[OpenAFS] Community Support for OpenAFS for Windows

[Jeffrey Altman]

This is a cryptographically signed message in MIME format.

--------------ms070003030306010007070002
Content-Type: multipart/mixed;
 boundary="------------080403080801060902010802"

This is a multi-part message in MIME format.
--------------080403080801060902010802
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

OpenAFS 1.3.70 has now shipped.  This is a major step forward
in the improvement of performance, stability, and integration
of AFS on Microsoft Windows.  I estimate that close to nine
person months of effort went into this release.  Of that I
estimate that one third was unfunded work related to coding
of features everyone needs but no one would pay for,
testing, debugging, and release packaging.  I have not done
this work alone and for that I am grateful.

I want to once again thank MIT and their student hire Asanka Herath
for all of the late nights we have spent on this project;
Rodney Dyer of UNCC for being a pain in the ass, pushing OpenAFS
for Windows to its limits and providing access to their environment
for testing; Sine Nomine Associates and their clients for allowing all
of the bug fixes and new features to be incorporated into the new
release; and those individuals who have contributed to my tequila fund.

While on one hand I am thankful for the support which has been
provided I am also somewhat disappointed by the lack of the greater
community to step up to the plate.  At the AFS Best Practices
conference it repeatedly stated by attendees that the future of
AFS in their organizations is dependent upon how well the Windows
client performs.  Many individuals and organizations offered their
support never to be heard from again.  The only conclusion I can
come to is that money is tight (isn't it always) and the collective
feeling is that progress is being made and someone else will
contribute.  While some organizations have contributed
their efforts are not enough.  If every organization deploying OpenAFS
for Windows contributed just US$1000 or US$2000 a year, there would
be significant funding to cover the development efforts.

The response to my presentation at the AFS Best Practices conference
was highly motivating.  It demonstrated that at least on a conceptual
basis my dream of having OpenAFS and Kerberos for Windows deployed
transparently on every Windows machine in order for the real work
users want to accomplish simply work in a secure environment is shared
by the community.  In order for AFS to be successful it must integrate
with Windows to such an extent that users do not notice its existence.
With the release of 1.3.70 I can honestly say that all of the easy
work has now been done.

Examples of some of the hard work which is ahead of us:

* The UI must be replaced to allow for better separation of function
   between AFS client administration; End user environment
   configuration; and credential management (k5 tickets, tokens, cell
   to principal mapping)
* The architecture of the SMB/CIFS server does not allow for sequential
   processing of SMB/CIFS requests.  This prevents us from implementing
   support for digital signing but more importantly breaks applications
   which use overlapped writes.  This causes all Microsoft Office
   applications to have failures when writing to AFS.  I can't think of
   a more important suite of applications which must simply work if AFS
   is truly to be used in a transparent manner from the end user
   experience.
* The lack of cache persistence and the inability to support GB size
   caches not only reduces the performance of the OpenAFS for Windows
   client but it also places an extremely heavy burden on the AFS file
   servers.  My rough guestimate is that when applications are being
   served out of AFS every Windows client feels like 100 Unix clients to
   the AFS servers.  This is a serious burden which must be addressed if
   95% of the clients using AFS are going to be Windows.
* Support for UNICODE in the SMB/CIFS server and unnormalized utf8
   as the character set for file and directory names stored in AFS
* Support for files greater then 2GB in size
* Support for 64-bit architectures: ia64 and amd64,
* Implementation of an Installable File System option for those sites
   with increased performance requirements and who do not rely on the
   Windows Client Side Caching support for redirected folders


These projects are significant in scope and require months or years
to complete.  I am not asking anyone to blindly write a check to
pay for all of this.  What I am asking is that those who are going to
enjoy the benefits make an effort to contribute something on an on-going
basis.  Contributions may be made in the form of:

* a check, credit card, or paypal payment to Secure Endpoints Inc.
* a tax deductible donation to the Usenix OpenAFS.org account
* a tax deductible donation to the MIT Kerberos account
* part-time employment to support the OpenAFS for Windows Gatekeeper
   role
* the assignment of some number of programmer hours on a weekly basis

In order for the community to succeed in making AFS a first class
citizen in the Windows world, each of us are going to have to answer
the question "what can I or my organization do to help?"  I understand
the temptation to assume that OpenAFS is open source and therefore it
does not cost me anything to use it is quite high.  However, I would
argue that while there is no legal obligation for the purchase of
licenses (per-user, per-client, per-server, per-organization) there is
a moral obligation to assist the community which enables you to
better serve your end users.

Thank you for listening.  I hope that I can count on you.

Jeffrey Altman
OpenAFS for Windows Gatekeeper
Secure Endpoints Inc.
http://www.secure-endpoints.com/






--------------080403080801060902010802
Content-Type: text/x-vcard; charset=utf-8;
 name="jaltman.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="jaltman.vcf"

begin:vcard
fn:Jeffrey Altman
n:Altman;Jeffrey
org:Secure Endpoints Inc.
adr:;;255 W 94TH ST PHB;NEW YORK;NY;10025;United States
email;internet:jaltman@secure-endpoints.com
title:President
tel;work:+1 212 769-9018
x-mozilla-html:TRUE
url:http://www.secure-endpoints.com
version:2.1
end:vcard


