incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Deboy <scott.de...@gmail.com>
Subject Re: [VOTE] ALOIS to enter the incubator
Date Thu, 26 Aug 2010 17:16:39 GMT
+1

On Thu, Aug 26, 2010 at 9:54 AM, Mohammad Nour El-Din <
nour.mohammad@gmail.com> wrote:

> +1 notbinding
>
> On Thu, Aug 26, 2010 at 4:30 PM, Benson Margulies <bimargulies@gmail.com>
> wrote:
> > OK, I read the syntax of this sideways.
> >
> > +1, binding, from me.
> >
> > On Thu, Aug 26, 2010 at 12:26 PM, Urs Lerch <mail@ulerch.net> wrote:
> >> Hi
> >>
> >> There is, at least in my opinion, a very clear statement regarding the
> >> licencing:
> >>
> >>  = Source and Intellectual Property Submission Plan =
> >>
> >>  ALOIS is currently under a GPL licence. Since there are only two
> >>  contributors so far, both from the same company, there is no problem
> >>  to re-licence the code and contribute it to Apache. The commitment of
> >>  the company's owner has been granted.
> >>
> >> The names of the two contributors are listed elsewhere in the proposal.
> >> Do you think that ain't enough?
> >>
> >> Best
> >> Urs
> >>
> >>
> >> Am Donnerstag, den 26.08.2010, 12:17 -0400 schrieb Benson Margulies:
> >>> I don't see anything explicit in here about relicensing from GPL to
> >>> ASL. Perhaps that was hashed out before I joined the PMC?
> >>>
> >>> I'm +0 tending toward -1 without an explicit statement that the
> >>> copyright owners are known and on board with the license change.
> >>>
> >>> On Thu, Aug 26, 2010 at 12:09 PM, Urs Lerch <mail@ulerch.net> wrote:
> >>> > Hi,
> >>> >
> >>> > I would like to call a vote for accepting "ALOIS" for incubation in
> >>> > the Apache Incubator. The full proposal is available below and on the
> >>> > proposal wiki page (http://wiki.apache.org/incubator/AloisProposal).
>  We
> >>> > ask the Incubator PMC to sponsor it, with Scott Deboy volunteering
as
> >>> > Champion and Mentor. Additional mentors are warmly welcome.
> >>> >
> >>> > Please cast your vote:
> >>> >
> >>> > [ ] +1, bring ALOIS into Incubator
> >>> > [ ] +0, I don't care either way,
> >>> > [ ] -1, do not bring ALOIS into Incubator, because...
> >>> >
> >>> > This vote will be open for 72 hours and only votes from the Incubator
> >>> > PMC are binding.
> >>> >
> >>> > Thanks,
> >>> > Urs
> >>> >
> >>> >
> >>> > --------------------------------------------
> >>> >
> >>> >
> >>> > = Preface =
> >>> >
> >>> > ALOIS is a log collection and correlation software with reporting and
> >>> > alarming functionalities. It has been implemented by the Swiss
> company
> >>> > IMSEC for a customer about five years ago. GPL-licenced, implemented
> in
> >>> > Ruby and completely based on other OSS-licensed components, it was
> >>> > designed for the open source community right from the start. Now that
> >>> > the software has shown its functioning over several years in
> production
> >>> > with the one customer and one IMSEC-internal installation, it seems
> to
> >>> > be the right time to open it to a wider community.
> >>> >
> >>> >
> >>> > = Abstract =
> >>> >
> >>> > ALOIS stands for „Advanced Logging and Intrusion Detection System“
> and
> >>> > is meant to be a fully implemented open source SIEM (security
> >>> > information and event management) system.
> >>> >
> >>> >
> >>> > = Proposal =
> >>> >
> >>> > While almost all other SIEM software, be it closed or open source,
> >>> > concentrate on the technological part of security monitoring, ALOIS
> is
> >>> > aimed to monitor the security of the content. It intends to be
> >>> > pro-active in the detection of potential loss, theft, mistaken
> >>> > modification or unauthorized access. ALOIS works on log messages and
> >>> > thus contains all the basic functionality of a conventional SIEM, as
> >>> > centralized collecting, normalizing, aggregation, analyzing and
> >>> > correlating of all log messages, as well as reporting all security
> >>> > related events. Therefore it can be used as any other SIEM.
