and server logs which would be forwarded by syslog into one hungous out-of-band management network where you process the lot and alert on anything out of the ordinary. You'll get a lot of 'false alarms' unless you want to know about the curious network newbie who one day wonders what how telnet works, or installs a p2p app or whatever. (Yes, of course your fws and IDS are doing deep packet inspection / protocol analysis and can spot people trying to tunnel p2p over port 80 - the most common case - as well as funkier stuff like ipsec via DNS packet options or somesuch madness.
You'd want to automate as much as possible of the setup... hmmm, in principle it'd be possible to stich together a load of Free software, package it or sell it as a service, with a load of auto-discovery scripts or passive analysis system to spot patterns... hmmm....
My dream is to build and run such a system, and work for world peace;)
Slashdot Mirror
Ajax is the first genuinely new thing I can think of this century.
Apart from which, Renaud was never exactly a model project leader. One reason they didn't get many contributions was because those they did get were routinely ignored - like the bug in gdlib which produced broken piecharts in the HTML output, or caused the Nessus process to silently hang. A colleague of mine found the bug, reported it, then (when nothing happened) dug into the source himself to find it. AFAIK, his patch was ignored (certainly nothing had happened six months later, last time I checked.)
RIP, Inego. Your components will be recycled but your motherboard is gone forever.
(*Oh, and the relevance - it was named after Inigo Montoya from TPB, which of course I misspelled as Inego.)
Yes. Just to be clear, I'm talking about Free (not Open Source) software. Free software is always open source, but open-source software is not always Free... just as free-as-in-beer binary software (like Nessus v3) isn't Free (libre.)
In the week that Nessus went closed source, spitting in the face of all those who helped the project thinking it was free software, let's hope that the Gnessus project (based on the last Free version of Nessus) takes off, and that the continuing-Free Snort and Nmap continue to flourish. The progress of Sourcefire and Snort will be particularly interesting to compare with that of Tenable (Renaud's company) since Marty Roesch has been clear that Sourcefire (his company) being bought by Checkpoint won't affect Snort, which will continue to be Free software under the GPL.
So, at the time of writing this factually incorrect headline is still up, four hours after it was posted. Is anyone awake at Taco Towers?
Ha, you think I get invited to parties, with a like in debilitating cynicism, sarcastic abuse and snide innuendo like that? Why do you think I'm so gnarly in the first place? ;)
[ObPython]You lucky, lucky bastard! ;)
Which reminds me of the other thing I think I've worked out in that time... when you find yourself enjoying something (say, Monty Python's Life of Brian for example) - really, really enjoy it, whilst you can. Easier said than done, of course...
So, surely IBM are in trouble now! The first time someone wants to make easy money, surely they'll just buy some token IBM stock, wait a year, then start a class action alleging a failure to maximise revenue by screening out employees who are, for example, likely to become seriously ill later in life. (Imagine the cost of a DNA test vs. the money required to pay a senior engineer or exec to sit around at home in a wheelchair for years - if the tests aren't dirt cheap now, they probably soon will be.)
Unless... either IBM are motivated by additional factors than maximising revenue (like - being able to sleep at night knowing that one isn't helping to destroy human civilisation)... or altrustic acts can themselves improve a company's image, and thus help bring in extra revenue?
Well, which is it?
Whilst we're on the subject, please, do tell us if there are any other aspects of the current controversies around the Standard Model that you'd like to put us straight on? What about Dark Energy, for instance? What do you reckon to MOND, or quintessence, as theories? How about that flake Ed Witten and his nonsense about M-space? Are you gonna knock that garbage down, are ya? are ya?!?
As it happens, I have a couple of U2 albums and a Destiny's Child album. 'Survivor' is excellent! Good grief, did I actually say that in public? Whoo, I feel kinda liberated now, heh...
Of course there's piles and piles of shite pop, but if it wasn't a difficult thing to do, everyone would be making it. They're not.
Woah, you're complaining about 20% tax?!?! on 50 grand??!! No wonder your education and healthcare systems are famous throughout the world...
And what, pray tell, might you mean by "tier 1 peering"? Hint: the internettrafficreport matrix isn't showing you what you think it is, and tier 1 doesn't mean what you think it does. (It may in fact not mean anything, although informed opinion is divided on the matter...)
Smithers, I thought I told you not to start drinking before noon! Hmmm, WTF did I actually post up there, anyway?
Ah, right, thanks for the correction. See, F/OSS gets updated so often it's easy to forget what you're actually running in the first place ;)
Anyway what I was trying to say that there is in fact some GOOD pop out there now and then. If you want to see the talent behind Britney, you need to look at the names of the producers, engineers, song-writers and musicians on the record. The thing I find most disturbing is the, um, let's call it the "racial dimension", especially in the US where music is sickeningly segregated by colour.
