I busted out the handy dandy Mole Skin and threw out a sketch of the design, got some measurements and researched safe wood to use.  I say safe because we didn’t want any of that nasty MDF wood which puts off some chemicals.

(I originally thought our new daughter would appreciate a cool painting of an FJ40 climbing a hill, but that didn’t make it off the paper)

We found a reseller in town which would sell formaldehyde free MDF in 3/4 inch sheets, which was great as they only cost $4.00 more per 4×8 sheet.  The legs were simple white pine from the hardware store, and I used various furniture hardware to attach the sides together.

The first step was cutting and assembling the legs and bottom.  The process started with a rough cut thanks to a jig saw and table to be cleaned up later.

Used some clamps to make sure everything lined up well.

Glue and hidden screws held the legs together so the base could be attached:

And the base is attached!

I then cut out the four sides and did a test fit just to make sure things looked and fit ok.

The process of cutting the slats out ended up being much more of a job than I had originally though.  I chewed through a couple forstner bits to create the rounded tops and bottoms of the slats, and use a jig saw to finish them off.  If I was to do it again, I think a better process could have been used.

When all was said and done, another test fit being held together with the furniture hardware resulted in the following:

And just when I thought the hard part was over, prep and painting took me by surprise.  MDF is not a fun product to sand as it’s extremely hard and MESSY.  Many thanks go to my parents to worked tirelessly one day to help prep and primer.  We chose to try a high gloss finish which was somewhat frustrating to work with, I wanted an amazingly smooth and shiny finish, which I got close, but it would have been nice to have it sprayed.  We stained the legs with a black stain.

The last step was to figure out what to put for the panel on the front.  My wife used her artistic skills to create an awesomely modern and great looking artwork for the front.  We had originally thought about creating a stencil to be used to paint the design, but after putting the stencil on, needless to say it stayed.  We lucked out when it came on a dark grey material and fell in love with it.

The crib turned out great and I think we were into it for under $300 dollars in materials.  I still need to create a piece for the front which will turn the crib into a day bed.  My mom made some awesome looking bedding and bumper that completes it.  Thanks everyone who contributed time to this project!

modifysid sid or rule “(.*msg:\s*”.+?)”(\s*;.+;)” | “${1}, DROPPED”${2}”

Today I was browsing the Snort manual and found two short paragraph’s relating to the “–enable-reload” option.  Wha?  Why didn’t I find this earlier?  After a quick recompile with the “–enable-reload” command.  What a life saver this will be when we go live!

After using that option, you can simply issue a “kill -SIGHUP pid” to have it reload without restarting!

Check out the pg 107 of the Snort manual though, as some changes require a restart, so your not going to get off completely scott free.

Since I had an Ubuntu server disc, an Acer desktop with a Pentium D, 1GB of RAM an 3 nics (1 onboard and 2 100mb 3com’s) I thought I’d give it a go.  After a clean basic install of ubuntu 9.04 server, I ran the following to get it up to 9.10:

sudo apt-get install update-manager-core
sudo do-release-upgrade

The next step was installing all the dependencies:

sudo -i
apt-get -y install build-essential libpcap0.8-dev libmysqlclient15-dev /
mysql-client-5.0 mysql-server-5.0 bison flex apache2 libapache2-mod-php5 /
php5-gd php5-mysql libphp-adodb php-pear libc6-dev g++ gcc pcregrep /
libpcre3-dev iptables-dev bridge-utils

Next it was time to download and compile Snort and the rules:

cd /usr/src
wget http://dl.snort.org/snort-current/snort-2.8.5.2.tar.gz
tar zxvf snort-2.8.5.2.tar.gz
wget http://dl.snort.org/reg-rules/snortrules-snapshot-CURRENT.tar.gz
wget http://www.emergingthreats.net/rules/emerging.rules.tar.gz
cd snort-2.8.5.2
tar zxvf ../snortrules*
tar zxvf ../emerging*

./configure -enable-dynamicplugin --with-mysql --enabled-inline

make

make install

It should compile and make without any problems, if it does check out http://openmaniak.com/inline_pre.php for a good list of requirements.

