From robert.jamison at bt.com Mon Jul 6 11:56:17 2009 From: robert.jamison at bt.com (robert.jamison@bt.com) Date: Mon, 6 Jul 2009 16:56:17 +0100 Subject: [Discussion] Bylaws Draft 2 Available! In-Reply-To: <4A43B790.9030806@jonkmans.com> References: <4A31175F.6090607@jonkmans.com><70D072392E56884193E3D2DE09C097A91F40B0@pascal.zaphodb.org> <4A43B790.9030806@jonkmans.com> Message-ID: <3839DD5BC9EE23459E6FAC536A28053708FA9FA8@E03MVY2-UKDY.domain1.systemhost.net> Matt, I read throught the Bylaws draft 2 and wanted to bring up 2 items: [1] In the Advisory Board para, second sentence: "The Advisory Board has no corporate decision-making authority but provides a vehicle for its members to communicate with the Board and help the Directors guide the overall direction of the OISF Engine and OISF." Is the sentence above saying that the 'Technical Advisory Board' will provide means to communicate with both the Directors and the 'Financial' or 'Corporate' 'Board'? The term 'Board' becomes ambiguous when used to describe two entities in the same sentence. Later in the paragraph 'Board of Directors' is used, and the inference is there, it's just a little late grammatically. [2] Later in the advisory board section: " to receive a version of the OISF Engine under more permissive terms for a period of one year." More permissive than the Committers as mentioned previously in the 'Committers' section? If so, since we defined the extents of engine use to committers should we at least say 'individually persmissive terms' or 'special terms determined by the Board of Directors'? [3] "Community Participants must agree that their participation as Community Participants is in their individual capacity and not on behalf of any corporate entity or other organization." --Is this a legally binding agreement? This seems like a really important one since the intention would be to reduce any claims on OISF technology from employers of community members. Perhaps it should be stressed, explained or mentioned in legalese, since under the Committers para, it reads " All committers must complete a copyright assignment to OISF." Shouldn't even more IP enforcement be considered for Community Members who claim active participation in the project, or is this a tested and adequate standard already being applied in many open source projects. Thanks! Rob Jamison | Manager of Network Intelligence | Managed Security Solutions | BT | Tel +1 571.269.7378| Fax: +1 703.961.9140 | E: robert.jamison at bt.com | bt.counterpane.com -----Original Message----- From: discussion-bounces at openinfosecfoundation.org [mailto:discussion-bounces at openinfosecfoundation.org] On Behalf Of Matt Jonkman Sent: Thursday, June 25, 2009 1:45 PM To: Tomas L. Byrnes Cc: Emerging Threats Signatures; discussion at openinfosecfoundation.org; oisf-announce at openinfosecfoundation.org Subject: Re: [Discussion] Bylaws Draft 2 Available! Sorry for the delay in answering Tom, but you make good points. We've been talking to our counsel and think we have things ironed out. We are being VERY careful to have a solid legal framework to stand on that will allow the foundation to fulfill it's goals of building a great piece of software, making it open source and easy to use without license conflicts, and protecting the foundation and project from litigation down the road. So version 0.2 of the bylaws are available. The only changes are: 1. We are going with GPLv2 to avoid the patent complications. Those are surmountable, but the possible negative image some folks still have of gplv3 are something we don't want to have to overcome. 2 will work. 2. A quorum will be defined as a majority for voting purposes. (this isn't spelled out in the summary of the bylaws here. These are just working material, once we're set these will be drafted into full legalese and made available for review) So please all take a look and let us know if there are any other issues we should consider before the full bylaws are drawn up. http://www.openinfosecfoundation.org/bylaws_draft_v0.3.txt Thanks Tom and everyone for the frank and constructive conversation. It'll pay off for us all with a solid and reliable framework to get things done! Matt Tomas L. Byrnes wrote: > I think we need more clarity as to what the position on patents will be, given that you are planning on GPLv3. Section 11 of the GPLv3 only requires licensing the patent in connection with the contributed Copyright, but given that you are assigning Copyright, you need to be clear how you handle any Patents practiced in the Copyrighted code. > > Clearly, the simplest case is the typical one envisioned in the GPLv3: A contributor contributes Copyright, and as part of that, grants a patent license under Section 11, para 3, of the GPLv3 "Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version." > > Requiring assignment of patents is likely to be problematic, but there may be cases where contributors would like to do so, in which case there needs to be a way to address how a contributor is reverse licensed for their contributed patent. There also should be some discussion of the status of the contributed patent, as patents that are still under review may encumber OISF with additional costs if contributed, or create liability if the contributor grants a license to or assigns a Patent, some of whose claims, which claims are practiced in the code, turn out to be part of a prior, valid, patent (and thus the code infringes the IP of a non-contributor). This latter