+1 notbinding On Thu, Aug 26, 2010 at 4:30 PM, Benson Margulies <bimargul...@gmail.com> wrote: > OK, I read the syntax of this sideways. > > +1, binding, from me. > > On Thu, Aug 26, 2010 at 12:26 PM, Urs Lerch <m...@ulerch.net> wrote: >> Hi >> >> There is, at least in my opinion, a very clear statement regarding the >> licencing: >> >> = Source and Intellectual Property Submission Plan = >> >> ALOIS is currently under a GPL licence. Since there are only two >> contributors so far, both from the same company, there is no problem >> to re-licence the code and contribute it to Apache. The commitment of >> the company's owner has been granted. >> >> The names of the two contributors are listed elsewhere in the proposal. >> Do you think that ain't enough? >> >> Best >> Urs >> >> >> Am Donnerstag, den 26.08.2010, 12:17 -0400 schrieb Benson Margulies: >>> I don't see anything explicit in here about relicensing from GPL to >>> ASL. Perhaps that was hashed out before I joined the PMC? >>> >>> I'm +0 tending toward -1 without an explicit statement that the >>> copyright owners are known and on board with the license change. >>> >>> On Thu, Aug 26, 2010 at 12:09 PM, Urs Lerch <m...@ulerch.net> wrote: >>> > Hi, >>> > >>> > I would like to call a vote for accepting "ALOIS" for incubation in >>> > the Apache Incubator. The full proposal is available below and on the >>> > proposal wiki page (http://wiki.apache.org/incubator/AloisProposal). We >>> > ask the Incubator PMC to sponsor it, with Scott Deboy volunteering as >>> > Champion and Mentor. Additional mentors are warmly welcome. >>> > >>> > Please cast your vote: >>> > >>> > [ ] +1, bring ALOIS into Incubator >>> > [ ] +0, I don't care either way, >>> > [ ] -1, do not bring ALOIS into Incubator, because... >>> > >>> > This vote will be open for 72 hours and only votes from the Incubator >>> > PMC are binding. >>> > >>> > Thanks, >>> > Urs >>> > >>> > >>> > -------------------------------------------- >>> > >>> > >>> > = Preface = >>> > >>> > ALOIS is a log collection and correlation software with reporting and >>> > alarming functionalities. It has been implemented by the Swiss company >>> > IMSEC for a customer about five years ago. GPL-licenced, implemented in >>> > Ruby and completely based on other OSS-licensed components, it was >>> > designed for the open source community right from the start. Now that >>> > the software has shown its functioning over several years in production >>> > with the one customer and one IMSEC-internal installation, it seems to >>> > be the right time to open it to a wider community. >>> > >>> > >>> > = Abstract = >>> > >>> > ALOIS stands for „Advanced Logging and Intrusion Detection System“ and >>> > is meant to be a fully implemented open source SIEM (security >>> > information and event management) system. >>> > >>> > >>> > = Proposal = >>> > >>> > While almost all other SIEM software, be it closed or open source, >>> > concentrate on the technological part of security monitoring, ALOIS is >>> > aimed to monitor the security of the content. It intends to be >>> > pro-active in the detection of potential loss, theft, mistaken >>> > modification or unauthorized access. ALOIS works on log messages and >>> > thus contains all the basic functionality of a conventional SIEM, as >>> > centralized collecting, normalizing, aggregation, analyzing and >>> > correlating of all log messages, as well as reporting all security >>> > related events. Therefore it can be used as any other SIEM. >>> > >>> > ALOIS consists of five modules interacting to ensure a scaleable >>> > functionality of a SIEM: >>> > >>> > * Insink is the message sink, which is the receiving entry point for >>> > all the different log messages into ALOIS. It is partly based on the >>> > syslog-ng software. Insink listens for messages (UDP), waits for >>> > messages (TCP), receives message collections (files, emails) and >>> > pre-filters them to prevent from message flow overload. >>> > >>> > * Pumpy is the incoming FIFO buffer, implemented as a relational >>> > database tables. which contain the incoming original messages (in raw >>> > format). In a complex system setup, there may be several insink >>> > instances, e.g. for a group of hosts, for specific types of messages, or >>> > for high-avaliablity. >>> > >>> > * Prisma contains logic to split up the text of log messages into >>> > separate fields, based on regular expressions. Actually, "prisma" is a >>> > set of "prismi", each one prisma for one type of log message (apache, >>> > cisco etc. Several prismi can be applied to the same message. This >>> > allows for stacked messages, i.e. forwarded log messages contained in >>> > compressed files contained in e-mail messages. The data retrieved form >>> > the log messages is stored in a database called Dobby. Due to prisma >>> > being written in Ruby, prismi can be applied interactively (when having >>> > system access). >>> > >>> > * Dobby is the central log database. It should be separated from the >>> > Pumpy database for availability and performance reasons. The current >>> > implementation is based on MySQL. >>> > >>> > * The Analyzer contains the two sub-systems Lizard and Reptor. Lizard >>> > is the analysis engine and user interface of ALOIS, implemented in Ruby >>> > on Rails using AJAX. It allows for interactive browsing through the >>> > collected data, exclusion/inclusion/selection of data, data sorting, >>> > data filtering, creation of views, ad-hoc textual and graphical >>> > reporting. Reptor allows for automatic activation of views and >>> > comparison of these views' results to a predefined result (pattern >>> > matching). In case of mismatch, Reptor sends the result to predefined >>> > e-mail addresses. >>> > >>> > Its modular design guarantees ALOIS to scale from little to large >>> > organizations. Since there exists a Debian package, it's easy to build a >>> > test system or even a productive system for small environments. >>> > >>> > Although the software has been in productive use for a few years, there >>> > is still a lot of desired functionality missing. The plugability of new >>> > connected systems is given, but needs some revision. It is a given goal >>> > of the project to allow modules in other programming language. >>> > Furthermore, it has been discussed if parts of the existing >>> > implementation may be replaced with other proven open source software, >>> > e.g. the correlation engine or the web frontend. The other way round, it >>> > has been discussed that the filter creation engine would make a good >>> > tool for any kind of structured data, and thus could be separated from >>> > ALOIS and standardized as a stand-alone tool. >>> > >>> > >>> > = Background = >>> > >>> > It's not simple to know what happens in a bigger network. There's a >>> > multitude of applications, services and appliances working together. >>> > Many of them provide some kind of events or state information. The >>> > network administrator needs to get hands on all of them. But they come >>> > in many different flavors and multiple canals. Therefore, it's hard to >>> > get the big picture. Furthermore, we have learned that it's impossible >>> > to protect a system against all malicious attacks and to keep all the >>> > possible faulty handling away. A monitoring of the systems to guarantee >>> > a pro-active handling is therefore needed.. >>> > >>> > Therefore, more and more organizations collect and analyze all logfiles >>> > in a centralized system, called a SIEM (security information and event >>> > management). The technology provides two major functions for security >>> > events from networks, systems and applications: log management and >>> > compliance reporting (SIM – security information management) and >>> > real-time monitoring and incident management (SEM – security event >>> > management). >>> > >>> > >>> > = Rationale = >>> > >>> > Why another security information and event management system? It's true, >>> > there's already plenty of them. While the proprietary software is way >>> > too expensive for smaller to mid-sized companies, we find that the open >>> > source solutions are either too simple or not completely open. For >>> > example, behind each of the well known systems “OSSIM” and “Prelude”, >>> > there is a company that either closes central functionality for its own >>> > business or has dual licensing and therefore asks the full copyright for >>> > all contributed code. >>> > >>> > ALOIS is aimed to be totally free and open for all contributions. The >>> > openness provided for other programming languages is certainly proof of >>> > this. The plug-ability - yet to be further developed - is meant to >>> > guarantee that individual needs can be realized without stressing the >>> > whole system too much. In our opinion, the Linux kernel is a good >>> > example that this can work very well. >>> > >>> > Since we are in accordance with „the Apache way“, we would be very >>> > pleased if ALOIS could become part of the Apache community. In Addition, >>> > the Apache Logging Services would be a perfect home for the software. >>> > Furthermore, it's not the intention to compete with the already existing >>> > log viewer and analyzing tool „Chainsaw“. Since Chainsaw is a relatively >>> > easy tool, it meets a rather different need. Nevertheless, if the two >>> > projects use synergies, both can profit. >>> > >>> > >>> > = Initial Goals = >>> > >>> > When this project started ins 2005, there was no proven SIEM open source >>> > software and the commercial tools were way too expensive for the needed >>> > environment. Therefore, we decided together with a customer of ours to >>> > implement an open source SIEM tool from scratch. Now the software has >>> > run in a production environment for several years and has proven its >>> > functionality and reliabilty. >>> > >>> > >>> > = Current Status = >>> > >>> > == Meritocracy == >>> > >>> > As already mentioned, ALOIS is already in production use in two >>> > organizations. All the code has been written by two persons of the same >>> > company in a paid employment relationship. It is obvious that this is >>> > way different from