> >>> >
> >>> > ALOIS consists of five modules interacting to ensure a scaleable
> >>> > functionality of a SIEM:
> >>> >
> >>> >  * Insink is the message sink, which is the receiving entry point for
> >>> > all the different log messages into ALOIS. It is partly based on the
> >>> > syslog-ng software. Insink listens for messages (UDP), waits for
> >>> > messages (TCP), receives message collections (files, emails) and
> >>> > pre-filters them to prevent from message flow overload.
> >>> >
> >>> >  * Pumpy is the incoming FIFO buffer, implemented as a relational
> >>> > database tables. which contain the incoming original messages (in raw
> >>> > format). In a complex system setup, there may be several insink
> >>> > instances, e.g. for a group of hosts, for specific types of messages,
> or
> >>> > for high-avaliablity.
> >>> >
> >>> >  * Prisma contains logic to split up the text of log messages into
> >>> > separate fields, based on regular expressions. Actually, "prisma" is
> a
> >>> > set of "prismi", each one prisma for one type of log message (apache,
> >>> > cisco etc. Several prismi can be applied to the same message. This
> >>> > allows for stacked messages, i.e. forwarded log messages contained
in
> >>> > compressed files contained in e-mail messages. The data retrieved
> form
> >>> > the log messages is stored in a database called Dobby. Due to prisma
> >>> > being written in Ruby, prismi can be applied interactively (when
> having
> >>> > system access).
> >>> >
> >>> >  * Dobby is the central log database. It should be separated from the
> >>> > Pumpy database for availability and performance reasons. The current
> >>> > implementation is based on MySQL.
> >>> >
> >>> >  * The Analyzer contains the two sub-systems Lizard and Reptor.
> Lizard
> >>> > is the analysis engine and user interface of ALOIS, implemented in
> Ruby
> >>> > on Rails using AJAX. It allows for interactive browsing through the
> >>> > collected data, exclusion/inclusion/selection of data, data sorting,
> >>> > data filtering, creation of views, ad-hoc textual and graphical
> >>> > reporting. Reptor allows for automatic activation of views and
> >>> > comparison of these views' results to a predefined result (pattern
> >>> > matching). In case of mismatch, Reptor sends the result to predefined
> >>> > e-mail addresses.
> >>> >
> >>> > Its modular design guarantees ALOIS to scale from little to large
> >>> > organizations. Since there exists a Debian package, it's easy to
> build a
> >>> > test system or even a productive system for small environments.
> >>> >
> >>> > Although the software has been in productive use for a few years,
> there
> >>> > is still a lot of desired functionality missing. The plugability of
> new
> >>> > connected systems is given, but needs some revision. It is a given
> goal
> >>> > of the project to allow modules in other programming language.
> >>> > Furthermore, it has been discussed if parts of the existing
> >>> > implementation may be replaced with other proven open source
> software,
> >>> > e.g. the correlation engine or the web frontend. The other way round,
> it
> >>> > has been discussed that the filter creation engine would make a good
> >>> > tool for any kind of structured data, and thus could be separated
> from
> >>> > ALOIS and standardized as a stand-alone tool.
> >>> >
> >>> >
> >>> > = Background =
> >>> >
> >>> > It's not simple to know what happens in a bigger network. There's a
> >>> > multitude of applications, services and appliances working together.
> >>> > Many of them provide some kind of events or state information. The
> >>> > network administrator needs to get hands on all of them. But they
> come
> >>> > in many different flavors and multiple canals. Therefore, it's hard
> to
> >>> > get the big picture. Furthermore, we have learned that it's
> impossible
> >>> > to protect a system against all malicious attacks and to keep all the
> >>> > possible faulty handling away. A monitoring of the systems to
> guarantee
> >>> > a pro-active handling is therefore needed..
> >>> >
> >>> > Therefore, more and more organizations collect and analyze all
> logfiles
> >>> > in a centralized system, called a SIEM (security information and
> event
> >>> > management). The technology provides two major functions for security
> >>> > events from networks, systems and applications: log management and
> >>> > compliance reporting (SIM – security information management) and
> >>> > real-time monitoring and incident management (SEM – security event
> >>> > management).
