I ran
BitRock through the paces yesterday. Wow, this is amazing software.
Ultimately, I don't know if it will be robust enough to handle installing my middleware project, but for most other software it is simply amazing. The more I use BitRock the more I like it. Things they should add:
A java detection module which doesn't cause the installer to bomb when Java isn't installed. Detection modules for other languages, especially: Python, Ruby, Perl, PHP, tcl, etc. Detection modules for C/C++ compilers, Pascal compilers, Fortran compilers, etc.
Features which are already nice:
Ease of Use. It took all of two minutes to make a simple installer. They have a very intuitive interface. Support for custom install screens which can return strings, paths, etc. Support for custom splash screens and logos. Support for custom error messages. Support for Java and Tcl detection. Support for silent or unattended installations using the --mode unattended command line option. All installers can be run from either the command line or a GUI You can build installers for many platforms in one place, the installers can have platform specific pieces along with pieces common to all installers
Free licenses are available for open source projects, everyone else is pay to play.
Update: Daniel Lopez from BitRock saw my post through feedster.com and emailed me with some pointers. He says you can prevent the Java detection module from exiting the installer by adding the <abortOnError>0</abortOnError> tag inside the <autodetectJava> action!! Also, he says they already support Tcl detection but it isn't currently documented AND they are willing to write similar modules for python, perl, etc. if there is sufficient demand. I also added a few more bullets to the list of things they do well. Thanks Daniel!! Stoned out on caffeine
I woke early this morning and I think I over did the coffee a little today. I'm feeling a bit strung out this afternoon. On the plus side, I found two bugs in my thesis project code that I spent several hours looking for yesterday (before giving up and focusing on another part of the code). Woot!
Apple doesn't really care about security...
Hey Apple, where are the FreeBSD security scripts? Like "450.status-security" really probably should have let those in don't you think? If they didn't work, maybe you could have modified them to work with the Mac.
I think Cheshire is a genius for
DNS Service Discovery and a fool for
NAT-PMP. NAT-PMP is a protocol for allowing a host on a NAT'd network to learn the public IP address of the router and to make a NAT port map entry for itself, i.e. it is a protocol that wipes away all the security that you gain from NAT'ing your LAN since any machine has the ability to make itself available to incoming traffic. If many routers start supporting this (I have no idea what the picture looks like at the moment), I have a feeling that it will be a protocol very popular with trojan horses and viruses. Large corporations without host-based firewalls are really going to feel the pinch on this one.
I think it is time for all major OS vendors to start shipping their OS with IDS pre-installed. And I think we are going to need something a might bit stronger than a simple file-integrity checking (
tripwire or
AIDE). Something like
The Little Snitch for all OSes would be nice.
Chkrootkit would be a nice addition.
