>
> You work for _Counterpane_?!? I am involved in open source Java
cryptography
> projects, and cypto/security is where alot of my experience lies. I am, of
> course, quite familiar with Counterpane. ;-)
>
> You work with Bruce and shit ... damn, what and honor THAT would be :)
Yeah, he's a cool guy. But, i'm not much of a crypto-freak. As you might
know already, we have enough crypto (for now). The bigger problems are in
people processes (sysadmin config), user habits (mail attachment viruses and
such), and coding habits (design and careless server programming).
I usually don't see Bruce on a day-to-day basis, as he works out of his home
in some other state. The other guys from Counterpane labs live in North
Carolina and Netherlands (Niels Ferguson, who recently cracked the Intel
streaming video encryption scheme. hehe). I work at the San Jose
headquarters.
>
> It's a shame that the product won't be publicly available, because as a
> crypto/security nut, I would *love* to see what you Counterpane guys come
up
> with on intrusion detection. I bet it rocks.
Hmmm. Maybe once the company goes belly up like the dot-coms in the area,
we'll release it as "jakarta-sentry" ;-)
>
> > I am the lead Java guy for the event detection engine that runs on the
> > "sentry" intrusion detection box (no GUI, no human interface). We have
plans
> > to allow customers to see the status of their network via an https
interface.
> > The interface will also allow them to chat live with a security analyst
> > (which we have 24/7).
>
> That's cool as hell. I've been working on the Tomcat standalone SSL stuff
these
> days, in some part because my company is also in the process of developing
a
> product (a cluster management tool) which will need it. If you should ever
run
> across anything, or need something, in that department, let us know, and
I'll
> see what I can do =)
Cool. We'll talk more about that in non-list emails. What company is
developing your product?
>
> > Right now we've integrated Acme server (and integrated https and login
> > session support ourselves, which was a royal pain). So, I'm trying to
> > figure out if we want to continue maintaining (fixing/rewriting?) the
Acme
> > server or scrap it and go to something else. We want code that is small
enough
> > to audit (for security), but functional enough to support servlets and
> > secure sessions.
>
> I think Tomcat can definitely accomodate you ;-)
It think it will eventually, after all I only need it to run 2 servlets!
>
> - Christopher
