[OpenAFS] the future

Troy Benjegerdes hozer@hozed.org
Sat, 29 Sep 2012 22:52:43 -0500


On Sat, Sep 29, 2012 at 10:13:58AM -0400, Jason Edgecombe wrote:
> On 09/28/2012 11:33 PM, Troy Benjegerdes wrote:
> >If we dust off some old AFS code and paint up with YFS, TFS, and
> >WTFS (What The Foo is this File Stuff) logos, and have ourselves
> >a nice horserace all the spreadsheet guys can take bets on, what
> >might happen?
> As I understand, YFS, Inc. is taking this approach.
> >How about at the next DEFCON hacker convention we organize a demo
> >of a real-time AFS protocol encryption cracker and file-server spoofer?
> >I expect this would have all the impact of turning off your servers but
> >conveniently providing someone else to blame. Spreadsheet pushers like
> >to play blame games, you know.
> Manager/Security: "What do you mean that the bloody protocol is
> compromised and we can't fix it?! How much to get off of this crap
> right now?"
> 
> Much backlash. That would just make AFS fail.
> 
> I doubt that we would win any customers by deliberately exposing
> them to security, regulatory, or legal problems.

Someone else commented about 'nuking bridges', and demoing an
encryption cracker without tested replacement code would be more
like nuking all the bridges from orbit, which is why I haven't 
seriously considered it.

Now, here's the thing though... Look at the competition.. iCloud,
amazon S3, google drive. THOSE are protocols that are broken.
Spreadsheet guys don't understand protocols, or why they are
important.

At least with AFS we have a solid protocol, and (I think) an
accepted path forward (rxgk), and all that is lacking is *paying 
someone to write the code*

If the support vendors have good PR people, the response to the 
manager will be "Here, we have a new upgrade to sell you, that will
be $X, and here are our pen test reports showing how easy it is to
hack everything else because the only protocol that actually addresses
the threat is AFS"

On my more cynical days, I think the only way to actually make money
in today's current software/hardware business is to abuse your customers
with licenses, upgrade treadmills, and FUD.