Short Term (all started to some degree)
   - documentation
   - make the architecture extensible (so that it is easy to contribute)
   - much better error message support
   - multi-sensor support in all operations
   - new search criteria: IP masks, TCP/IP options
   - making more search result items "clickable (e.g. getting a full
     history when clicking an a particular IP)
   - various "fast searches" off the main page
   - graph a break-down of alert occurances by IP and subnet
   - graph statistics using a real tool: e.g. RRDtool
   - lookups for a particular IP (intelligent whois, dig, traceroute, etc.) 
   - print the same stats listed on the main page for all query results
   - discover why Lynx-based viewing breaks on certain URLs

- Longer Term
   - security: a concept of login and privileges on operations/data
   - support different underlying DBs
   - layer-4+ packet decode
   - export alerts from ACID to tcpdump
   - more real analysis!