It’s now time to get mysql ready:

mysql -u root -p

mysql> create database databasename;

mysql> grant all privileges on databasename.* to 'username'@'localhost' identified by 'password';

mysql> exit

Import the schema:

mysql -D databasename -u username -p < /usr/src/snort-2.8.5.2/schemas/create_mysql

Setup Snort:

cd /usr/src/snort-2.8.5.2

mkdir -p /etc/snort/rules /var/log/snort

cp etc/* /etc/snort/

cp rules/* /etc/snort/rules

Next up, editing the /etc/snort/snort.conf file:

1. Find var HOME_NET any and edit it to match your network(s) (var HOME_NET 192.168.0.0/16)
2. Find var EXTERNAL_NET any and change it to var EXTERNAL_NET !$HOME_NET
3. Find var RULE_PATH ../rules to var RULE_PATH /etc/snort/rules
4. I also added include $RULE_PATH/emerging.conf to read the emerging.conf rules file
5. Last, find the # output database: log, mysql, … and uncomment the line and change it to match your setup

Installing BASE:

First I upgraded and installed the required Pear modules:

pear upgrade-all

pear install Image_Color Image_Canvas-alpha Image_Graph-alpha

pear install Mail Mail_mime

Edit your /etc/php5/apache2/php.ini file and add under Dynamic Extensions:

extension=mysql.so

extension=gd.so

Restart Apache2:

/etc/init.d/apache2 restart

Download and setup BASE:

cd

wget http://sourceforge.net/projects/secureideas/files/BASE/base-1.4.4/base-1.4.4.tar.gz/download

cd /var/www

tar zxvf ~/base-1.4.4.tar.gz

mv base-1.4.4 base

cd base

cp -R /usr/src/snort-2.8.5.2/doc/signatures .

cd ..

chown -R www-data.www-data base

Go ahead and visit your site at http://yoursite/base and click continue:

• Step 1: enter /usr/share/php/adodb
• Step 2:  Database type = mysql; Database name = database name; Database host = localhost; Database username = username; Database Password = password
• Step 3: enter the name and password you’d like to use
• Step 4: click the Create BASE AG button
• Step 5: click Continue to go to the login screen

Bridging the Interfaces:

Load the bridge module:

modprobe bridge

Edit /etc/network/interfaces

# The loopback network interface

auto lo

iface lo inet loopback


# The primary network interface


auto eth2

iface eth2 inet static

        address 10.x.x.x

        netmask 255.x.x.x

        network 10.x.x.x

        broadcast 10.x.x.x

        gateway 10.x.x.x

        # dns-* options are implemented by the resolvconf package, if installed

        dns-nameservers 10.x.x.x

        dns-search searchbase


# The Bridge


auto br0

iface br0 inet manual

bridge_ports eth0 eth1

# Time to wait before loading bridge

bridge_maxwait 0

/etc/init.d/networking restart

Then setup the box to load the bridge kernel at startup:

crontab -e

@reboot root lsmod | grep bridge > /dev/null || /sbin/modprobe bridge;

The following is a startup script from http://openmaniak.com/inline_final.php that I used and modified for my setup.  I saved it in /etc/init.d/snortd:

#!/bin/bash

#

# snort_inline

start(){

# Start daemons.

echo "Starting ip_queue module:"

lsmod | grep ip_queue >/dev/null || /sbin/modprobe ip_queue;

#

echo "Starting iptables rules:"

# iptables traffic sent to the QUEUE:

# accept internal localhost connections

iptables -A INPUT -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

iptables -A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

# send all the incoming, outgoing and forwarding traffic to the QUEUE

iptables -A INPUT -j QUEUE

iptables -A FORWARD -j QUEUE

iptables -A OUTPUT -j QUEUE

# Start Snort_inline

echo "Starting snort_inline: "

/usr/local/bin/snort_inline -c /etc/snort_inline/snort_inline.conf -Q -D -v \

-l /var/log/snort_inline

# -Q -> process the queued traffic

# -D -> run as a daemon

# -v -> verbose

# -l -> log path

# -c -> config path

}

stop() {

# Stop daemons.

# Stop Snort_Inline

# echo "Shutting down snort_inline: "

killall snort_inline

# Remove all the iptables rules and

# set the default Netfilter policies to accept

echo "Removing iptables rules:"

iptables -F

# -F -> flush iptables

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT

# -P -> default policy

}

restart(){

stop

start

}

case "$1" in

start)

start

;;

stop)

stop

;;

restart)

restart

;;