Anyway, miles off-topic, we now return you, etc etc. Sheessh. Does anyone else find Friday evenings profoundly depressing?
BT's IDS monitors must suck fat donkey's cock; I shall certainly be doing everything I can to avoid putting work in the way of these clowns, and making sure no company that asks me to interview an ex-BT Infosec person will ever hire them. The PHBs at BT (the ones reponsible for seeing the sort of IDS false positive that fill our logs on a daily basis and calling the cops to boot in the door of this uber-haxx0r who was, uh, doing it from his own personal computer (rather than bouncing thru anonymous proxies or other hacked machines) and effectively destroy his career need to be treated with utter contempt and derision for their appalling lack of clue, common sense, and for behaving like what we used to call "little Hitlers". Fuck them. I would not be AT ALL surprised if some of the *real* kiddies out there adopt this unfortunate victim and start defacing sites with calls for him to be exonerated - after all he's infinitely less guilty than Mitnick ever was.
Today I'm disgusted and depressed by the technical illiteracy not only of the police and justice system (which we expect) but of the people hired to host the site. Fuck BT, and may 'OpenRetch' signal the beginning of the end for this first, and most evil monopoly telco ever to blight the bright future of telecoms and technology in the country they battened on to. (Yes, they're supposedly not a monopoly any more, but despite being privatised in 1984(!!) they are only now finally allowing the local loop to be prised from their cold, morally-dead fingers.)
Check the NANOG archive over the last few days for far, far more than you ever wanted to know about "The Art of Peering: The Peering Playbook"... or read the book yourself.
Personally speaking, I find the automatic updates rocks like a Japanese death metal group doing a Peel session. The beta checks for updates daily, and picks up a new nightly build every day as far as I can see... my Firefox install is never more than 24 hours old. Suck it up, Microsoft ;)
You're probably right from the PoV of "most functionality for your money" or "software quality"; however I'm one of those weirdos who tries to only use Free (Libre) software. Nessus started as a project, Tenable came along later, much later.
I'm fed up with hearing this cliche. I've got a personal principle that I should not punch people in the face. That principle doesn't see to have lead me to starve. I have another principle that says I won't try to hoard any useful software I write; that hasn't lead me to penury either. Odd, that.
Tenable's complaint seems to be "other companies are making money selling our Free software!" I would much rather they'd asked themselves why customers would rather buy Renaud's Free software from zero-value-add resellers, rather than from a company co-owned by, and providing full-time employment to the project's chief developer and project founder?
Anyway, speaking as a long-term user of Nessus, I have had direct personal benefit from it being Free; it enabled me to get familiar with it on my home network which (along with snort, nmap, ipf, tcpdump and a load of other Free stuff) enabled me to move into network security five years ago. Of course, it's Renaud's code and it's his right to release it under whatever licence he wants; but it's a shame. Let's hope someone's prepared to fork the GPL'd v2 codebase and start adding the improvements it needs.
Of course, I'm assuming that all the plug-in authors are happy with this. When Tenable released a closed-source Windows port (NEWT) I queried the position on a mailing list somewhere, I forget the outcome but it seemed odd to me. It seems really unlikely that Tenable would do this without the plug-in authors' agreement,.. anyone got info on that?
With my 'Free s/w zealot' hat on, I have to say that it'll be interesting to see how the community responds to this. In my copy of the FSZH (FS Zealot's Handbook... version 2 or later :) it says that a benefit of GPL licensing is that the community can pick up and continue with the remaining GPL'd source. Are there any coders out there interested and motivated enough to pick up the GPL'd project? It'll be interesting to see. Fingers crossed....
Yeah, though you'd catch that on the firewall, not with an IDS. For anomaly based detection (which snort can do with 'spade'; I haven't tried it myself) you really want to be able to plug in logs from multiple sources - IDS sensors, internal and external firewall interfaces, etc etc. For most networks, you should be able to iterate over each sensor, f/w interface and other in my dream world, over all the client and server logs which would be forwarded by syslog into one hungous out-of-band management network where you process the lot and alert on anything out of the ordinary. You'll get a lot of 'false alarms' unless you want to know about the curious network newbie who one day wonders what how telnet works, or installs a p2p app or whatever. (Yes, of course your fws and IDS are doing deep packet inspection / protocol analysis and can spot people trying to tunnel p2p over port 80 - the most common case - as well as funkier stuff like ipsec via DNS packet options or somesuch madness. You'd want to automate as much as possible of the setup... hmmm, in principle it'd be possible to stich together a load of Free software, package it or sell it as a service, with a load of auto-discovery scripts or passive analysis system to spot patterns... hmmm....
My dream is to build and run such a system, and work for world peace ;)