the open source approach within Apache. But >>> > nevertheless, the two developers have always worked as a team and the >>> > decisions were made in consensus whenever possible. But it is no secret, >>> > that these developers have to learn to behave in an open community. >>> > Understanding this potential problem, they already got support by a >>> > freelance consulter, who has the corresponding experience and knowledge. >>> > >>> > == Community == >>> > >>> > Until today there is no real community, because the project hasn't been >>> > published officially, although it had been completely published on the >>> > web site for a couple of months (until a server relaunch). Convinced by >>> > the concept and design of the software, we are open and hope to reach >>> > many contributors and users. We think that it is realistic, because the >>> > SIEM issue has yet not been resolved in the OSS space. >>> > >>> > == Core Developers == >>> > >>> > ALOIS was developed by Simon Hürliman and Flavio Pellanda, both employed >>> > by the company IMSEC. Concerning Design and Architecture, Marcus >>> > Holthaus, owner of IMSEC, gave his input as security specialist. Since >>> > the beginning of this year, Urs Lerch, a doctorate on the subject of >>> > commercial open source software development, supports the team with his >>> > knowledge. Simon Hürlimann has left the company three years ago, but is >>> > still active in the OSS environment (although not for ALOIS). Current >>> > employee Daniel Lutz (a Debian Developer) has also contributed to the >>> > project. >>> > >>> > == Alignment == >>> > >>> > Besides that we strongly believe in the „Apache way“, we think that >>> > although that Apache hosts the Logging Services and different security >>> > projects, there is a gap when it comes to a superordinate security view. >>> > We therefore think it a good idea to add our SIEM project to the Apache >>> > repository. On the other side, Apache would become an even more complete >>> > software repository. >>> > >>> > >>> > = Known Risks = >>> > >>> > == Orphaned products == >>> > >>> > Since the software is only maintained by employers of one company, there >>> > is a severe risk of being orphaned. But, on the one hand, the company >>> > has a sustained interest in keeping the project alive, because there are >>> > plans to offer services on top of ALOIS, and IMSEC uses the software for >>> > SIEM on their own systems. For this reason there exists a budget for the >>> > development and support of ALOIS. On the other hand, we believe that >>> > ALOIS is of great interest for other people and companies tied to IT >>> > security. Therefore, our step to the Apache incubator is also a step to >>> > a bigger community. >>> > >>> > == Inexperience with Open Source == >>> > >>> > While ALOIS has always been licenced under the GPL, access to the source >>> > code, bug tracker and version control system has been restricted to >>> > internal users for most of the time. But the company has a strong >>> > believe in the open source movement and therefore engages its employees >>> > to take part in the community. Furthermore, it is also a strategic >>> > decision to build services on top of linux. >>> > >>> > We understand that the Apache Incubator is a great opportunity for us to >>> > get assistance, when it comes to specific questions on the open source >>> > development. Even more, the company has created a part time position for >>> > the open source community work. >>> > >>> > == Homogenous Developers == >>> > >>> > Although ALOIS has been developed by employees of only one company, >>> > there is a thorough openness. The company is designed to stay small and >>> > therefore works with several independent partners. Furthermore, its >>> > employees work in geographically different parts of the country. >>> > Therefore, it is no new experience for the developers to work in a >>> > distributed environment and argue rather than to command. Already today >>> > the employees are enforced to document all face-to-face communication in >>> > the internal wiki. Sketches are photographed and stored in the project's >>> > digital folder. >>> > >>> > == Reliance on Salaried Developers == >>> > >>> > Until today all the development of ALOIS has been made in a paid >>> > emplyoment. Therefore we know that this brings a significant danger. >>> > Since it is our stated aim to encourage participation and recruit >>> > commiters, we hope to eliminate this risk as soon as possible. >>> > Furthermore, the employees of IMSEC are all open source enthusiasts and >>> > are in one way or another active in the community. Although we have no >>> > certainty, there is good indication that the current commiters would >>> > continue their work on ALOIS, even if they wouldn't be paid for it. >>> > >>> > == Relationships with Other Apache Products == >>> > >>> > The Apache Logging Service would be a perfect home for ALOIS as a >>> > centralized logging collection and analyzing tool. Furthermore, we think >>> > that we could share part of the code with the Chainsaw subproject, since >>> > both need similar functionality in the web frontend. Since it is our >>> > statet aim to replace our own code with proofen open source libraries, >>> > we are open for any collaboration with other projects. For example, the >>> > replacement of the MySQL with a NoSQL database might be useful for >>> > performance reasons; therefore HBase is a good candidate. >>> > >>> > == An Excessive Fascination with the Apache Brand == >>> > >>> > The Apache brand is in fact for its own a very good reason to join the >>> > Incubator. But much more our desire to become part of the Apache >>> > Incubator is our strong believe in open source software in general and >>> > in the „Apache way“ in particular. We would love to learn from the >>> > experience and knowledge of the foundation's members and participants, >>> > which is an important part of the brand as well. The foundation has >>> > shown many times, that it has the processes and people to succeed in >>> > launching a project. We would be very proud to be part of this success >>> > story. >>> > >>> > >>> > = Documentation = >>> > >>> > The documentation is rather weak and scattered. It has mainly been >>> > maintained on a wiki and is open to improvement. Since we are totally >>> > aware that this is a killer for a successfull open source project, we >>> > have already started an internal project with its own budget to improve >>> > this shortcomming. Once the project has been launched, writing a blog or >>> > open a forum are other possibilities we already thought of. >>> > >>> > Furthermore, as the employees are used to work in a geographycally >>> > distributed environment, a lot of the internal communication happens in >>> > a chat. Thus, opening a new chat channel for the community is scheduled. >>> > (To document the discussions for all those who were off-line, we would >>> > send the logs daily to the mailing list.) >>> > >>> > >>> > = Initial Source = >>> > >>> > Although the initial source comes from a project for a customer. it has >>> > an open source licence since the beginning. Therefore it doesn't have >>> > any propriatary code in it. A thorough revision before releasing it to a >>> > public repository is recommend and is also in planning. >>> > >>> > The initial source will be a snapshot of the version control system, >>> > accompanied by a related debian package. >>> > >>> > >>> > = Source and Intellectual Property Submission Plan = >>> > >>> > ALOIS is currently under a GPL licence. Since there are only two >>> > contributors so far, both from the same company, there is no problem to >>> > re-licence the code and contribute it to Apache. The commitment of the >>> > company's owner has been granted. >>> > >>> > >>> > = External Dependencies = >>> > >>> > So far, no external dependencies are known. As mentioned before, a >>> > thorough revision of the codebase is in planning. There it can be >>> > controlled, that no other licence is affected by the code. >>> > >>> > >>> > = Cryptography = >>> > >>> > ALOIS does not involve cryptographic code. >>> > >>> > >>> > = Required Resources = >>> > >>> > == Mailing lists == >>> > >>> > The following mailing lists will be required: >>> > >>> > * alois-private >>> > * alois-dev >>> > * alois-commits >>> > * alois-users >>> > >>> > == Subversion Directory == >>> > >>> > https://svn.apache.org/repos/asf/incubator/alois >>> > >>> > == Issue Tracking == >>> > >>> > JIRA ALOIS (ALOIS) >>> > >>> > == Other Resources == >>> > >>> > We would like to open a chat channel. If this isn't possible within the >>> > infrastructure of Apache, we would love to do this in our own already >>> > existing infrastructure. >>> > >>> > >>> > = Initial Commiters = >>> > >>> > * NAME EMAIL AFFILIATION CLA >>> > * Flavio Pellanda flavio.pellanda at logintas dot ch IMSEC no >>> > * Urs Lerch mail at ulerch dot net IMSEC no >>> > * Daniel Lutz daniel.lutz at logintas dot ch IMSEC no >>> > * Marcus Holthaus marcus.holthaus at imsec dot ch IMSEC no >>> > >>> > >>> > = Sponsors = >>> > >>> > == Champion == >>> > >>> > * Scott Deboy <sdeboy at apache dot org> >>> > >>> > == Nominated Mentors == >>> > >>> > * Scott Deboy <sdeboy at apache dot org> >>> > >>> > == Sponsoring Entity == >>> > >>> > The Incubator PMC (requested) b >>> > >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>> For additional commands, e-mail: general-h...@incubator.apache.org >>> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
-- Thanks - Mohammad Nour Author of (WebSphere Application Server Community Edition 2.0 User Guide) http://www.redbooks.ibm.com/abstracts/sg247585.html - LinkedIn: http://www.linkedin.com/in/mnour - Blog: http://tadabborat.blogspot.com ---- "Life is like riding a bicycle. To keep your balance you must keep moving" - Albert Einstein "Writing clean code is what you must do in order to call yourself a professional. There is no reasonable excuse for doing anything less than your best." - Clean Code: A Handbook of Agile Software Craftsmanship "Stay hungry, stay foolish." - Steve Jobs --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