--------------080403080801060902010802--

--------------ms070003030306010007070002
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJXzCC
AwowggJzoAMCAQICAwxkyDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwNTI3MTYzNDA4WhcNMDUwNTI3MTYzNDA4
WjBzMQ8wDQYDVQQEEwZBbHRtYW4xFTATBgNVBCoTDEplZmZyZXkgRXJpYzEcMBoGA1UEAxMT
SmVmZnJleSBFcmljIEFsdG1hbjErMCkGCSqGSIb3DQEJARYcamFsdG1hbkBzZWN1cmUtZW5k
cG9pbnRzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKq+zzUjKcIJdURp
j/tLc8iD3d23KipgccXHKaZ7i4vtg6jYNZPNkf9MVvAGwGDKTtCAvsgzcEAPWUeZHewyUFAB
hO2b2HZP3ceEacEomThjI83Vtsp8SPMk5KVKXWFvZhi0laKDWi6ApJ/DVhOrvS+Ja43ZZfjv
EiHkpQ6KWchCgF+sSc7crEN+t6vCqo3Gup9y3USeo2236XuI0NRPGeGlQEzcyQ03Dgoxvwm2
o0eyzBbPsHtky+EJjnvwIsE2UuVt2DHBeNOWBCM3mUZA+Oih+BxQc2woMxvBEIURX6xI3yya
ch+zu+T96k2KiExqg9CbJICIrxunfVcbXSkuskMCAwEAAaM5MDcwJwYDVR0RBCAwHoEcamFs
dG1hbkBzZWN1cmUtZW5kcG9pbnRzLmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUA
A4GBAK3qfKi68u7dgWG/joYoo4yhEiaL5lGVmyBZjMW9Vk7b8pdHwh/GXXgN3MeW1qXb2tIm
qaDHtfG8eNH9Go0+8zzTTKwvLxI6WqLuzghUq7OZf/8KUhJPyylAQ/lQy+JwE6Oaxc14n5gR
SBr2jHiQ5jCBQcUOGzEj44KNP6eNGYEkMIIDCjCCAnOgAwIBAgIDDGTIMA0GCSqGSIb3DQEB
BAUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBM
dGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0w
NDA1MjcxNjM0MDhaFw0wNTA1MjcxNjM0MDhaMHMxDzANBgNVBAQTBkFsdG1hbjEVMBMGA1UE
KhMMSmVmZnJleSBFcmljMRwwGgYDVQQDExNKZWZmcmV5IEVyaWMgQWx0bWFuMSswKQYJKoZI
hvcNAQkBFhxqYWx0bWFuQHNlY3VyZS1lbmRwb2ludHMuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAqr7PNSMpwgl1RGmP+0tzyIPd3bcqKmBxxccppnuLi+2DqNg1k82R
/0xW8AbAYMpO0IC+yDNwQA9ZR5kd7DJQUAGE7ZvYdk/dx4RpwSiZOGMjzdW2ynxI8yTkpUpd
YW9mGLSVooNaLoCkn8NWE6u9L4lrjdll+O8SIeSlDopZyEKAX6xJztysQ363q8Kqjca6n3Ld
RJ6jbbfpe4jQ1E8Z4aVATNzJDTcOCjG/CbajR7LMFs+we2TL4QmOe/AiwTZS5W3YMcF405YE
IzeZRkD46KH4HFBzbCgzG8EQhRFfrEjfLJpyH7O75P3qTYqITGqD0JskgIivG6d9VxtdKS6y
QwIDAQABozkwNzAnBgNVHREEIDAegRxqYWx0bWFuQHNlY3VyZS1lbmRwb2ludHMuY29tMAwG
A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEArep8qLry7t2BYb+OhiijjKESJovmUZWb
IFmMxb1WTtvyl0fCH8ZdeA3cx5bWpdva0iapoMe18bx40f0ajT7zPNNMrC8vEjpaou7OCFSr
s5l//wpSEk/LKUBD+VDL4nATo5rFzXifmBFIGvaMeJDmMIFBxQ4bMSPjgo0/p40ZgSQwggM/
MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMM
V2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25z
dWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYD
VQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNv
bmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5
WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRk
LjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2
vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9
A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEw
EgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0
ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0R
BCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GB
AEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZ
Ohl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVN
d+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIDOzCCAzcCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMG
A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl
cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwxkyDAJBgUrDgMCGgUAoIIBpzAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNDA4MTAxODM3MzJaMCMGCSqG
SIb3DQEJBDEWBBRdxMgRDlcbLot2X3qFDmOEbiO8IjBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqG
SIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG
9w0DAgIBKDB4BgkrBgEEAYI3EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3
dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJl
ZW1haWwgSXNzdWluZyBDQQIDDGTIMHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYDVQQGEwJa
QTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhh
d3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwxkyDANBgkqhkiG9w0BAQEFAASC
AQAY2mf2xefYtaSm842UPAwltYbYx9YlAo48xAt2VUXKHB1sxKs3UuchKne3wynV8+eEpwR4
At9GNT2d4PRDfa6Q4JY+tQPW8b2G0/jNHjrDA6IdfsWQ3ql+UzzkLxh8pTrth835r8tftrLs
4qNZNpBpSI0AzsU6ogSgQ+sweOzECHYXbyOhkDlkUSd6nZGbvaevtQblU1YPEEKGAe79kgMT
fC/bRKw5i8ZKFkJ1kXh8N5PCX4Oquk4y/tW1Fi3Q9i8YM6oJ1jxc7nj7QiOVRmkayaKKwEM8
s3svMxWHov5Vs+Gd+6guTbzTnPXsn+Wjlen2wj5ghmW36FrWcJhQQ+O7AAAAAAAA
--------------ms070003030306010007070002--