> >>> >
> >>> >
> >>> > = Rationale =
> >>> >
> >>> > Why another security information and event management system? It's
> true,
> >>> > there's already plenty of them. While the proprietary software is way
> >>> > too expensive for smaller to mid-sized companies, we find that the
> open
> >>> > source solutions are either too simple or not completely open. For
> >>> > example, behind each of the well known systems “OSSIM” and “Prelude”,
> >>> > there is a company that either closes central functionality for its
> own
> >>> > business or has dual licensing and therefore asks the full copyright
> for
> >>> > all contributed code.
> >>> >
> >>> > ALOIS is aimed to be totally free and open for all contributions. The
> >>> > openness provided for other programming languages is certainly proof
> of
> >>> > this. The plug-ability - yet to be further developed - is meant to
> >>> > guarantee that individual needs can be realized without stressing the
> >>> > whole system too much. In our opinion, the Linux kernel is a good
> >>> > example that this can work very well.
> >>> >
> >>> > Since we are in accordance with „the Apache way“, we would be very
> >>> > pleased if ALOIS could become part of the Apache community. In
> Addition,
> >>> > the Apache Logging Services would be a perfect home for the software.
> >>> > Furthermore, it's not the intention to compete with the already
> existing
> >>> > log viewer and analyzing tool „Chainsaw“. Since Chainsaw is a
> relatively
> >>> > easy tool, it meets a rather different need. Nevertheless, if the two
> >>> > projects use synergies, both can profit.
> >>> >
> >>> >
> >>> > = Initial Goals =
> >>> >
> >>> > When this project started ins 2005, there was no proven SIEM open
> source
> >>> > software and the commercial tools were way too expensive for the
> needed
> >>> > environment. Therefore, we decided together with a customer of ours
> to
> >>> > implement an open source SIEM tool from scratch. Now the software has
> >>> > run in a production environment for several years and has proven its
> >>> > functionality and reliabilty.
> >>> >
> >>> >
> >>> > = Current Status =
> >>> >
> >>> > == Meritocracy ==
> >>> >
> >>> > As already mentioned, ALOIS is already in production use in two
> >>> > organizations. All the code has been written by two persons of the
> same
> >>> > company in a paid employment relationship. It is obvious that this
is
> >>> > way different from the open source approach within Apache. But
> >>> > nevertheless, the two developers have always worked as a team and the
> >>> > decisions were made in consensus whenever possible. But it is no
> secret,
> >>> > that these developers have to learn to behave in an open community.
> >>> > Understanding this potential problem, they already got support by a
> >>> > freelance consulter, who has the corresponding experience and
> knowledge.
> >>> >
> >>> > == Community ==
> >>> >
> >>> > Until today there is no real community, because the project hasn't
> been
> >>> > published officially, although it had been completely published on
> the
> >>> > web site for a couple of months (until a server relaunch). Convinced
> by
> >>> > the concept and design of the software, we are open and hope to reach
> >>> > many contributors and users. We think that it is realistic, because
> the
> >>> > SIEM issue has yet not been resolved in the OSS space.
> >>> >
> >>> > == Core Developers ==
> >>> >
> >>> > ALOIS was developed by Simon Hürliman and Flavio Pellanda, both
> employed
> >>> > by the company IMSEC. Concerning Design and Architecture, Marcus
> >>> > Holthaus, owner of IMSEC, gave his input as security specialist.
> Since
> >>> > the beginning of this year, Urs Lerch, a doctorate on the subject of
> >>> > commercial open source software development, supports the team with
> his
> >>> > knowledge. Simon Hürlimann has left the company three years ago, but
> is
> >>> > still active in the OSS environment (although not for ALOIS). Current
> >>> > employee Daniel Lutz (a Debian Developer) has also contributed to the
> >>> > project.
> >>> >
> >>> > == Alignment ==
> >>> >
> >>> > Besides that we strongly believe in the „Apache way“, we think
that
> >>> > although that Apache hosts the Logging Services and different
> security
> >>> > projects, there is a gap when it comes to a superordinate security
> view.
> >>> > We therefore think it a good idea to add our SIEM project to the
> Apache
> >>> > repository. On the other side, Apache would become an even more
> complete
> >>> > software repository.