piece is a common problem with even GPLv2, an example being the MS FAT32 patent, which all GPL code that can read and write FAT infringes. > > We may also be severely limiting the reach of the project by using GPLv3, which is not exactly popular. > > Personally, I'm more comfortable with GPLv2. If it's good enough for Linux..... > > There should be some language about how a license is chosen, and process for appeal. > > Also, there needs to be definition of a quorum for all votes. > > The rest of it looks fine. > > YMMV, IMNSHO, etc etc (think Maurice in "Madagascar" as he introduces King Julian). > > > -- > Tomas L. Byrnes > ByrneIT > Phone (it will find me): 760.444.4727 > > Text Message: 7604023999 at messaging.sprintpcs.com > e-mail: tomb at byrneit.net > IM: MSN Messenger tomb at byrneit.net > Skype: zwithapggb > > >> -----Original Message----- >> From: discussion-bounces at openinfosecfoundation.org [mailto:discussion- >> bounces at openinfosecfoundation.org] On Behalf Of Matt Jonkman >> Sent: Thursday, June 11, 2009 7:41 AM >> To: oisf-announce at openinfosecfoundation.org; >> discussion at openinfosecfoundation.org >> Subject: [Discussion] Bylaws Draft 2 Available! >> >> Thanks to everyone who commented on the existing Bylaws draft. We've >> made some changes to suit the comments and concerns. The major change >> being that contributors to the project retain their copyright of code or >> ideas. This was discussed on the lists and makes a lot of sense, and we >> hope will satisfy both our individual contributors as well as the >> organizations that intend to contribute. >> >> >> The latest (and lets hope final!) draft is available here: >> http://www.openinfosecfoundation.org/bylaws_draft_v0.2.txt >> >> >> We welcome further comment good or bad! >> >> >> The Open Information Security Foundation >> >> >> >> -- >> -------------------------------------------- >> Matthew Jonkman >> Emerging Threats >> Phone 765-429-0398 >> Fax 312-264-0205 >> http://www.emergingthreats.net >> -------------------------------------------- >> >> PGP: http://www.jonkmans.com/mattjonkman.asc >> >> >> _______________________________________________ >> Discussion mailing list >> Discussion at openinfosecfoundation.org >> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc _______________________________________________ Discussion mailing list Discussion at openinfosecfoundation.org http://lists.openinfosecfoundation.org/mailman/listinfo/discussion From jonkman at jonkmans.com Wed Jul 8 15:15:08 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Wed, 08 Jul 2009 15:15:08 -0400 Subject: [Discussion] OISF Meeting Venue Change Message-ID: <4A54F03C.9070400@jonkmans.com> Due to the overwhelming response for the brainstorming session/public meeting we've had to change venue. We've already exceeded the comfortable capacity of the original space, so we've moved to the Virginian Suites Arlington. This will guarantee everyone has table space and plenty of room to work. There will still be electricity and internet available to attendees. The new venue is just around the corner from the original. You can use the same metro stop, or parking is available onsite. Directions are available here: http://www.virginiansuites.com/location_and_directions/ This also allows us to take in some of the latest RSVP's that we had to turn away. I believe we've contacted and made all of those turned away that there is room, but if by chance we missed you please contact me at jonkman at emergingthreats.net. If you've already booked at the Virginian Suites for your stay, or intend to, please let me know. We will have group rates that may be retroactive for existing bookings. We also now have space for a good deal more attendees, so please let us know if you'd like to attend. As before we'll have snacks, drinks and coffee all day and lunch free of charge. We are very excited about the organizations that are sending individuals to the meeting from government, military, and the commercial sectors. Please bring your ideas, what you want your IDS to be able to do, and we'll get it all on paper! July 16th, 10am Eastern Time, The Virginian Suites Arlington. Matt -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From mcholste at gmail.com Wed Jul 8 16:27:15 2009 From: mcholste at gmail.com (Martin Holste) Date: Wed, 8 Jul 2009 15:27:15 -0500 Subject: [Discussion] OISF Meeting Venue Change In-Reply-To: <4A54F03C.9070400@jonkmans.com> References: <4A54F03C.9070400@jonkmans.com> Message-ID: Will meeting minutes be posted, or some sort of webcast? On Wed, Jul 8, 2009 at 2:15 PM, Matt Jonkman wrote: > Due to the overwhelming response for the brainstorming session/public > meeting we've had to change venue. We've already exceeded the > comfortable capacity of the original space, so we've moved to the > Virginian Suites Arlington. This will guarantee everyone has table space > and plenty of room to work. There will still be electricity and internet > available to attendees. > > The new venue is just around the corner from the original. You can use > the same metro stop, or parking is available onsite. > > Directions are available here: > http://www.virginiansuites.com/location_and_directions/ > > This also allows us to take in some of the latest RSVP's that we had to > turn away. I believe we've contacted and made all of those turned away > that there is room, but if by chance we missed you please contact me at > jonkman at emergingthreats.net. If you've already booked at the