Hello David,
Tuesday, November 6, 2007, 10:39:46 PM, you wrote:
|
> |
When do you think the beta version will go to non beta i.e. live. |
The short answer is 6-8 weeks. The more comprehensive answer -- read on...
We are slowly building a set of features that we think should be in the production version. All but two of these are minor adjustments.
One that isn't minor is a <drilldown/> training directive that will be able you to automatically add IPs to your ignore list for mixed sources based on matching text patterns in headers.
So, for example, if you'd like to drill down to sources coming through yahoo or aol servers without having to identify the IPs for their outbound servers, then <drilldown/> will (in theory) do it for you by matching the reverse DNS portion of your trusted (top) received headers and adding the IP to your ignore list. The effect is to allow a system to see down to the actual source of the message before training GBUdb while using only a few entries to train the engine. Theoretically this will provide a more fine grained approach to dealing with forwarded mailboxes ("the other kind of open relay") and large ISPs that don't control the outbound flow from 0wn3d machines very well. There is much study, trial, and error to be done with this feature but it does look promising so we're going to put it in.
Another nontrivial feature will allow the SNF engine to run properly on big-endian systems (such as G5's) by detecting the big-endian processor at compile time and converting the format of the SNF rulebase each time it is loaded. There is some work to do to verify that the GBUdb code will work in a big-endian environment, but code review so far has not spotted any trouble in that part of the code. Snapshots of the GBUdb data will not be portable to other systems, but they are not intended to be portable anyway - so that is not considered an issue.
The less invasive features include things like:
* Extending the MAX_EVALs limit.
* Log rotation file names may use local (not UTC) time.
* Adjusted default settings for GBUdb (see below).
* Additional telemetry for error and special event tracking.
* Improved persistence for life-time statistics (run time, last save, last condense, etc).
* Others TBD.
I expect the list of "must have features" to grow a tiny bit over the next couple of weeks.
We are not seeing any fault reports on the current beta so I doubt there will be bug fixes at this point.
After we implement the new "must have" features list we will continue in beta for another week or two to ensure that we have not introduced any bugs.
During that time we will build additional documentation.
I think based on this back-of-the-envelope analysis that we are 6-8 weeks from a "production" release.
That said, the current version does appear to be stable in all supported production environments.
We are working on refining the default tuning for the GBUdb section. The current thinking uses the following, extremely conservative tuning that will be included in the next minor release (probably this weekend).
We recommend that all new Beta installations adjust their configuration files to use the following settings for GBUdb Caution and Black ranges. These are also appropriate adjustments for any existing beta users who have not otherwise resolved any GBUdb based false positives due to oversensitivity.
<black on-off='on' symbol='63'>
<edge probability='0.7' confidence='0.2'/>
<edge probability='0.7' confidence='1.0'/>
<truncate on-off='on' probability='0.9' peek-one-in='5' symbol='20'/>
<sample on-off='on' probability='0.8' grab-one-in='5' passthrough='no' passthrough-symbol='0'/>
</black>
<caution on-off='on' symbol='40'>
<edge probability='0.3' confidence='0.0'/>
<edge probability='0.7' confidence='0.3'/>
</caution>
Thanks,
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