> >>> >
> >>> >
> >>> > = Known Risks =
> >>> >
> >>> > == Orphaned products ==
> >>> >
> >>> > Since the software is only maintained by employers of one company,
> there
> >>> > is a severe risk of being orphaned. But, on the one hand, the company
> >>> > has a sustained interest in keeping the project alive, because there
> are
> >>> > plans to offer services on top of ALOIS, and IMSEC uses the software
> for
> >>> > SIEM on their own systems. For this reason there exists a budget for
> the
> >>> > development and support of ALOIS. On the other hand, we believe that
> >>> > ALOIS is of great interest for other people and companies tied to IT
> >>> > security. Therefore, our step to the Apache incubator is also a step
> to
> >>> > a bigger community.
> >>> >
> >>> > == Inexperience with Open Source ==
> >>> >
> >>> > While ALOIS has always been licenced under the GPL, access to the
> source
> >>> > code, bug tracker and version control system has been restricted to
> >>> > internal users for most of the time. But the company has a strong
> >>> > believe in the open source movement and therefore engages its
> employees
> >>> > to take part in the community. Furthermore, it is also a strategic
> >>> > decision to build services on top of linux.
> >>> >
> >>> > We understand that the Apache Incubator is a great opportunity for
us
> to
> >>> > get assistance, when it comes to specific questions on the open
> source
> >>> > development. Even more, the company has created a part time position
> for
> >>> > the open source community work.
> >>> >
> >>> > == Homogenous Developers ==
> >>> >
> >>> > Although ALOIS has been developed by employees of only one company,
> >>> > there is a thorough openness. The company is designed to stay small
> and
> >>> > therefore works with several independent partners. Furthermore, its
> >>> > employees work in geographically different parts of the country.
> >>> > Therefore, it is no new experience for the developers to work in a
> >>> > distributed environment and argue rather than to command. Already
> today
> >>> > the employees are enforced to document all face-to-face communication
> in
> >>> > the internal wiki. Sketches are photographed and stored in the
> project's
> >>> > digital folder.
> >>> >
> >>> > == Reliance on Salaried Developers ==
> >>> >
> >>> > Until today all the development of ALOIS has been made in a paid
> >>> > emplyoment. Therefore we know that this brings a significant danger.
> >>> > Since it is our stated aim to encourage participation and recruit
> >>> > commiters, we hope to eliminate this risk as soon as possible.
> >>> > Furthermore, the employees of IMSEC are all open source enthusiasts
> and
> >>> > are in one way or another active in the community. Although we have
> no
> >>> > certainty, there is good indication that the current commiters would
> >>> > continue their work on ALOIS, even if they wouldn't be paid for it.
> >>> >
> >>> > == Relationships with Other Apache Products ==
> >>> >
> >>> > The Apache Logging Service would be a perfect home for ALOIS as a
> >>> > centralized logging collection and analyzing tool. Furthermore, we
> think
> >>> > that we could share part of the code with the Chainsaw subproject,
> since
> >>> > both need similar functionality in the web frontend. Since it is our
> >>> > statet aim to replace our own code with proofen open source
> libraries,
> >>> > we are open for any collaboration with other projects. For example,
> the
> >>> > replacement of the MySQL with a NoSQL database might be useful for
> >>> > performance reasons; therefore HBase is a good candidate.
> >>> >
> >>> > == An Excessive Fascination with the Apache Brand ==
> >>> >
> >>> > The Apache brand is in fact for its own a very good reason to join
> the
> >>> > Incubator. But much more our desire to become part of the Apache
> >>> > Incubator is our strong believe in open source software in general
> and
> >>> > in the „Apache way“ in particular. We would love to learn from
the
> >>> > experience and knowledge of the foundation's members and
> participants,
> >>> > which is an important part of the brand as well. The foundation has
> >>> > shown many times, that it has the processes and people to succeed in
> >>> > launching a project. We would be very proud to be part of this
> success
> >>> > story.
> >>> >
> >>> >
> >>> > = Documentation =
> >>> >
> >>> > The documentation is rather weak and scattered. It has mainly been
> >>> > maintained on a wiki and is open to improvement. Since we are totally
> >>> > aware that this is a killer for a successfull open source project,
we
> >>> > have already started an internal project with its own budget to
> improve
> >>> > this shortcomming. Once the project has been launched, writing a blog
> or
> >>> > open a forum are other possibilities we already thought of.
