Re: [RFC] Zenmap search interface overhaul

[David Fifield <david () bamsoftware com>]

On Tue, May 27, 2008 at 05:43:44PM -0700, Fyodor wrote:
> On Tue, May 27, 2008 at 01:30:34PM -0600, David Fifield wrote:
> > On Tue, May 27, 2008 at 09:15:22PM +0200, Vladimir Mitrovic wrote:
> >
> > Neither. It means "all scans after 00:00 on January 9." Fuzziness should
> > only increase, never decrease, the range of dates searched.
> >
> > Similarly before:~date would push the date forward in time a day. Again
> > we have to make a decision. Does before:2008-01-10 mean, "before 00:00
> > on January 10" or "before 00:00 on January 11"? In other words, does
> > "before" really mean "on or before"? My inclination is to choose the
> > more expansize option, "on or before", just like "after" is "on or
> > after". So for this example "before:~2008-01-10" means "all scans before
> > 00:00 on January 12."
>
> Hi David.  I think you have some great ideas related to search
> keywords.  But I'm not sure I understand the value of ~ "fuzzyness".
> It sounds like after:2008-01-10 already includes anything on that day
> or later in your plan.  If I want to add a day to be on the safe side
> or because I'm not sure of semantics, wouldn't specifying
> after:2008-01-9 be just as easy and more intutive than
> after:~2008-01-10?  And if I want 3 extra buffer days, why would
> after:~~2008-01-10 be any simpler than after:2008-01-07?  Who is going
> to remember a special syntax for adding an extra day or three, when
> they can just add or subtract the days from the date given directly?

I admit that fuzziness is more useful with date:, where it is just a
shorthand for a range of dates around a given date. It means "I don't
remember exactly on what day this scan happened," or "I don't remember
if the scan was before or after midnight, so give me both days."

But you raise a good objection. I would remember how to use the
fuzziness feature because I thought of it. Anyone else who doesn't do a
lot of searches isn't going to know about it, just as they aren't going
to know exactly what before: and after: mean. Anyone doing a lot of
searches is going to get used to adding or subtracting a day when
necessary and won't need the fuzziness.

How about this: ditch fuzziness for before: and after:, and define them
so that before: means "on or before" and after: means "on or after".
Erring on the side of returning too many results suits me. Like you said
in another message, I'm mainly interested in narrowing down the list of
scans somewhat so I can go through them by hand.

This is contrary to how dates work in Subversion, at least. If you want
a log of all changes to the nmap repository on May 21 and 22, you have
to say
        svn log -r {2008-05-21}:{2008-05-23}
not the (to me) more natural "{2008-05-21}:{2008-05-22}", because
"2008-05-22" is interpreted as "00:00 on 2008-05-22, i.e., the end of
day on 2008-05-21."

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org