[OpenAFS] the future

Aaron Knister aaronk@umbc.edu
Sun, 30 Sep 2012 01:43:05 -0400 

On Sep 29, 2012, at 11:52 PM, Troy Benjegerdes <hozer@hozed.org> wrote:

> On Sat, Sep 29, 2012 at 10:13:58AM -0400, Jason Edgecombe wrote:
>> On 09/28/2012 11:33 PM, Troy Benjegerdes wrote:
>>> If we dust off some old AFS code and paint up with YFS, TFS, and
>>> WTFS (What The Foo is this File Stuff) logos, and have ourselves
>>> a nice horserace all the spreadsheet guys can take bets on, what
>>> might happen?
>> As I understand, YFS, Inc. is taking this approach.
>>> How about at the next DEFCON hacker convention we organize a demo
>>> of a real-time AFS protocol encryption cracker and file-server spoofer?
>>> I expect this would have all the impact of turning off your servers but
>>> conveniently providing someone else to blame. Spreadsheet pushers like
>>> to play blame games, you know.
>> Manager/Security: "What do you mean that the bloody protocol is
>> compromised and we can't fix it?! How much to get off of this crap
>> right now?"
>> 
>> Much backlash. That would just make AFS fail.
>> 
>> I doubt that we would win any customers by deliberately exposing
>> them to security, regulatory, or legal problems.
> 
> Someone else commented about 'nuking bridges', and demoing an
> encryption cracker without tested replacement code would be more
> like nuking all the bridges from orbit, which is why I haven't 
> seriously considered it.
> 
> Now, here's the thing though... Look at the competition.. iCloud,
> amazon S3, google drive. THOSE are protocols that are broken.
> Spreadsheet guys don't understand protocols, or why they are
> important.
> 
> At least with AFS we have a solid protocol, and (I think) an
> accepted path forward (rxgk), and all that is lacking is *paying 
> someone to write the code*
> 
> If the support vendors have good PR people, the response to the 
> manager will be "Here, we have a new upgrade to sell you, that will
> be $X, and here are our pen test reports showing how easy it is to
> hack everything else because the only protocol that actually addresses
> the threat is AFS"
> 
> On my more cynical days, I think the only way to actually make money
> in today's current software/hardware business is to abuse your customers
> with licenses, upgrade treadmills, and FUD.

*cough*Oracle*cough*

> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info