Federico Biancuzzi interviewed Ivan Ristic, ModSecurity developer and author of the Apache Security book (check the review from Richard Bejtlich), a few days ago about the new 2.0 version of this interesting OSS WAF (Web Application Firewall. buzzwords keep flowing these days). It runs as an Apache module and protects your web applications according to policies that you specify.

Version 2.0 is a complete rewrite of the code base and while it is still available today only as an Apache module, it's been rewritten with portability in mind and Ivan is hoping to release a IIS compatible version in the not too distant future.

The new version also looks very interesting on the functionality side. Among the major improvements on this side, here is what took my attention (excerpt from the interview):

• Transaction variables. This can be used to store pieces of data, create a transaction anomaly score, and so on.
  
• Data persistence (can be configured any way you want although most people will want to use this feature to track IP addresses, application sessions, and application users).
  
• Support for anomaly scoring and basic event correlation (counters can be automatically decreased over time; variables can be expired).
  
• Support for web applications and session IDs.
  
• Regular Expression back-references (allows one to create custom variables using transaction content).
  

Even better (depends on whom is using the product): a GUI is available (it doesn't look like OSS though).

Read the full transcript for more details. I plan to test it as soon as I can. If you already did, let me know what you think.

If you haven't noticed the new Friendly Links on the right navigation bar, it's a page that points to friends' websites as well as other links that are related to this website (in a very broad sense).

[Jazz] Caught Up, Christian Scott
From the album Rewind That. Available from eMusic



No words come into mind to describe this masterpiece. Rewind That is the debut album from an amazing trumpeter with a great sense of Funk. Christian Scott has earned my admiration and my utter respect with this record which I keep listening to, over and over. As good as (and sometimes better than) records from Erik Truffaz, Roy Hargrove (through the RH Factor) and Christian McBride. I really would like to see more and more albums like this because it reunites three wonderful elements: Funk, Jazz and trumpet.

Rewind That contains many excellent songs but Caught up deserves the top position not only because it demonstrates Christian's amazing ability for playing his instrument but also because of its musicality. Moreover, it contains a small part where the musicians make a reprise of the legendary song Don't Call Me Nigger Whitey, originally by Sly & The Family Stone (featured on the Stand! album. Gene Harris made an amazing reprise in a excellent Funk tone). I wonder why none of my favorite "dead tree" magazines (Vibrations, Jazzman, and Jazz Magazine) didn't pick this one up or talked about it.

Amazing. Amazing. Amazing. Treat your ears to this amazing Music and they will be grateful to your eyes for reading this post *grin*.

Meta information:

• Rating: 5/5
  
• Label: Concord Records
  
• Release year: 2006
  
• Related Artists: RH Factor, Erik Truffaz, Christian McBride
  

Extra links :

• Artist's Website (contains sample music)
  
• allaboutjazz.com CD Review
  

[Jazz] Blue Alert, Madeleine Peyroux
From the album Half The Perfect World.



After the release of Careless Love, her previous (and second) album, Madeleine Peyroux has become a World-renowned Jazz artist. While some songs of Careless Love are truly amazing, I don't consider it a top album. But Half The Perfect World definitely is! Madeleine Peyroux seems to have found some kind of amazing equilibrium between her wonderful voice and the musical arrangements, creating a rare musical alchemy that is characteristic of masterpieces. No less. This alchemy that reaches deep inside the soul of the listener using Madeleine's voice as a soothing element comes to a peak with Blue Alert. It starts simply with a guitar and that incredible voice and then other instruments enter the game and fit perfectly in.

If you haven't bought the album yet, you definitely should!

More links :

• Artist's Website
  
• Fan site
  

portsnap is one of the most interesting tools of FreeBSD dealing with the ports collection. portsnap, developed by Colin Percival, the current FreeBSD Security Officer, allows you to initially fetch a ports tree for your system and keep it updated. For those who don't need CVS logs or don't want to deal with cvsup and the other ports/src tree fetching methods, portsnap is an ideal solution that connects to web servers for its operation and has an extremely simple syntax that is very clearly outlined in the manpage.

However, you may need to use portsnap through a proxy that requires basic authentication. To do this, you have to define two environment variables: HTTP_PROXY and HTTP_PROXY_AUTH.


$ echo $SHELL
/usr/local/bin/zsh
$ sudo export HTTP_PROXY=http://proxyip:proxyport/
$ sudo export HTTP_PROXY_AUTH=basic:*:username:password


Some readers might be used to the more "traditional" way of specifying authentication credentials right into HTTP_PROXY:

$ sudo export HTTP_PROXY=http://username:password@proxyip:proxyport/


Sadly, this doesn't work with portsnap even though it is valid according to fetch(3).