Virginian > Suites for your stay, or intend to, please let me know. We will have > group rates that may be retroactive for existing bookings. > > We also now have space for a good deal more attendees, so please let us > know if you'd like to attend. As before we'll have snacks, drinks and > coffee all day and lunch free of charge. > > We are very excited about the organizations that are sending individuals > to the meeting from government, military, and the commercial sectors. > Please bring your ideas, what you want your IDS to be able to do, and > we'll get it all on paper! > > July 16th, 10am Eastern Time, The Virginian Suites Arlington. > > Matt > > -- > -------------------------------------------- > Matthew Jonkman > Emerging Threats > Phone 765-429-0398 > Fax 312-264-0205 > http://www.emergingthreats.net > -------------------------------------------- > > PGP: http://www.jonkmans.com/mattjonkman.asc > > > _______________________________________________ > Discussion mailing list > Discussion at openinfosecfoundation.org > http://lists.openinfosecfoundation.org/mailman/listinfo/discussion > From jonkman at jonkmans.com Thu Jul 9 08:45:46 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Thu, 09 Jul 2009 08:45:46 -0400 Subject: [Discussion] OISF Meeting Venue Change In-Reply-To: <4A550D65.5090700@gmail.com> References: <4A54F03C.9070400@jonkmans.com> <4A550D65.5090700@gmail.com> Message-ID: <4A55E67A.60006@jonkmans.com> We'll definitely have notes available. We hadn't considered a webcast yet but we could if there's enough interest. We'd also need some recommendations as to the hardware and method to get a webcast going. Anyone have some experience putting one on with video? Matt Gurvinder Singh wrote: > I think it will be great to see webcast if possible. To see the industry > and other bodies interest in to OISF IDS. > > Cheers, > > Gurvinder > Martin Holste wrote: >> Will meeting minutes be posted, or some sort of webcast? >> >> On Wed, Jul 8, 2009 at 2:15 PM, Matt Jonkman wrote: >> >>> Due to the overwhelming response for the brainstorming session/public >>> meeting we've had to change venue. We've already exceeded the >>> comfortable capacity of the original space, so we've moved to the >>> Virginian Suites Arlington. This will guarantee everyone has table space >>> and plenty of room to work. There will still be electricity and internet >>> available to attendees. >>> >>> The new venue is just around the corner from the original. You can use >>> the same metro stop, or parking is available onsite. >>> >>> Directions are available here: >>> http://www.virginiansuites.com/location_and_directions/ >>> >>> This also allows us to take in some of the latest RSVP's that we had to >>> turn away. I believe we've contacted and made all of those turned away >>> that there is room, but if by chance we missed you please contact me at >>> jonkman at emergingthreats.net. If you've already booked at the Virginian >>> Suites for your stay, or intend to, please let me know. We will have >>> group rates that may be retroactive for existing bookings. >>> >>> We also now have space for a good deal more attendees, so please let us >>> know if you'd like to attend. As before we'll have snacks, drinks and >>> coffee all day and lunch free of charge. >>> >>> We are very excited about the organizations that are sending individuals >>> to the meeting from government, military, and the commercial sectors. >>> Please bring your ideas, what you want your IDS to be able to do, and >>> we'll get it all on paper! >>> >>> July 16th, 10am Eastern Time, The Virginian Suites Arlington. >>> >>> Matt >>> >>> -- >>> -------------------------------------------- >>> Matthew Jonkman >>> Emerging Threats >>> Phone 765-429-0398 >>> Fax 312-264-0205 >>> http://www.emergingthreats.net >>> -------------------------------------------- >>> >>> PGP: http://www.jonkmans.com/mattjonkman.asc >>> >>> >>> _______________________________________________ >>> Discussion mailing list >>> Discussion at openinfosecfoundation.org >>> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion >>> >>> >> _______________________________________________ >> Discussion mailing list >> Discussion at openinfosecfoundation.org >> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion >> >> >> > -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From gurvindersinghdahiya at gmail.com Wed Jul 8 17:19:33 2009 From: gurvindersinghdahiya at gmail.com (Gurvinder Singh) Date: Thu, 09 Jul 2009 00:19:33 +0300 Subject: [Discussion] OISF Meeting Venue Change In-Reply-To: References: <4A54F03C.9070400@jonkmans.com> Message-ID: <4A550D65.5090700@gmail.com> I think it will be great to see webcast if possible. To see the industry and other bodies interest in to OISF IDS. Cheers, Gurvinder Martin Holste wrote: > Will meeting minutes be posted, or some sort of webcast? > > On Wed, Jul 8, 2009 at 2:15 PM, Matt Jonkman wrote: > >> Due to the overwhelming response for the brainstorming session/public >> meeting we've had to change venue. We've already exceeded the >> comfortable capacity of the original space, so we've moved to the >> Virginian Suites Arlington. This will guarantee everyone has table space >> and plenty of room to work. There will still be electricity and internet >> available to attendees. >> >> The new venue is just around the corner from the original. You can use >> the same metro stop, or parking is available onsite. >> >> Directions are available here: >> http://www.virginiansuites.com/location_and_directions/ >> >> This also allows us to take in some of the latest RSVP's that we had to >> turn away. I believe we've contacted and made all of those turned away >> that there is room, but if by chance we missed you please contact me at >> jonkman at emergingthreats.net. If you've already booked at the Virginian >> Suites for your stay, or intend to, please let me know. We will have >> group rates that may be retroactive for existing bookings. >> >> We also now have space for a good deal more attendees, so please let us >> know if you'd like to attend. As before we'll have snacks, drinks and >> coffee all day and lunch free of charge. >> >> We are very excited about the organizations that are sending individuals >> to the meeting from government, military, and the commercial sectors. >> Please bring your ideas, what you want your IDS to be able to do, and >> we'll get it all on paper! >> >> July 16th, 10am Eastern Time, The Virginian Suites Arlington. >> >> Matt >> >> -- >> -------------------------------------------- >> Matthew Jonkman >> Emerging Threats >> Phone 765-429-0398 >> Fax 312-264-0205 >> http://www.emergingthreats.net >> -------------------------------------------- >> >> PGP: http://www.jonkmans.com/mattjonkman.asc >> >> >> _______________________________________________ >> Discussion mailing list >> Discussion at openinfosecfoundation.org >> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion >> >> > _______________________________________________ > Discussion mailing list > Discussion at openinfosecfoundation.org > http://lists.openinfosecfoundation.org/mailman/listinfo/discussion > > > From eoin.miller at trojanedbinaries.com Thu Jul 9 10:20:17 2009 From: eoin.miller at trojanedbinaries.com (Eoin Miller) Date: Thu, 09 Jul 2009 10:20:17 -0400 Subject: [Discussion] [Emerging-Sigs] OISF Meeting Venue Change In-Reply-To: <4A55E67A.60006@jonkmans.com> References: <4A54F03C.9070400@jonkmans.com> <4A550D65.5090700@gmail.com> <4A55E67A.60006@jonkmans.com> Message-ID: <4A55FCA1.1020602@trojanedbinaries.com> No experience, but I know a lot of people use justin.tv for streaming their video feeds: http://www.justin.tv/ -- Eoin Miller Matt Jonkman wrote: > We'll definitely have notes available. We hadn't considered a webcast > yet but we could if there's enough interest. We'd also need some > recommendations as to the hardware and method to get a webcast going. > Anyone have some experience putting one on with video? > > Matt > > Gurvinder Singh wrote: > >> I think it will be great to see webcast if possible. To see the industry >> and other bodies interest in to OISF IDS. >> >> Cheers, >> >> Gurvinder >> Martin Holste wrote: >> >>> Will meeting minutes be posted, or some sort of webcast? >>> >>> On Wed, Jul 8, 2009 at 2:15 PM, Matt Jonkman wrote: >>> >>> >>>> Due to the overwhelming response for the brainstorming session/public >>>> meeting we've had to change venue. We've already exceeded the >>>> comfortable capacity of the original space, so we've moved to the >>>> Virginian Suites Arlington. This will guarantee everyone has table space >>>> and plenty of room to work. There will still be electricity and internet >>>> available to attendees. >>>> >>>> The new venue is just around the corner from the original. You can use >>>> the same metro stop, or parking is available onsite. >>>> >>>> Directions are available here: >>>> http://www.virginiansuites.com/location_and_directions/ >>>> >>>> This also allows us to take in some of the latest RSVP's that we had to >>>> turn away. I believe we've contacted and made all of those turned away >>>> that there is room, but if by chance we missed you please contact me at >>>> jonkman at emergingthreats.net. If you've already booked at the Virginian >>>> Suites for your stay, or intend to, please let me know. We will have >>>> group rates that may be retroactive for existing bookings. >>>> >>>> We also now have space for a good deal more attendees, so please let us >>>> know if you'd like to attend. As before we'll have snacks, drinks and >>>> coffee all day and lunch free of charge. >>>> >>>> We are very excited about the organizations that are sending individuals >>>> to the meeting from government, military, and the commercial sectors. >>>> Please bring your ideas, what you want your IDS to be able to do, and >>>> we'll get it all on paper! >>>> >>>> July 16th, 10am Eastern Time, The Virginian Suites Arlington. >>>> >>>> Matt >>>> >>>> -- >>>> -------------------------------------------- >>>> Matthew Jonkman >>>> Emerging Threats >>>> Phone 765-429-0398 >>>> Fax 312-264-0205 >>>> http://www.emergingthreats.net >>>> -------------------------------------------- >>>> >>>> PGP: http://www.jonkmans.com/mattjonkman.asc >>>> >>>> >>>> _______________________________________________ >>>> Discussion mailing list >>>> Discussion at openinfosecfoundation.org >>>> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion >>>> >>>> >>>> >>> _______________________________________________ >>> Discussion mailing list >>> Discussion at openinfosecfoundation.org >>> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion >>> >>> >>> >>> > > From jonkman at jonkmans.com Sun Jul 12 17:18:23 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Sun, 12 Jul 2009 17:18:23 -0400 Subject: [Discussion] [Emerging-Sigs] OISF Meeting Venue Change In-Reply-To: <4A55FCA1.1020602@trojanedbinaries.com> References: <4A54F03C.9070400@jonkmans.com> <4A550D65.5090700@gmail.com> <4A55E67A.60006@jonkmans.com> <4A55FCA1.1020602@trojanedbinaries.com> Message-ID: <4A5A531F.1050208@jonkmans.com> Not sure what we'll do here yet. I'll at the very least try to get audio we can post. It'll be a long session. Notes will be available afterwards for certain! Matt Eoin Miller wrote: > No experience, but I know a lot of people use justin.tv for streaming > their video feeds: > > http://www.justin.tv/ > > -- > Eoin Miller > > Matt Jonkman wrote: >> We'll definitely have notes available. We hadn't considered a webcast >> yet but we could if there's enough interest. We'd also need some >> recommendations as to the hardware and method to get a webcast going. >> Anyone have some experience putting one on with video? >> >> Matt >> >> Gurvinder Singh wrote: >> >>> I think it will be great to see webcast if possible. To see the industry >>> and other bodies interest in to OISF IDS. >>> >>> Cheers, >>> >>> Gurvinder >>> Martin Holste wrote: >>> >>>> Will meeting minutes be posted, or some sort of webcast? >>>> >>>> On Wed, Jul 8, 2009 at 2:15 PM, Matt Jonkman wrote: >>>> >>>> >>>>> Due to the overwhelming response for the brainstorming session/public >>>>> meeting we've had to change venue. We've already exceeded the >>>>> comfortable capacity of the original space, so we've moved to the >>>>> Virginian Suites Arlington. This will guarantee everyone has table space >>>>> and plenty of room to work. There will still be electricity and internet >>>>> available to attendees. >>>>> >>>>> The new venue is just around the corner from the original. You can use >>>>> the same metro stop, or parking is available onsite. >>>>> >>>>> Directions are available here: >>>>> http://www.virginiansuites.com/location_and_directions/ >>>>> >>>>> This also allows us to take in some of the latest RSVP's that we had to >>>>> turn away. I believe we've contacted and made all of those turned away >>>>> that there is room, but if by chance we missed you please contact me at >>>>> jonkman at emergingthreats.net. If you've already booked at the Virginian >>>>> Suites for your stay, or intend to, please let me know. We will have >>>>> group rates that may be retroactive for existing bookings. >>>>> >>>>> We also now have space for a good deal more attendees, so please let us >>>>> know if you'd like to attend. As before we'll have snacks, drinks and >>>>> coffee all day and lunch free of charge. >>>>> >>>>> We are very excited about the organizations that are sending individuals >>>>> to the meeting from government, military, and the commercial sectors. >>>>> Please bring your ideas, what you want your IDS to be able to do, and >>>>> we'll get it all on paper! >>>>> >>>>> July 16th, 10am Eastern Time, The Virginian Suites Arlington. >>>>> >>>>> Matt >>>>> >>>>> -- >>>>> -------------------------------------------- >>>>> Matthew Jonkman >>>>> Emerging Threats >>>>> Phone 765-429-0398 >>>>> Fax 312-264-0205 >>>>> http://www.emergingthreats.net >>>>> -------------------------------------------- >>>>> >>>>> PGP: http://www.jonkmans.com/mattjonkman.asc >>>>> >>>>> >>>>> _______________________________________________ >>>>> Discussion mailing list >>>>> Discussion at openinfosecfoundation.org >>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> Discussion mailing list >>>> Discussion at openinfosecfoundation.org >>>> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion >>>> >>>> >>>> >>>> >> > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From gurvinde at stud.ntnu.no Sun Jul 12 18:08:55 2009 From: gurvinde at stud.ntnu.no (Gurvinder Singh Dahiya) Date: Mon, 13 Jul 2009 00:08:55 +0200 Subject: [Discussion] [Emerging-Sigs] OISF Meeting Venue Change In-Reply-To: <4A5A531F.1050208@jonkmans.com> References: <4A54F03C.9070400@jonkmans.com> <4A550D65.5090700@gmail.com> <4A55E67A.60006@jonkmans.com> <4A55FCA1.1020602@trojanedbinaries.com> <4A5A531F.1050208@jonkmans.com> Message-ID: <20090713000855.2hi8z7t0pw4gook0@webmail.ntnu.no> Hi Matt, There are some live video software like qik, which can stream from your mobile phone and anybody can watch it on line. Another s/w is ffserver which can stream audio and video online. I think, if this is not possible then you can try to put audio coupled with the presentation slides. Cheers, Gurvinder Siterer Matt Jonkman : > Not sure what we'll do here yet. I'll at the very least try to get audio > we can post. It'll be a long session. Notes will be available afterwards > for certain! > > Matt > > Eoin Miller wrote: >> No experience, but I know a lot of people use justin.tv for streaming >> their video feeds: >> >> http://www.justin.tv/ >> >> -- >> Eoin Miller >> >> Matt Jonkman wrote: >>> We'll definitely have notes available. We hadn't considered a webcast >>> yet but we could if there's enough interest. We'd also need some >>> recommendations as to the hardware and method to get a webcast going. >>> Anyone have some experience putting one on with video? >>> >>> Matt >>> >>> Gurvinder Singh wrote: >>> >>>> I think it will be great to see webcast if possible. To see the industry >>>> and other bodies interest in to OISF IDS. >>>> >>>> Cheers, >>>> >>>> Gurvinder >>>> Martin Holste wrote: >>>> >>>>> Will meeting minutes be posted, or some sort of webcast? >>>>> >>>>> On Wed, Jul 8, 2009 at 2:15 PM, Matt Jonkman wrote: >>>>> >>>>> >>>>>> Due to the overwhelming response for the brainstorming session/public >>>>>> meeting we've had to change venue. We've already exceeded the >>>>>> comfortable