Suricata 2.0.3 Package Preview
-
Geeze, that was a little rough… Both of you go stand in a corner, have a beer... ;D 2.2 is working wonderfully... jflsakfja, many people love your posts, more then actually tell you. But, gonzopancho is right, their offering support and hardware, that's it. And the negativity does need to go.
-
Geeze, that was a little rough… Both of you go stand in a corner, have a beer... ;D 2.2 is working wonderfully... jflsakfja, many people love your posts, more then actually tell you.
Mmmm beer! ;D
I know how many love my posts, and I also love seeing the negative karma pile on. The more negative karma, the more people I have annoyed. Which is one of my hobbies. Now if I was telling lies to annoy them, that would be a different story. But I am in fact telling the truth :)
-
@jflsakfja:
@gonzopancho:
I'm not going to delete you, I'm just going to use you as an example of the ingrates in the community.
It doesn't matter that we worked closely with Bill to make this happen, and that the release happened < 24 hours after he got the changes to us.
It doesn't matter that we've done 5 releases since early April, to fix a variety of issues, both security-related and otherwise.It doesn't matter what we do, you'll and others like you will find a reason to complain.
The release did NOT happen <24 hours after he got the changes to you. At least have the decency to tell the truth. The package was given to you 11 days ago with the intent to merge it upstream. Bill said we found a few last minute bugs, wait till we can fix them. The package was again released for merge on the 30th, which to my books is not <24 hours.
It actually doesn't matter how many releases you do in a year. Even there is no release, or a thousand releases. As long as there are outstanding bugs that are ignored (not even a single dev has responded with even an anknowledgement that something is wrong), the community will always be somewhat annoyed with devs. That is if they ignore bugs but instead focus on money-milking them.
How about instead of focusing on how to add more subscribers by shoving the subscribe button in their faces, you lot instead focus on providing a product that people want to subscribe to for the features?
As far as the ungrateful comment, have a look at who has been supporting the snort/suricata community for the past year. In my book calling him ungrateful is ungrateful.
Can you please explain to the community how entire teams dedicated to the security patching of upstream projects can be rivaled? Or care to explain to the community why you don't push customizations upstream, if they are so important?
And I never suggested suicide. That was your own conclusion. Perhaps you should talk to a professional about it. Are you feeling stressed? Are you feeling that suicide is your only solution out of the tremendous peer pressure? Please seek professional help ASAP.
There is an old saying: Don't bite the hand that's feeding you. Stick to it.
As much as I hate to forward people's private email, here is a heavily edited version of the timeline:
3 September 2014 9:40pm From: Bill Meeks
"I found the remaining IPv6 bug in Suricata. It really was, in my opinion, a quite serious bug that prevents lots of IPv6 alerts from firing when the source or destination address is matched to a negated range. I have been in e-mail communication with Peter Manev from the Suricata project team about my findings. I sent him my proposed patches this evening via e-mail."4 September 2014 4:29pm From: Bill Meeks
"Attached is a Windows ZIP archive containing the new files for Suricata 2.0.3 in pfPorts. This set includes my patch for the IPv6 detection bug for addresses included within ranges. I have also posted my patch to the Suricata Github repository."4 September 2014 11:30pm
"The curse of computer programming in C struck me again. I found a subtle logic flaw in my first IPv6 patch I sent earlier for the Suricata binary. So disregard the first ZIP you received from me and use the one attached to this note instead. It has UPDATED in the name to identify it. I modified my original pull request on the Suricata Github repo to incorporate the fix within the attached ZIP…"5 September 2014 9:30am From: Bill Meeks
"I had an e-mail in my Inbox this morning from Eric Leblond, a member of the Suricata developer team, acknowledging my IPv6 fixes. They will be merging them into the code base. I had to redo my initial Pull Request because I based it off "master" and they wanted it based off the "master-2.0.x" branch, but that was minor and has been accomplished. It is now waiting on them to merge.I sent Renato these same fixes in a ZIP file last evening. We are ready, in my view, to pull the trigger on the Suricata 2.0.3 release as soon as the updated PBIs build and Renato has a chance to complete the GUI code review. […]"
5 September 2014 1:14pm From Renato Botelho do Couto
"I rebuilt PBIs for 2.1 and 2.2. Please check them and let me know if they are fine."5 September 2014 2:59pm From Bill Meeks
"I just downloaded and tested all three flavors of the PBI successfully: 2.2-ALPHA on 64-bit, and 2.1.x on 32-bit and 64-bit."The PBIs were pushed this morning (6 Sept). There was a short delay for personal reasons that I'm not going to detail.
Given this, I'm going to stand by my 24 hour statement (it was even a weekend), and allow the greater community to judge just what you meant when you stated, "please do humanity a favor, here's a gun, here's a bullet" should someone disagree with your considered opinion.
In short, son, if the act of buying a donut for your friend gets you nothing but a complaint that the chocolate icing looks runny, then your friend is an ingrate.
-
Geeze, that was a little rough… Both of you go stand in a corner, have a beer... ;D 2.2 is working wonderfully... jflsakfja, many people love your posts, more then actually tell you. But, gonzopancho is right, their offering support and hardware, that's it. And the negativity does need to go.
the only reason 2.2 isn't in BETA is because the AES-GCM acceleration (AES-NI) isn't completely stable.
