Visual Intrusion Analyzer Bugs, feedback, and a little background.

["Eric Knight" <eric () swordsoft com>]

> From the quick comments:

Scot,

>  My feedback is only free for 30 days, then you will have to register.

Good one, actually.  Absolutely nobody is interested in funding my projects, though, at least without a hefty increase 
in price tag.  I used to be a sys-admin for the FSF back in 1990-1992 so it really does hurt not being able to freely 
write programs open-source and such.  I've been trying to see if I can't restructure SwordSoft into a non-profit 
foundation before I have to seek VC.  If it matters, my personal income is $0 for all of 1993 and most of the products, 
publications, etc. I have released were free.  I'd -love- to be entirely open-source, however with people in my 
profession I'm required by default to sign my rights of ownership for anything created during my employment duration 
(I've had to sign 4 so far in my career) and if I just go out and "get a job", that's pretty much it for anything I try 
to do that's innovative.  Its a bad catch-22 and I'll attest that I'm still looking for some alternative, and I've 
already done what I can by releasing almost every bit of conceptual research I've placed into product design and 
development months ago.

The bug report doesn't quite catch the situation -- you clicked on something on the tree and ... ?  Could you be more 
specific -- such as "I was using XYZ test data" of whatever size on the following platform, and the item selected was 
ZZZ.  That would be more useful to at least try and recreate the problem.

I resolved not to release any program as professional without public evaluations, comments, and feedback.  I've kept my 
previous programs in beta and not released them as final because of this, and I'm going to keep VIA in beta for as long 
as it takes to become a solid program.  Simple as that.  

> From: "LE"
>
> Whats with the poorly written java app's coming out from supposed 'security'
> vendors...

I wouldn't knock too hard, every program has its growth cycles.  I'm trying to put away any defensive hat I might be 
wearing and putting on my security professional hat now.  I've had to evaluate hundreds of tools over the last decade 
from companies, and my time spent as Software Security Architect for NORAD gave me a good look at what people pay 
$50,000 to half a million dollars or more for from "the biggest names in the industry" and most of what I saw was 
garbage.  Many of them didn't even know what NORAD was before flying out to demo their product.  I'd expect better from 
people trying to pitch a sale of that magnitude to possibly this country's most sensitive military bases, especially 
since it was the focus of the movie WarGames (which was highly inspirational to the computer security industry), but 
the reality doesn't exactly match the expectation even in the commercial world.  

Besides the obvious problem of multiple platform compatibility, revision control on the target platforms, computers and 
fast computers of various manufacturers, even the effects of common applications running on the host that the 
development environment didn't include, etc. its extremely difficult to get the "big picture" without really seeing how 
anything performs in "real" environments.  Trying to tackle the problem of making any program work exactly the same on 
all platforms everywhere is sickening -- I had to reliably port HostCHECK to HPUX, Linux, BSD, Solaris, IRIX, AIX, and 
scores of other UNIX like systems and just the effort of keeping everything compatible for commercial markets was 
worthy of book volumes.  However, it requires patience and time, something I have a lot of, and was quite successful in 
the past.

The whole experience left an impact on me that means that I'm not going to limit my thinking or my enviornment for 
testing -- the public needs to see the result before the product is declared final.

Taking off my security pro hat, and going back to reality, I'm mostly laughing at my "so called" security vendor 
company anyway.  I've got a Duron 750 and two 333 MHz Intel boxes I'm doing the development on.  In my last company 
effort, I became temporarily disabled and under related circumstances, left the firm.  My situation is great compared 
to our staff artist, a Moldavian citizen working in a Moscow Children's Mental Hospital for $8/month + room and board.  
That's not a 'security vendor' IMHO, that's two people with creativity, motivation, dreams, and a LOT of hope.  No way 
anyone could have known that, but that's SwordSoft for you.  There are a few other dreamers in the midst as well, 
hoping something good comes of this.  Pueblo, Colorado isn't exactly Silicon Valley. *grins*

---

Not directed at anybody in particular, but just to chill out a bit and explain SwordSoft and what really is unique 
about this little effort.  First of all, I really hope that VIA is useful for people, I want it to be as solid as 
possible, and that I can continue to advance the tool to commercial quality.  Its hard work, lots of effort, and anyone 
who goes through the process of trying to make any program solid and usable for all people has to go through this.  
I'll take the slams, but keep in mind programmers are people, with our own unique situations.  

The future for SwordSoft is totally unwritten and I've been appealing to people for awhile to help us become a 
non-profit foundation rather than a VC funded firm.  I've passed up, and have been passing up, a lot of Angel 
investment offers in order to retain control of the company in hopes that the future will present a way that I can 
follow in RMS's footsteps.  As I mentioned earlier, I was a system administrator for the FSF, helped port their 
software to various platforms, and my primary undergraduate thesis in 1991 was on porting the GNU environment to a 
Prime EXL.  Being completely unfunded, and in possibly one of the most technology barren cities in the USA, I'm 
presented with a very unique challenge, and there is a lot of "dream chasing" going on.

The whole "shareware" stuff is the "middle road" approach I decided to take until an opportunity that fits the dream 
presents itself or I run out of personal funds completely (and I don't mean VIA -- its only a small component in a 
much, much larger architecture that I've been devoting research to for over a decade.)  At least, it provides a 
reminder and an indication that we appreciate some financial support if the program is indeed useful.  If the company 
gets any revenue at all, I would be able to skip past the whole VC thing and be willing to scrape along on a few 
hundred bucks a month in order to keep some dreams alive.  I would agree 100% with anyone who said they didn't want 
this industry to be crowded with greedy firms with huge pricetags, its really not on my agenda to become another.  I 
put -zero- effort into writing the 'so-called' copy protection on the software as well, so 'hint hint nudge nudge wink 
wink' .. To be perfectly honest, just keep in mind I'm only asking for support.  I could have made it a nightmare, but 
what's the point in putting so much effort into something I really don't believe in.

Right now, forget the cash -- I want to improve the product.  I'll continue making improvements and clean the code, we 
(Tanya and myself) are content with dealing with our current life situations, and I hope that with support (and a lot 
of genuine good will) SwordSoft, VIA, and all the future technologies my colleagues and I are interested in creating, 
will become available to all.  As I said, we're dreamers, knowledge hungry, hard workers, tough people, and have faith 
in our abilities.  I'd rather be known for having reliable and publicly evaluated products that I can freely display to 
all.  That is the purpose of this public beta test.

For the hundred or so people who have begun the beta testing and the support people have already given us, we give a 
very warm and grateful THANK YOU!

Eric Knight
President, SwordSoft.