Today’s diary will be less technical than usual, and more “philosophical” let’s say (because, why not, we need those too :)) Last week I shared a thought on twitter, saying that sometimes I wish in our community we would stop “reinventing the wheel” by developing yet another FOSS tool that solves the same problem, instead of joining forces and build fewer but better and longer term solutions. This generated few interesting conversations both online and offline.
Please keep in mind that, for me, there is no right and wrong side on this, I think both have valid arguments, but nevertheless I felt I would like to hear more you about this, since it’s a topic that I hear in more and more often into, and of course the “dream” of one day seeing this happen. There are several ways to contribute in our community:
The focus of my original thought is mostly on the first of the above points. There are not too many people (compared to the overall size of the community) able to code at such level, and sometimes seeing the fragmentation of big good projects which overlap 80-90% in functionalities makes me wonder of the potential those developers could reach if joining forces on the same project.
I totally agree, it’s not easy, and motivations to do so are as valid on both sides. The most common initial reason I hear is “well, none of the tools out there covered all my needs, so I (we) decided to write it from scratch.”. Fair point. However, is it really worthy to do so instead of bringing in those 10-20% new features you need into the existing project?
Some people feel like writing it in a different language would boost performance and longer term maintenance/development, or simply are good at a different language, and this would go against the author(s) of the original tool. Some other want to have the control of the long term development, and you definitely have if you own the tool. Still others advocate for more diversity, I definitely do agree that diversity (as always and in every context) is good. Having multiple solutions which can help you double check your findings is great (never blindly trust one source only). But is too much diversity in tooling still good?
As I wrote on twitter, this is a dream, I’m aware of it. But whether you are one of those gifted who can Code or not, I would love to hear your opinion.
One final message: clearly, you do not need to know how to code to contribute to FOSS projects. Pick one and start contributing today!
Pasquale Stirparo, @pstirparo
Nov 11th 2018
1 month ago
Lets not say “philosophical”, lets say managerial or PM.
1-utilize and build within a framework. That provides several benefits, like reduciing training and documentation. Modularity allows user to play with whatever they want to play with.
Improvement of documentation should be a major effort. It is a challenge even for commercial products. Again, this is where buildilng in a common framework helps.
Both of these suggest that there is an organization coordinating this efforts. Someone needs to build the frameworks and to establish specifications for it. If none of the frameworks works, build a better framework. But yet another ping tool might not be much of an advancement.
Another big effort that must be addressed is Continuous Monitoring (ConMon). The tools must provide common reporting and coordinated output. Network and host tools must be able to provide common output format as does the Audit tracking (as does the neaarly dozen other technologies noted in NIST SP 800-137. Network, host or audit monitoring are not ConMon. But all these must be able to commonly contribute to ConMon without much translation, reformatting, conversion, etc. The (technical) tools must be able to correlate to controls (FISMA, PCI, HIPAA, as appropriate) so that ConMon can be performed. For example, Network/Router/Firewall tools must correlate to the requirements in SC-5 and/or SC-7 (these 2 must be on your ConMon List).
Nov 12th 2018
4 weeks ago