This is the version of CIF I've always wanted to release. CIFv1 was about getting things done, CIFv2 was .. a giant mess. CIFv3 was about moving to python, CIFv4 was a dramatic overhaul of its core, with the hopes and dreams of machine learning and sophistication bolted on. It was faster, sexier and most all- bloateder (totally a word).
I was happy about CIFv4 and the advances it made, however it still had that horrible "overly complex for no good reason" after taste. It still tried to incorporate authorization and tokens into its core which, over time created more technical debt and more friction to the learning curve. If you came with your own authenticatication strategy, it was just another piece of complexity you had to deal with. If you didn't, you likely didn't need one. In earlier versions, if I was smart, I would have broken these pieces up and made them two distinct architectures.. if I was smart.
We also tried supporting all things for all the people (eg: Ubuntu && RHEL && CentOS && ..) rather than simply controlling the user experience through something as simple as docker. With that came different versions of python (bye bye python2!) and different versions of the OS. The immediate workaround (from a pathetic set of shell scripts) was using things like Ansible to keep up with the various configurations. Turns out- even "the EasyButton" leads to pain and confusion.
This proved useful when all you have is time (and an abundance of ignorance), I've since come to better understand what things like Docker can do for you. Observing how much of my time was spent deploying testing across platforms, as automated as it was as well as answering questions for folks when things went sideways. It became daunting, fast.
I no longer enjoyed releasing software, I was afraid of the questions. Put something out there- you get the initial rush of releasing something out into the world. Next comes the waves of people (if you're lucky), who in good faith are trying to make use of your creation, but have a hard time understanding how to get it working in their specific circumstances. Instead of forcing them to adopt your standards, you try to bend to them.. which almost never works in the long run. There are too many options, you can focus on product or integration.. not both, not without a profitable business model.
What started out as a simple brain exercise, a simple way to keep my skills sharp- has transformed into a very simple, lightweight and [hopefully] frictionless technology. The goal of CIFv5 has been, and will continue to be simple- get you up and running with exposure to threat intelligence as fast as possible. Nothing more, nothing less. It's 15 years of successes and failures provided as a set of Docker containers.
It took me ~180 hours to build over the last 12 months (10,000 if you start at CIFv0), it will take you 30s to get up and running...
