What's in a Name?
by J. Edward Durrett
In order to communicate we name things. In a perfect world, the name means the same thing to everyone using it. We
agree on meaning out of practicality. A table is a thing with a flat surface raised off the ground. It is not a
chair. We can safely assume that when we use the word table with a fellow english speaker, the meaning is shared
as if it were an universal.
Software, however, is named arbitrarily and the meanings of the name are not universally agreed upon. With common
software, like Word, most people engaged in professional office type work know it is a word processing program.
There is little ambiguity. In more obtuse software, software used by smaller groups, the names form a type of
secret language whose meaning is only known to an in group. In some cases, like Nmap , the name is is both
descriptive and easily explainable to people not in the in group: nmap is a network mapping program. It also is
not easily confused for a common name with different meanings to the out group.
There is a an intrusion detection system that has been around since the 90s that few people outside of network
security know about. Even within the community, I find myself explaining it. The name of the software is Bro .
The name is actually quite creative, as it is derived from the Orwell novel 1984. There is a bit of irony too, as
in order for security professionals to ensure confidentiality of data they need to operate constant surveillance.
Surveillance is Confidentiality – our computer newspeak is rich!
Now the problem with the name Bro is it is not descriptive enough of the software’s purpose as to be easily
explainable. In addition, people not associated with it might derive an entirely different meaning. Imagine
overhearing someone talk on the phone:
“Have you looked at the bro log files? You have to use bro-cut if you want just one field.”
This makes perfect sense to me. However, someone in the same office might hear it as:
“Have you looked at the, bro, log files? You have to use, bro, cut if you want just one field.”
And that makes the speaker sound overly familiar with the caller at best and downright exclusionary at worst.
I can imagine other instances of the types of miscommunication this can cause.
“What is she working on?”
“She’s working on the bro.”
Wow, totally inappropriate for the workplace, when heard by someone not part of the in group.
These type of misunderstandings can cause divisions in a workplace and, from a security perspective, a divided
workplace is impossible to secure. As in, “I don’t want to go to the security briefing, that guy is always
talking about his bros.”
Security professionals must be able to have bi-directional communication with all members of the organization in
addition to the community at large. Cross cultural dialog is essential. The rise of the modern homogeneous tech
culture, which is enforced through exclusion by age, race, gender and class, threatens the ability to have open
and clear communications. Even unintended exclusion hinders the cohesion needed for top performance .
For these reasons, and thanks to the extremely permissive license, I decided to port the Bro project into another
Operational Reconnaissance B or Orb. I say port, not fork, as the underlying
functionality does not change. The major difference is all the commands that were bro are now orb. So, for
example, to sum network connections by type:
cat logs/current/conn.log | bin/orb-cut service | sort -n | uniq -c
More details, a conversion script that will transform the Bro source to the Orb source and how to compile and
install Operational Reconnaissance
are on the project page
Names carry with them significant power and when used differently by different groups can lead to misunderstanding
and exclusion. By making this wonderful piece of software available under another name, I hope more people will be
willing to learn about it and use it. By building a more inclusive community, we can possibly build a better, more
secure, network environment.