> >>> >
> >>> > Furthermore, as the employees are used to work in a geographycally
> >>> > distributed environment, a lot of the internal communication happens
> in
> >>> > a chat. Thus, opening a new chat channel for the community is
> scheduled.
> >>> > (To document the discussions for all those who were off-line, we
> would
> >>> > send the logs daily to the mailing list.)
> >>> >
> >>> >
> >>> > = Initial Source =
> >>> >
> >>> > Although the initial source comes from a project for a customer. it
> has
> >>> > an open source licence since the beginning. Therefore it doesn't have
> >>> > any propriatary code in it. A thorough revision before releasing it
> to a
> >>> > public repository is recommend and is also in planning.
> >>> >
> >>> > The initial source will be a snapshot of the version control system,
> >>> > accompanied by a related debian package.
> >>> >
> >>> >
> >>> > = Source and Intellectual Property Submission Plan =
> >>> >
> >>> > ALOIS is currently under a GPL licence. Since there are only two
> >>> > contributors so far, both from the same company, there is no problem
> to
> >>> > re-licence the code and contribute it to Apache. The commitment of
> the
> >>> > company's owner has been granted.
> >>> >
> >>> >
> >>> > = External Dependencies =
> >>> >
> >>> > So far, no external dependencies are known. As mentioned before, a
> >>> > thorough revision of the codebase is in planning. There it can be
> >>> > controlled, that no other licence is affected by the code.
> >>> >
> >>> >
> >>> > = Cryptography =
> >>> >
> >>> > ALOIS does not involve cryptographic code.
> >>> >
> >>> >
> >>> > = Required Resources =
> >>> >
> >>> > == Mailing lists ==
> >>> >
> >>> > The following mailing lists will be required:
> >>> >
> >>> >  * alois-private
> >>> >  * alois-dev
> >>> >  * alois-commits
> >>> >  * alois-users
> >>> >
> >>> > == Subversion Directory ==
> >>> >
> >>> > https://svn.apache.org/repos/asf/incubator/alois
> >>> >
> >>> > == Issue Tracking ==
> >>> >
> >>> > JIRA ALOIS (ALOIS)
> >>> >
> >>> > == Other Resources ==
> >>> >
> >>> > We would like to open a chat channel. If this isn't possible within
> the
> >>> > infrastructure of Apache, we would love to do this in our own already
> >>> > existing infrastructure.
> >>> >
> >>> >
> >>> > = Initial Commiters =
> >>> >
> >>> >  * NAME             EMAIL                              AFFILIATION
>  CLA
> >>> >  * Flavio Pellanda  flavio.pellanda at logintas dot ch IMSEC
>  no
> >>> >  * Urs Lerch        mail at ulerch dot net             IMSEC
>  no
> >>> >  * Daniel Lutz      daniel.lutz at logintas dot ch     IMSEC
>  no
> >>> >  * Marcus Holthaus  marcus.holthaus at imsec dot ch    IMSEC
>  no
> >>> >
> >>> >
> >>> > = Sponsors =
> >>> >
> >>> > == Champion ==
> >>> >
> >>> >  * Scott Deboy <sdeboy at apache dot org>
> >>> >
> >>> > == Nominated Mentors ==
> >>> >
> >>> >  * Scott Deboy <sdeboy at apache dot org>
> >>> >
> >>> > == Sponsoring Entity ==
> >>> >
> >>> > The Incubator PMC (requested) b
> >>> >
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> >>> For additional commands, e-mail: general-help@incubator.apache.org
> >>>
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> > For additional commands, e-mail: general-help@incubator.apache.org
> >
> >
>
>
>
> --
> Thanks
> - Mohammad Nour
>   Author of (WebSphere Application Server Community Edition 2.0 User Guide)
>   http://www.redbooks.ibm.com/abstracts/sg247585.html
> - LinkedIn: http://www.linkedin.com/in/mnour
> - Blog: http://tadabborat.blogspot.com
> ----
> "Life is like riding a bicycle. To keep your balance you must keep moving"
> - Albert Einstein
>
> "Writing clean code is what you must do in order to call yourself a
> professional. There is no reasonable excuse for doing anything less
> than your best."
> - Clean Code: A Handbook of Agile Software Craftsmanship
>
> "Stay hungry, stay foolish."
> - Steve Jobs
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message