-
This whole thing in here is bad in so many ways and going to end in a disaster. How about simply stopping this at that point-would be professional for all involved…
-
How about they stop deleting my posts?
-
@jflsakfja:
How about they stop deleting my posts?
Because now, you're exuding positive Karma? Quit… It's over. On my 3rd beer, how about you? 8)
-
Having 300odd posts getting deleted after a disagreement with a moderator is hardly sportsmanship. Those of you that saw the "An interesting fact: have a look at my post count after a disagreement with a moderator. Yes do let the community be the judge of this argument" get deleted, draw your own conclusions.
-
@jflsakfja:
Having 300odd posts getting deleted after a disagreement with a moderator is hardly sportsmanship. Those of you that saw the "An interesting fact: have a look at my post count after a disagreement with a moderator. Yes do let the community be the judge of this argument" get deleted, draw your own conclusions.
I don't see where any of your posts have been deleted.
-
Hi
Thanks for this.
Missing feature: pppoe still not supported. Suricata log file on pppoe interface
-
Then please explain the post count. It should be over 300, but instead it's 30. Either the forum blew up (did someone edit an old post causing the blackhole I've been mentioning) or they were deleted.
-
Gentlemenz, could we please maintain the FreeBSD spirit? I am getting very sad at seeing that Gonzo & JFL are getting into a fight. Both are people who are doing great invaluable services to the world.
Please, Gents: don't fight. It ain't worth it. Really.
-
@jflsakfja:
Then please explain the post count. It should be over 300, but instead it's 30. Either the forum blew up (did someone edit an old post causing the blackhole I've been mentioning) or they were deleted.
Yeah, I see something like 335 (currently) under your profile. I don't see any [deleted]. (I can't see the contents of deleted posts, but the ID shows up with that notation.) Probably a db issue, which will likely go away on a rebuild.
Hit the link for your username, then "show posts" and you should end up on a page like:
https://forum.pfsense.org/index.php?action=profile;area=showposts;u=###
where '###' is the actual account ID (it's an integer, not 'jflsakfja'). Looks normal to me.
-
In that case the forum did blow up and I publicly apologize for blaming (or insinuating a blame on) you or anyone else.
See? I'm not so bad, once you get to know me (in agent Smith voice).
Edit: post count back to normal. Beers all round on me.
-
Great.
Should we talk about this?
@jflsakfja:
The release did NOT happen <24 hours after he got the changes to you. At least have the decency to tell the truth. The package was given to you 11 days ago with the intent to merge it upstream. Bill said we found a few last minute bugs, wait till we can fix them. The package was again released for merge on the 30th, which to my books is not <24 hours.
-
The last public "notes" were that the package was released for merging. I didn't see any public announcement that the package was waiting on patches to be merged into it before it was available.
Don't think I'm an overreacting idiot (not saying I'm not, but…) it's the fact that even if the IPv6 bug existed in the new package, it would still be a tremendous improvement over the old package that was available. Having a bug that affects a certain number of people while waiting for a fix to it is better than having a bug that affects all people that use the package. And that's why I suggested that it should be on the top of your priorities list.
Ultimately I trust Bill's judgment. That's why I posted my opinion that we should go ahead with the new package even if the bug was there, IF Bill agreed.
And I'm one of the dozen people on the planet that acknowledge when they f*** up and apologize. I therefore apologize, in public, a second time for speaking without knowing all the details.
-
Testing my smite count….1...2...3
EDIT: uhhhh it goes up when Gonzo comes on every evening GMT time.... how nice!
-
Testing my smite count….1...2...3
EDIT: uhhhh it goes up when Gonzo comes on every evening GMT time.... how nice!
There are those of us that the forum gives a second chance in life, you are clearly not one of them ;D
-
@jflsakfja:
The last public "notes" were that the package was released for merging. I didn't see any public announcement that the package was waiting on patches to be merged into it before it was available.
Don't think I'm an overreacting idiot (not saying I'm not, but…) it's the fact that even if the IPv6 bug existed in the new package, it would still be a tremendous improvement over the old package that was available. Having a bug that affects a certain number of people while waiting for a fix to it is better than having a bug that affects all people that use the package. And that's why I suggested that it should be on the top of your priorities list.
Ultimately I trust Bill's judgment. That's why I posted my opinion that we should go ahead with the new package even if the bug was there, IF Bill agreed.
And I'm one of the dozen people on the planet that acknowledge when they f*** up and apologize. I therefore apologize, in public, a second time for speaking without knowing all the details.
You and others make a mistake if you think you're going to have visibility into everything. Not everything will be publicly announced.
In the end, the bug (which was long-standing, but still something that would "fail open" which is unacceptable), was found and fixed (because I asked Bill to take another look). pfSense is better for it and so is Suricata.
You did more than post your opinion, you called me a liar, but assuming that your apology above applies to this as well, I accept, and the matter can be dropped.
Even if you didn't, I think my point stands.
-
Testing my smite count….1...2...3
EDIT: uhhhh it goes up when Gonzo comes on every evening GMT time.... how nice!
What would you like it to be?
[Edit: I've zeroed it. Let me know if that's not what you wanted.]