capacity of the original space, so we've moved to the >>>>>> Virginian Suites Arlington. This will guarantee everyone has table space >>>>>> and plenty of room to work. There will still be electricity and internet >>>>>> available to attendees. >>>>>> >>>>>> The new venue is just around the corner from the original. You can use >>>>>> the same metro stop, or parking is available onsite. >>>>>> >>>>>> Directions are available here: >>>>>> http://www.virginiansuites.com/location_and_directions/ >>>>>> >>>>>> This also allows us to take in some of the latest RSVP's that we had to >>>>>> turn away. I believe we've contacted and made all of those turned away >>>>>> that there is room, but if by chance we missed you please contact me at >>>>>> jonkman at emergingthreats.net. If you've already booked at the Virginian >>>>>> Suites for your stay, or intend to, please let me know. We will have >>>>>> group rates that may be retroactive for existing bookings. >>>>>> >>>>>> We also now have space for a good deal more attendees, so please let us >>>>>> know if you'd like to attend. As before we'll have snacks, drinks and >>>>>> coffee all day and lunch free of charge. >>>>>> >>>>>> We are very excited about the organizations that are sending individuals >>>>>> to the meeting from government, military, and the commercial sectors. >>>>>> Please bring your ideas, what you want your IDS to be able to do, and >>>>>> we'll get it all on paper! >>>>>> >>>>>> July 16th, 10am Eastern Time, The Virginian Suites Arlington. >>>>>> >>>>>> Matt >>>>>> >>>>>> -- >>>>>> -------------------------------------------- >>>>>> Matthew Jonkman >>>>>> Emerging Threats >>>>>> Phone 765-429-0398 >>>>>> Fax 312-264-0205 >>>>>> http://www.emergingthreats.net >>>>>> -------------------------------------------- >>>>>> >>>>>> PGP: http://www.jonkmans.com/mattjonkman.asc >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Discussion mailing list >>>>>> Discussion at openinfosecfoundation.org >>>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Discussion mailing list >>>>> Discussion at openinfosecfoundation.org >>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion >>>>> >>>>> >>>>> >>>>> >>> >> >> _______________________________________________ >> Emerging-sigs mailing list >> Emerging-sigs at emergingthreats.net >> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs > > -- > -------------------------------------------- > Matthew Jonkman > Emerging Threats > Phone 765-429-0398 > Fax 312-264-0205 > http://www.emergingthreats.net > -------------------------------------------- > > PGP: http://www.jonkmans.com/mattjonkman.asc > > > _______________________________________________ > Discussion mailing list > Discussion at openinfosecfoundation.org > http://lists.openinfosecfoundation.org/mailman/listinfo/discussion > > From johnpirc at us.ibm.com Mon Jul 13 12:07:52 2009 From: johnpirc at us.ibm.com (John Pirc) Date: Mon, 13 Jul 2009 10:07:52 -0600 Subject: [Discussion] AUTO: John Pirc is currently traveling to Armonk, NY for IBM Leadership Class (returning 07/20/2009) Message-ID: I am out of the office until 07/20/2009. Hello, I'm currently traveling to Armonk, NY today. Please contact my Admin, April Dennis (aprldnns at us.ibm.com) for getting on my calendar. I will be checking & responding to email, however their will be a delay and I appreciate your understanding. If you require immediate product assistance please contact: Proventia MX/GX: Matthew Ward at mattheww at us.ibm.com Proventia Mail/Data Security: Sean Brown at brown.sean at us.ibm.com Proventia ESC/End Point: Smita Dutta at smitadut at us.ibm.com In order to prioritize the urgency of a response to your e-mail, please send me an SMS at +1 512.745.3709 Thank You -John Pirc Note: This is an automated response to your message "Discussion Digest, Vol 10, Issue 3" sent on 7/13/09 10:00:05. This is the only notification you will receive while this person is away. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20090713/93787ecb/attachment.html From jonkman at jonkmans.com Tue Jul 14 10:50:28 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Tue, 14 Jul 2009 10:50:28 -0400 Subject: [Discussion] Last Minute DC Meeting Details Message-ID: <4A5C9B34.6070909@jonkmans.com> The team is converging on DC as we speak. We've got a great venue lined up and all of the last minute details are coming together. Here's an update for the attendees: We will be on the Third Floor of the Virginian Suites in Arlington. We have the Potomac room and the Conference Center. A light breakfast will be set out about 930am and we'll begin the sessions about 10am. Lunch will also be provided as well as afternoon snacks. There will be table space, electricity, and Internet access available for all attendees. It'll be a long day so please expect to be able to keep up on email during the sessions, but we'll also be able to do any on the spot research. Parking is free at the hotel. Just check in at the front desk and let them know your car is there, and then you can just head up to the third floor. An updated Agenda is available here: http://www.openinfosecfoundation.org/oisf_dc_2009_meeting_agenda.pdf We look forward to seeing everyone there. If you haven't registered yet we do have a few seats available, but in the interest of making sure everyone is comfortable we'll have to cut off new attendees soon. We've got a long day of very in depth discussions, we'll need room for arm flailing and empty coffee cups! Please RSVP