*)

echo $"Usage: $0 {start|stop|restart|}"

exit 1

esac

You can start snort with :

/etc/init.d/snortd start

And configure the server to run the snortd script at boot:

update-rc.d snortd defaults 95

And there we have it, what should be a functional Snort box compiled with inline support!  Wrapping my head around this has been a chore, I’m pleased that it’s at least running!  I haven’t put it in the middle of everything yet, so far I’ve just put it between my system and the network to play with rules.  One downside I found deals with restarting the snort process to load new rules; doing so will interrupt traffic until snort starts up again which can be around a minute or so.

Thanks everyone.

Going into this, I had NO experience with developing anything for the iPhone or Mac OS for that matter.  Sure I’d written some scripts, and about 7 years ago I wrote an app to import users into Active Directory, but I was a clean slate and ready to learn.  Initially, and some may remember, the app started out working like the Weather app, super simple, but it got the job done.  I gleaned a lot off forums, friends, and screw-ups to get it working and it did!  Apple even published the darn thing for me.  After some requests and a complete redesign by Brisk Studios, a much improved version 2 was out with almost 30 states and 300+ rivers, entomology photos and a great new interface.  Entomology photo’s were slow coming, but Lucas Carroll (http://www.flickr.com/photos/luke_c_photography/) was kind to provide some of his amazing photography and with the help of Jason Neuswanger (http://www.troutnut.com) a huge portion of the photography was hammered out.

With the new version I also tried to push the app to a lot of blogs and a few magazines looking for reviews and was very pleased with what came out (I have a pretty good list here).  Most recently American Angler even wrote a quick blurb about it in their Jan/Feb 2010 issue!

In all, it’s been a fun and extremely time consuming process.  There are currently over 46k rows of data in one of the SQLite tables that were hand entered.  The process has been rewarding in the fact that it’s something that I’ve created, but equally as frustrating.  One of the downsides to the app store is the commenting/review system, though it’s inherit in any retail scenario.  Anyone who’s going to take the time to comment, will most likely be a complainer.

Most recently, “Andyfisher” left a comment stating:

The data on my favorite river is plainly incorrect and the number of rivers it covers is too limited!  This app still needs a lot of work because it’s substandard.  Don’t buy it before it’s radically updated!

Wow, Andyfisher, please let me know which river(s) needs more work and I’ll see what else I can find.

A man named Robert emailed me:

Your site is a joke, at least this time of year.  The same 4 flies
cannot be appropriate for every river in the US

One of the hard things about creating an app like this is you have to generalize some information.  I fully understand that a stonefly pattern that kills in Montana may not work as well on the Deschutes; but in no way is this app meant to replace a good old local fly shop.  In fact, I would encourage users to visit fly shops for indepth knowledge of the local regions!

On that note, the latest version that I’ve submitted for approval is coming with photo’s of patterns by Montana Fly Company.  They have a great list of fly shops that sell their product and maybe in a future version I’ll figure out a way to provide a list of shop for states.

This whole process has really made me sit back and take criticism lightly and understand that I can’t please everyone.  Sure I’d love to have exact information for every river, stream, lake, and body of water in the US, but then I know I’d get bashed for giving away ‘secrets’.

I’ve got in touch with some great folks like Lucas Carroll as mentioned above, Cameron Mortenson and the folks behind http://www.fishykid.org/, David Gross at http://www.flyfishingsherpa.com, the great guys at Korkers, http://paflyfish.com/, http://eastcoastangler.blogspot.com/, and http://www.midcurrent.com.  I’m sure I’ve missed someone, but thanks everyone for the support and helping spread the word.

Should I have the chance to do it over or anyone thinking of creating an app I’d do the following:

• Wait to release a more complete app rather than slowly adding rivers as time permits
• Realize that it can’t be created for free
• Realize it is rewarding, but don’t count on it to be a gold mine

You can find it over on iTunes: http://www.itunes.com/apps/thehatch

Make sure you check out the new website for the app over at http://www.thehatchapp.com

An update to the lite version will be coming shortly, so hang in there.