Monday, July 27, 2009

Killing my usage of Snorby

I've stopped attempting to get Snorby running. Why? After digging into this for over two weeks, logging my attempts on this blog, I again asked for someone to guide me in the right direction at Snorby's Google group:

Any news on this issue?

I'm at a dead standstill in implementing...can't even get a login

I realize your main focus is to get to v1.0 status, but its hard for
me to contribute to the project if I can't get it running even when
following the instructions specifically.


The response?


Version 1.0.1 is the current release. I very doubt you followed the
instructions properly as there are 20-30 people in the irc channel
that have had no issues. I am not even sure what your issue is. Did you rake snorby:setup RAILS_ENV=production

I have no problem helping when there are real errors but its quite
annoying when its just because someone did not read the docs.

Please post your logs and let me figure out a workaround.

- Dustin

My parting response:

I followed EXACTLY what was on your pages. If there's an issue with the way it was set up, it could be the fact that your instructions on your website need to be updated.

Look, I stated in my blog that I was going to test Snorby. You posted to my blog that you would like to know if there were any issues. I stated I had an issue and even gave you a LOT of debugging information, which is a far cry from what I've been seeing here in your Google group and now you're getting a bit snobbish?

I don't particularly like your tone, so from here on out, no Snorby for me. Cool project, but I shouldn't have to be a freaking Rails expert to use any security tool...really. The fact that I can set up Snort (and its deps) blindfolded and install most other frontends (and their deps) without issue or handholding tells me that I'm competent enough. I really don't need the attitude...and you did this on a freakin' group listing. An e-mail would've been more tactful, but in the end, your attitude would've rubbed me raw all the same.

And, you know what? You keep harping on visiting freenode. I've no problem with freenode, especially since I oper and have ownership of ##slackware, but if you would much rather leverage IRC for support, what do you have this group for? Really? If you respond to everyone here in such a manner when they ask questions about your tool, you're not going to get nearly the user base that you want. No one wants to be spoken down to in such a manner.

Anyways, I'm out. I've said my piece and will remove myself from this group. Please do NOT respond or send me e-mail. You've made yourself clear that you don't like helping people use your tool. I'm done.

The whole thread is here

Actually, I'm pretty pissed off. I don't like using someone's tool and trying to contribute but having issues even implementing the freakin' piece of software, especially when I get major attitude when asking questions. WTF is the use in supplying debugging traces when the developer doesn't even look at it and assess if there's something wrong with his code implementation or if the user is using it wrong. I have some project management skills and I can tell you now that if I developed a process at my work environment and my team had issues with my process, I'd want to know the who/what/when/where/why so that I can assess my process and see if I made an error or if it needs to be clarified. I NEVER tell my team something akin to, "you didn't read the process," especially if there is a high probability that they actually did. No one is infallible, not even this particular guy. I'd have been humbled if I'd found that there indeed were instructions that I'd missed...that's not the case, though, unless he's maintaining documentation in another place. I wouldn't know and I shouldn't have to visit a damned IRC channel to ferret out discrepancies or hunt for additional support in a new tool...WTF is the Google group for if I can't ask questions there? Can you imagine if everyone on the AOLS mailing group said, "visit the IRC channel for your answer"?

Belittling people alienates people. Not even US Army drill sergeants do this (don't believe everything you see on TV).

No Snorby coverage will happen here again. No Snorby usage will occur. We're closing this chapter right now!

EDIT: After this post and after a few days of cooling off a bit, I decided to determine if the issue was actually with me, the way I set up Ruby/Rails, or any configuration of Snorby. I was still 100% sure I followed the directions properly, so I didn't change any configs of Snorby or my Ruby/Rails setup. I only refrshed the Snorby environment by pulling the latest update. Guess what? Snorby worked. This leads me to believe that something in the Snorby code changed...something the developer changed after he pissed me off with his insistence that I hadn't read the instructions and that I was just another person using his tool who didn't know basic sysadmin skills. Kinda funny that the tool works now when I didn't change anything or reapply the instructions...I just refreshed the code. Something smells bad and it isn't me...


Mephux said...

Look, releasing something I felt was stable was of my main concern. If I came off as rude that was not my intentions- I had been rushed with silly questions from people just not migrating the database and assumed this was your issue. It had become a very consistent issue - nothing shown gave me a second thought. Just wanted to clear this up, take care.

- Dustin

Brett said...

He asked you to upgrade to 1.0.1 for a reason...

Ron said...


I had the feeling you were under pressure just from reading your twitter and website notes. This is why I was supplying what I could (debug logs and such). I admin and own ##slackware on freenode so I understand the hassle of half-baked questions. I also deal with a development team at the workplace (a big ISP/hosting/security company) and know the importance of giving details to assist the person supporting the product. I've also been ITIL-trained. I know a bit about what you're going through, even if I'm not a developer.

My biggest issue is that you shoe-horned me into the "silly questions" when I went out of my way to install and attempt to use your product (its not the easiest thing in the world to do, BTW). You're on to something...Snorby is very nice and seems cleaner than BASE, but one should never assume that the end-user is as proficient on the back-end of the product as the engineer/developer. I'm not a Rails user, so I don't know jack about it. Do I have to read a Rails book or attend a class before I'm allowed to ask questions without being ridiculed?

I'm glad you took the time by leaving a comment, though. It tells me that you aren't a bad person.

I actually did continue to use Snorby a week after my blog post...just to deterime if I'd missed anything. The problem cleared itself up, so I still have no idea what was going on, but I actually got it fully working. As I said, it is a very nice product. I wish you the best in your development endeavors in maintaining Snorby!

Ron said...


If you'd read my posts on this, you'd have seen that I'd upgraded. In fact, I did it more than once...I did it maybe 3 times.

That brings up another question: does the average Snorby user that DOESN'T visit the IRC channel know that he has to upgrade on an irregular basis (basically at LEAST once a day)? I'm big on documentation. The documentation doesn't state this fact. While I know developers are always updating code and adding new functionality, it would be nice to know WHEN to upgrade. Isn't this why most OS developers send out notices or at least use widgets to let the user know when updates are ready for download?

I'd just upgraded so I didn't that a new version had been released (wasn't mentioned on the Snorby pages, either, at least not in an obvious manner).