Re: Nmap SoC 2007 Wrap Up

[jah <jah () zadkiel plus com>]

Well done all.  A great tool keeps getting better.

Fyodor wrote:
> Hi Everyone.  The Google Summer of Code is now over and things are
> calming down a bit.  So I finally have time to send a report on our
> results.  For comparison, here are our previous summer wrap ups:
>
> 2005 Results: http://slashdot.org/comments.pl?sid=183143&cid=15133184
> 2006 Results: http://seclists.org/nmap-dev/2007/q1/0235.html
>
> First, let me thank Google for accepting Nmap into this program for 3
> years in a row!  It really has made a huge difference in Nmap
> development.  It is hard to imagine any Nmap users reading those
> previous reports (and this one) and not finding at least a few changes
> which have helped them personally.
>
> This year we tried a few things different.  For one, we took on fewer
> students so that we would have more time to spend on each project.
> Instead of 10 students as in '05 and '06, we had 6.  This worked out
> well in helping me keep up with all the changes.  The project SVN
> server is now public (unlike last year), which helped a great deal.  I
> didn't feel like such a bottleneck in manually tracking and applying
> patches.
>
> I started the summer by making an /nmap-exp/soc07 Nmap branch for SoC
> development.  That was probably a mistake, as it lead to less testing
> because many people still used /nmap and it was also a major hassle to
> merge stuff back.  So late in the program we moved back to /nmap and
> let people use their own special experimental changes, them merge
> directly to /nmap when ready.  Another problem with our first
> approach, as we've seen this week, is that some people still don't
> realize that we've moved back to /nmap :).
>
> Perhaps this is the most exciting news for this summer: Two of last
> years' SoC students became SoC Mentors this year!  Diman Todorov, who
> helped create NSE last year mentored two NSE-related projects this
> year.  And Adriano Monteiro, who worked in '05 and '06 as an Nmap SoC
> student to create the new UMIT Nmap front end, was sponsored by Google
> as a separate SoC project with 7 students of his own!  I'm also
> delighted that both Diman and Adriano are visiting the SF Bay Area
> right now for a Google SoC summit.  I met Adriano for the first time
> in person yesterday, and will likely meet Diman for the first time in
> person today!
>
> In terms of success rates, we are improving.  7 out of the 10 Nmap
> students succeeded in '05 and 8 out of 10 in '06.  For '07, we had 5
> successes out of 6.  The increasing success rates may be due to better
> selection and mentoring, but a big part of the increased success rate
> is that we have been inviting the best students back for the next
> year.
>
> If we are invited back next year, our biggest change will probably be
> more intense recruiting.  We have received fewer and fewer applicants
> each year, and I think part of the reason is that the number of
> projects participating in SoC is ballooning.  So applicants have
> hundreds of projects to choose from rather than dozens.  Therefore we
> will have to work harder to attract the best candidates, and I hope
> members of the Nmap community will help by recommending the program to
> talented college students (or by applying if you are such a student!)
>
> Now for the important part of this email: What those five successful
> Summer students accomplished!  You can read more about any of these
> changes in the official Changelog at
> http://insecure.org/nmap/changelog.html .
>
> Stoiko Ivanov accomplished a whole lot of NSE work this summer.  In
> addition to many smaller features and bug fixes, he added the NSE
> library (nselib) of useful functions, added garbage collection
> support, and added the --script-args system for passing arguments to
> scripts.  He also made major improvements to the NSE documentation at
> http://insecure.org/nmap/nse/ .  Diman deserves part of the credit for
> this due to his excellent mentorship!  And he even took numerous
> matters into his own hands, such as testing and integrating Marek's
> raw IP packet NSE support patch.
>
> David Fifield had a busy summer, accomplishing an incredible amount of
> Nmap work.  His contributions include substantial UMIT work,
> integrating huge numbers of your OS detection fingerprint submissions,
> adding the --servicedb and --versiondb command-line options,
> dramatically reducing build dependencies, the huge massping migration,
> and more.  Whew!
>
> Meanwhile, Kris Katterjohn kept very busy completing a large number of
> small tasks rather than one huge project.  He helped integrate UMIT
> into the Nmap build system, wrote several valuable NSE scripts, added
> the Snprintf() and Vsnprintf() wrappers which are safer than the
> normal lowercased calls, upgraded libpcre and libpcap, improved ICMP
> protocol unreachable response handling, added several features to the
> Nmap XML output format, and more.
>
> Doug Hoyte is our only three-time SoC student, and unfortunately (for
> us) he will probably graduate and become ineligible next year.  But
> maybe he can come back as a mentor!  He accomplished a lot this
> summer, including writing NSE scripts and integrating tons of your
> version detection signature submissions.
>
> Eddie Bell was our other repeat student, and he did a good job on a
> wide variety of tasks.  He wrote five NSE scripts, improved UMIT's
> results searching, fixed numerous bugs bugs, upgraded Winpcap, and
> optimized the Nmap ./configure system.  Also, we added his nifty
> --reason feature which fell through the cracks and didn't make it in
> last year.
>
> While Adriano was leading a separate UMIT GSoC project, he and his
> team accomplished some great things.  After 3 summers of development,
> UMIT is finally ready for integration into Nmap and it is included in
> the latest SOC release.  I believe that 6 of Adriano's 7 SoC students
> succeeded.
>
> Obviously we also had many great contributions from non-SoC developers
> over the summer, as demonstrated by the Changelog.
>
> Note that all of the changes discussed here have already been
> integrated into Nmap.  We are up to version 4.22SOC6, and quickly
> approaching a big stable release.
>
> Well, that wraps up GSoC 2007 for the Nmap project.  We're looking
> forward to Summer 2008, but certainly won't be sitting on our hands
> until then!  I'm particularly pleased that many of the SoC students
> have continued contributing even though the summer has ended.
>
> Cheers,
> Fyodor
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
>
> --
> This email has been verified as Virus free
> Virus Protection and more available at http://www.plus.net
>
>   

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org