to jonkman at emergingthreats.net soon if you're able to attend. Matt -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From jonkman at jonkmans.com Tue Jul 21 15:18:26 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Tue, 21 Jul 2009 15:18:26 -0400 Subject: [Discussion] DC Brainstorming Session Notes Message-ID: <4A661482.30206@jonkmans.com> Notes from the DC Brainstorming Meeting are now available here: http://www.openinfosecfoundation.org/OISF_DC_2009_Meeting_Summary.pdf A lot of great ideas were discussed, and we're very excited about the feedback and new commitments of support. Thanks to all who attended. We are planning a second meeting within the next two to three months to update on progress and get further guidance. If you or your organization is interested in becoming a partner organization through the OISF Consortium please contact jonkman at emergingthreats.net. Matt -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From jonkman at jonkmans.com Fri Jul 24 13:17:23 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Fri, 24 Jul 2009 13:17:23 -0400 Subject: [Discussion] Working Groups Setup Message-ID: <4A69ECA3.8020302@jonkmans.com> As described in the meeting notes from DC, a great idea was put up to use working groups to discuss and explore ideas which haven't easy solutions. There are four working group lists setup. Each will need a leader and for most we're asking for volunteers. The group leader will be responsible for steering or sparking discussion, kicking any overtly disruptive posters, and steering toward a coherent outcome within the timeframes available. This is a pretty low maintenance position so please consider volunteering. Membership in each working group is open to anyone. These are on separate lists primarily to keep the main oisf lists from turning into spam engines. If you have any interest or anything you might be able to contribute to a discussion please consider hopping on and at least listening to each group. The groups setup are: 1. IP Reputation I've taken lead on this group as it's near and dear to my heart. We'll be discussion the categories of reputation to track, methods, feedback vetting, etc. 2. Non-Standard Acceleration The use of OpenCL or Cuda to accelerate the engine using standard graphics cards and chipsets. 3. Rules Language This group will discuss the options for a new language in the future, whether the snort syntax would be extendable enough to support our new methods, and how to avoid major divergence. A secondary task will be to discuss whether to and how to offer rule obfuscation for rule writers that have legal requirements to not disclose vulnerability details. 4. DDoS/Portscan This group will determine whether we need a new portscan preprocessor, and whether it would be feasible to build a new DDoS preprocessor. You can see all of these lists here along with more detailed descriptions. http://lists.openinfosecfoundation.org/mailman/listinfo We need group leaders for groups 2-4. Please email me directly if you're interested in helping out! Thanks! Matt -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From jonkman at jonkmans.com Fri Jul 24 13:26:06 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Fri, 24 Jul 2009 13:26:06 -0400 Subject: [Discussion] [Emerging-Sigs] Working Groups Setup In-Reply-To: <69544300907241022p2261e46et586bc57db82140f4@mail.gmail.com> References: <4A69ECA3.8020302@jonkmans.com> <69544300907241022p2261e46et586bc57db82140f4@mail.gmail.com> Message-ID: <4A69EEAE.1000004@jonkmans.com> Yes, open to anyone that wants to either contribute or just listen. You don't have to get any special permission to join a working group, it's mostly about just segregating the discussions from the primary mailing lists. Join any or all of the groups. We'll let them sit for a couple days to let folks hop in and then start discussions next week. Thanks!! Matt Jules Pagna Disso wrote: > hi Matt > > are these groups open to public ? > > thanks > Jules > > 2009/7/24 Matt Jonkman > > > As described in the meeting notes from DC, a great idea was put up to > use working groups to discuss and explore ideas which haven't easy > solutions. There are four working group lists setup. Each will need a > leader and for most we're asking for volunteers. > > The group leader will be responsible for steering or sparking > discussion, kicking any overtly disruptive posters, and steering toward > a coherent outcome within the timeframes available. This is a pretty low > maintenance position so please consider volunteering. > > Membership in each working group is open to anyone. These are on > separate lists primarily to keep the main oisf lists from turning into > spam engines. If you have any interest or anything you might be able to > contribute to a discussion please consider hopping on and at least > listening to each group. > > The groups setup are: > > 1. IP Reputation > I've taken lead on this group as it's near and dear to my heart. We'll > be discussion the categories of reputation to track, methods, feedback > vetting, etc. > > 2. Non-Standard Acceleration > The use of OpenCL or Cuda to accelerate the engine using standard > graphics cards and chipsets. > > 3. Rules Language > This group will discuss the options for a new language in the future, > whether the snort syntax would be extendable enough to support our new > methods, and how to avoid major divergence. A secondary task will be to > discuss whether to and how to offer rule obfuscation