re: Professionalism

["Joe Pampel" <joe () ardsley com>]

couple things from an ex-suit (who gets to dress casual these days. Joy.)

<self-indulgent rambling>
1. Snort has made it *possible* for me to include IDS in my IT budget. I "discovered" Snort at our firm,  and then 
architected and implimented a multi-sensor IDS system using machines we were taking out of service because I felt we 
needed to get on top of our security infrastructure by any means available. No one else much cared so I had to do it on 
the cheap. I put up an Apache web server with MySQL/ACID and bingo - I'm a hero (additional thanks goes to Michael 
Steele and the good folks at SD for their windoze 'how-to's' !!)  Thank you to all the developers, writers, etc that 
made this possible!!! It's amazing. And within a week of deployment it had already saved us from all sorts of things, 
in addition to helping us find mis-configured workstations and routers on our own LAN. I show it to every consultant or 
industry peer who comes to see our IT set up. Everyone has been very impressed with Snort. I hope they all roll it out 
in their shops. I think they're crazy if they don't. 

2.  FWIW I am mgt here (I have seen the enemy, and he is me!), only report to 2 people in the whole joint, and frankly 
with the kinds of things I've seen in CSS (OTS & custom) programs (ex: an operating error message in a 6-figure piece 
of software called "error: bong!" which as it turns out was completely undocumented...) leads me to feel that some 
funky potentially off color ref deep in some dusty config file of an OSS program doesn't mean a thing to me. MOF my 
install of Snort (just re-vamped it a couple weeks ago) does not have this ref at all.  No one else here knows what 
Snort is, or what it does for the most part, and no one else configures it. While it does not bother me I also have to 
concur that as a general rule I think OSS could do without this kind of thing..  Code walk throughs and configuration 
tasks are often (I imagine) the first impression many get of OSS software and so I would trust that the tradition of 
careful commenting etc continues. I would like to see OSS gain wider acceptance, not to overthrow any other firm or 
whatever but simply bc I feel the model lends itself to potentially *better* applications, faster bug fixes and a safer 
environment as admins can view the code and know what it running on their machines. I find great security & value in 
that. We are going to roll out more Linux machines here as a result of all this, and bc it will double the lifespan of 
our workstations and servers.. talk about a cost savings.. but anyhow - 

3. I just want to close by saying I am *very* thankfull for OSS (esp Snort!), and the good folks who put so much hard 
work into it for the benefit of others.  I can only pity an organization which would write-off a truly outstanding app 
like Snort for one little dumb comment in a file somewhere buried where no one will likely ever see it.  That is myopic 
to the extreme and is truly throwing out the baby IMHO. Do you really think that the CSS apps are devoid of any odd 
comments or inside jokes within their code? Not that it makes it right, just saying it is everywhere and IMHO just a 
reflection of the long hours and stress that programmers/coders endure to bring these things to life. They're human 
beings after all. As for an organization that would terminate for such an "offense", I would never work for one. I find 
that sort of policy offensive not to mention oppressive.
</self-indulgent rambling>

Just my opinion, and worth what you paid for it. Hope I did not waste too much BW on my soap box.

Cheers,

Joe Pampel


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users