[Snort-devel] xml thoughts

A.L.Lambert alambert at ...89...
Wed Feb 7 12:35:52 EST 2001


Some random ideas against XML.

	XML files induce a level of complexity that I, for one, do not
wish to deal with.  More experienced developers/users will probably
disagree with me on the fact that XML is _more_ complicated than formatted
flat ASCII, but trust me, from the 'ignorant savage' point of view (which
I consider myself to be a good represenative of), a flat ASCII file is far
easier to work with (especially when using the hog.vim syntax highlighting
file :)

	Automated file manipulation is trivial with the current file
format.  I myself am probably one of the most clueless programmers on the
planet (really; I suck, trust me), and I can/have whipped up some simple
code without too much problem to do everything from add "react:" tags to
the appropo rules, change the "flags:" statments, snag the latest
snort.org and vision.conf rulesets, rip out the rules that have
historically caused an inordinate amount of false positives, combine the
two, rip out duplicates, and other such tasks.  Writing the same kind of
code for XML is an order of magnitude more complicated (at least from my
point of view), and short of spending a lot of time improving my skills in
this area, I would become relegated to either manually making changes, or
hoping someone else writes a tool to accomplish what I want.

	I'm not disagreeing with any of the positive points made about XML
(from a technical perspective, they sound quite reasonable to me), just
saying that some of us farther down the scale of talent/experience will
not have our lives improved, and will probably have them complicated even
more than they already are, if we convert wholesale to XML.

	Anyway, just my $0.02.

	--A.L.Lambert





More information about the Snort-devel mailing list