for rule writers > that have legal requirements to not disclose vulnerability details. > > 4. DDoS/Portscan > This group will determine whether we need a new portscan preprocessor, > and whether it would be feasible to build a new DDoS preprocessor. > > You can see all of these lists here along with more detailed > descriptions. > http://lists.openinfosecfoundation.org/mailman/listinfo > > We need group leaders for groups 2-4. Please email me directly if you're > interested in helping out! > > Thanks! > > Matt > > > -- > -------------------------------------------- > Matthew Jonkman > Emerging Threats > Phone 765-429-0398 > Fax 312-264-0205 > http://www.emergingthreats.net > -------------------------------------------- > > PGP: http://www.jonkmans.com/mattjonkman.asc > > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From jules at visionintel.com Fri Jul 24 13:22:36 2009 From: jules at visionintel.com (Jules Pagna Disso) Date: Fri, 24 Jul 2009 18:22:36 +0100 Subject: [Discussion] [Emerging-Sigs] Working Groups Setup In-Reply-To: <4A69ECA3.8020302@jonkmans.com> References: <4A69ECA3.8020302@jonkmans.com> Message-ID: <69544300907241022p2261e46et586bc57db82140f4@mail.gmail.com> hi Matt are these groups open to public ? thanks Jules 2009/7/24 Matt Jonkman > As described in the meeting notes from DC, a great idea was put up to > use working groups to discuss and explore ideas which haven't easy > solutions. There are four working group lists setup. Each will need a > leader and for most we're asking for volunteers. > > The group leader will be responsible for steering or sparking > discussion, kicking any overtly disruptive posters, and steering toward > a coherent outcome within the timeframes available. This is a pretty low > maintenance position so please consider volunteering. > > Membership in each working group is open to anyone. These are on > separate lists primarily to keep the main oisf lists from turning into > spam engines. If you have any interest or anything you might be able to > contribute to a discussion please consider hopping on and at least > listening to each group. > > The groups setup are: > > 1. IP Reputation > I've taken lead on this group as it's near and dear to my heart. We'll > be discussion the categories of reputation to track, methods, feedback > vetting, etc. > > 2. Non-Standard Acceleration > The use of OpenCL or Cuda to accelerate the engine using standard > graphics cards and chipsets. > > 3. Rules Language > This group will discuss the options for a new language in the future, > whether the snort syntax would be extendable enough to support our new > methods, and how to avoid major divergence. A secondary task will be to > discuss whether to and how to offer rule obfuscation for rule writers > that have legal requirements to not disclose vulnerability details. > > 4. DDoS/Portscan > This group will determine whether we need a new portscan preprocessor, > and whether it would be feasible to build a new DDoS preprocessor. > > You can see all of these lists here along with more detailed descriptions. > http://lists.openinfosecfoundation.org/mailman/listinfo > > We need group leaders for groups 2-4. Please email me directly if you're > interested in helping out! > > Thanks! > > Matt > > > -- > -------------------------------------------- > Matthew Jonkman > Emerging Threats > Phone 765-429-0398 > Fax 312-264-0205 > http://www.emergingthreats.net > -------------------------------------------- > > PGP: http://www.jonkmans.com/mattjonkman.asc > > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20090724/f05e7eff/attachment.html From jonkman at jonkmans.com Tue Jul 28 10:10:51 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Tue, 28 Jul 2009 10:10:51 -0400 Subject: [Discussion] OISF Working Groups Message-ID: <4A6F06EB.5060202@jonkmans.com> We've had a good number of people subscribe to each working group list (20-50 per working group at least!!). Thanks everyone for showing an interest. I think we have a volunteer lead for each of them as well. I'll be contacting the volunteers shortly with some instructions. We'll kick off the discussions this afternoon in each working group. So please get ready to brainstorm. If you have any interest in either participating in or listening to the discussion of a list this is your last call to subscribe and be involved! You can find the working groups here: http://lists.openinfosecfoundation.org/mailman/listinfo Lists starting with an OISF-WG- are of course what you're looking for. Thanks all, and thanks for the community involvement here, we're on the right track!! Matt -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From jonkman at jonkmans.com Tue Jul 28 10:56:44 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Tue, 28 Jul 2009 10:56:44 -0400 Subject: [Discussion] Additional OISF Working Group Message-ID: <4A6F11AC.9070109@jonkmans.com> Final word before we start the working group discussions this afternoon. I've added one extra group to separate duties a bit. The configuration language is a big deal to most folks so we'd like some input. There are a lot of advancements we can male. One major suggestion out of the DC brainstorming session was to make sure it's standard across the board for all options and modules. Please hop into the working group here: http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-wg-configuration_language We need a lead for that. Thanks! Matt -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc