You could start from scratch and develop something optimized, configured, and well thought out and tested for your needs, or the needs of the community.
It's been suggested on more than one occasion that we do exactly that right here…
Or rather than starting from scratch, we could contribute, via feedback, coding, debugging, reviewing, testing, etc, to one of the three current projects Ciane, DEFT, and HelixCE
Building a forensic tool, large or small, takes a lot of time, effort and expertise. Causal contributions are fine, but that won't sustain development.
From what I'm reading I know what direction to take CE from a certain stand point but I would love input on a functional one.
Or rather than starting from scratch, we could contribute, via feedback, coding, debugging, reviewing, testing, etc, to one of the three current projects Ciane, DEFT, and HelixCE
There are many, many more bootable Linux environments than those three. Literally there are dozens that focus on forensics, security, incident response, etc.
Building a forensic tool, large or small, takes a lot of time, effort and expertise. Causal contributions are fine, but that won't sustain development.
Executing a remaster script after you've installed applications doesn't take much expertise, effort, nor time. A few hours and you're done. But designing, building, optimizing, testing and supporting an environment takes much time. However, you get what you want, you have the authority and control, and everything is built to suit with nothing left to chance.
With respect to casual contributions and sustaining development perhaps you've hit the tack straight on with e-fense? Perhaps the company thought that after years of use by their community offering a commercial version wouldn't be so absurd and cause the backlash it has. While I don't think that "hundreds of thousands of downloads" translates into hundreds of thousands of users (after all, weren't there only 6K registered users on their forum?) there was a number base, and 100% of that number base used the CD for a period of time for work. These same folks are renumerated (employer, client, etc.) for their work. How many of the real users contributed financially to the very product they used in their work?
Maybe the company got sick of people take, take, taking and not giving back. Especially considering that the forensics profession can be lucrative, quite lucrative, or meeting the ends. And if their product is being used to enable the user to work why shouldn't they receive renumeration? Wouldn't a hour or a couple hours of work pay for the CD?
Maybe the company decided to find their true user base by setting a price for admission. What better way to find who truly wants to use your product than to see who invests in it? Do you want fair weather fans, or do you want passionate fans? Both drain resources (support), both provide feedback (not always positive), etc. Who would you rather support - those who will run at any time or those who work with you and stick around?
Maybe the company recognized that developing and supporting a product without renumeration is almost impossible. Red Hat, Inc., recognized this many years back. As did I, Sun, and dozens of others. Heck, just look back at where Helix came - The Penguin Sleuth Kit. Many of its users thought it was the CD back in the day. And that was a Knoppix remaster that Ernie devoted his time to supporting and developing. But over time he was drained, and what happened to the CD? Seemingly Drew took a version of it and remastered it, naming his Helix. And look where Helix is now.
If you like it, support it. For anyone who has used it for work I don't think you have any ground to stand on to complain, especially those who have used it for _years_. If you can't afford less than $200USD and you work in forensics something is amiss.
And for those excited and green about taking the last free version and continuing to develop and support it - good luck. GOOGLE projects for a week and see the average life span for free projects. Much excitement and contribution in the beginning, but it doesn't last. Generally 1.5 years. Staying power is worth its weight in gold. Maybe instead of devoting resources (time, energy, etc.) into forking it you should support it?
Cheers!
farmerdude
RANT WARNING RANT WARNING
Maybe the company got sick of people take, take, taking and not giving back.
E-fense only actually developed a few applications on the CD. The support for it was built on the tools that were included in it. IE TSK, Autopsy, FTK imager etc. Even on the forum for Helix3, the user base supported each other. Drew and his team did their part. But the community using the tools did as much supporting, testing and reporting as the developers them selves.
For E-fense to say "ok we are not supporting this project anymore" would have been one thing. Making a GPL project payware, and not releasing it to the people who originally helped build it. Is a totally different one. Helix3 was built on a backbone that NO ONE ENTITY owns!
Its built on the idea that together we can make something that works great. No one company should be able to strip that and make money off of thousands of peoples work. I understand that in the current state of the economy, its every man for himself in the business world. I understand that there is money to be made in this product. BUT YOU CANNOT AND SHOULD NOT BE ALLOWED TO PROFIT OFF OF SOMETHING THAT THOUSANDS OF PEOPLE BUILT IN THEIR SPARE TIME! E-fense took the tools out there, added 4 tools that they built in house, slapped a logo on it and called it Helix3. The money they are charging to have access to a remastered Ubuntu session isn't going into the hands of the ubuntu Development team nor the TSK team nor the Foremost team etc etc…. Helix3 is a name. The tools that available have been and will continue to be around for years! Regardless of what its called.
Ask the members of TSK, that are constantly working, how much they are getting as part of this deal. When E-fense goes looking for answers to things they cant explain they GOOGLE!
http//
And for those excited and green about taking the last free version and continuing to develop and support it - good luck. GOOGLE projects for a week and see the average life span for free projects. Much excitement and contribution in the beginning, but it doesn't last. Generally 1.5 years. Staying power is worth its weight in gold. Maybe instead of devoting resources (time, energy, etc.) into forking it you should support it?
Projects die because people forget why they start them. Or because companies suddenly decide "wait we can make money off of this". I for one did not pursue a career in forensics or security solely because I can make money doing it. I LOVE WHAT I DO! This is my obsession and I enjoy the money I make doing it. If you've completely forgotten the feeling of learning something new or of doing something just because you can make it better then I feel truly sorry for you.
If you feel that its all about the money. Why contribute to this forum? Why spend any time at all having discussions? Aren't you contributing your valuable time to a forum that's not giving you anything in return? Or are you here because this is a valuable resource, filled with brilliant and passionate people, willing to give a little of themselves to make something better for someone somewhere?
That is what "community" means. That is what OpenSource means, this is why so many people jumped ship away from E-fense. We all gave something in some way and got left in the cold because "there is money to be made". Tell me, what does the community get in exchange for their past contributions to Helix3?
I will not support anything E-fense does unless they give back to the community dev teams that they used to build Helix3.
Visit the forensics wiki on Helix3's tool list to see just how many Development teams out there go left out of the dollar sign when E-fense decided to go the way it did.
http//
You your self are quoted saying
Again, it goes without saying, but here in the States the backroom lobbying for pushing personal agendas based upon greed and ignorance is rampant. I only wish it were criminal.
Is E-fense after a personal agenda for greed?
What in life that has value is free?
Passion, love, imagination, perseverance, BEER, clean water and AIR. Your right about shelter and a few other things please see previous quote as to why they are not free or dirt cheap.
ctendell, it would seem your previous rant apology wasn't so genuine.
I will respectfully bow out of this argument. I am far too busy to warrant spending any more time arguing the same points over and over again, with a SMALL minority who clearly are not listening.
I have already clearly stated e-fense's motivation is not greed. I made it clear the position taken by e-fense's new management. But you had to try and point the finger at greed again…
I wont go into why your arguments are flawed, but will point out one last thing. You are yet another person who wishes to make money. You've said so yourself. Yet, you do not wish to pay for the tools you've used in the past should a price be added. If I wished to continue the argument, I would ask, is it greed which makes you want tools for nothing, so that you can maximise your profits?
Centdell, I am sorry to say, it would seem your motivation stems from attempting to springboard your reputation by continually criticising another organisation. A trick often used by weak politicians… I make this observation from the fact you are continually so vocal and continually ranting about e-fense. You've made your point, labouring it isn't doing you any favours.
What in life that has value is free?
Passion, love, imagination, perseverance, BEER, clean water and AIR. Your right about shelter and a few other things please see previous quote as to why they are not free or dirt cheap.
Where on earth is there free beer ? Or for that matter clean water ?
Wardy, before you duck out too far …
As you are a member of e-fence might I ask a question ?
How much of the Helix 3 distro is actually written from the ground up and what proportion is further development of existing open source tools ? Can you assure us all that proper consideration has been made of the licensing implications of the other software included ?
Many Thanks.
Wardy, before you duck out too far …
As you are a member of e-fence might I ask a question ?
How much of the Helix 3 distro is actually written from the ground up and what proportion is further development of existing open source tools ? Can you assure us all that proper consideration has been made of the licensing implications of the other software included ?
Many Thanks.
Azrael,
to be completely honest, I have never looked at a single line of source code for the original Helix 3 distro. I therefore do not know how much code is in house/external.
I can say though, having spoken with Drew in the past, he has gone to great lengths to get appropriate permission and licensing agreements for all of the tools included.
I can say though, having spoken with Drew in the past, he has gone to great lengths to get appropriate permission and licensing agreements for all other tools included.
Assuming that this is true, and I honestly have no reason to doubt that someone in _this_ industry is well aware of licensing & legal issues, to my mind then the decision to sell Helix is both reasonable and ethical - if the people who have _actually_ put the effort in to create these tools are happy with the state of affairs, then it is not for us to say one way or another.
The question as to weither or not it is a valid business model is to be seen over time. I say this as someone who has contributed to open source software ( not Forensic ) and have seen my enhancements be made part of a commercial product - I have always had access to the level that I contributed to, as does anyone else - but enhancements that have been made to the commercial version by paid developers & support is only available to those that cash up.
It's an open market - e-fence will live or die by this decision, and everyone can vote as they wish with thier wallet. As has been pointed out - it isn't as if _we_ don't make money from the use of tools such as these ( personally I've made good money from Snort/Sourcefire, Nessus, NMap, OSSTMM and other security tools, some of which have changed from free to pay over the time that I have been using them … ) and I don't have a problem with the people who _are_ putting in the long hours to develop making a living as well. If you think that there is a product that is better value - go for it. Personally though, I'd rather give my $200 to a product such as Helix or WinHex than to EnCase or AccessData - as a small business myself that makes me more happy …
Hmm … one small note, neither clean water nor air is free.
In the United States we have the EPA and other agencies with rules, regulations, etc. Other nations have similar agencies and laws. Around the World people have polluted both water and air and a short bit of research will show how most people are already struggling with unfit and unclean water. Without clean water, and without any water, you don't have food nor sanitary conditions. People should care less about petrol and more about water.
Just a quiet note. Because I strongly disagree that clean water and air is free. )
Cheers!
farmerdude