On Sat, Sep 29, 2012 at 10:13:58AM -0400, Jason Edgecombe wrote: > On 09/28/2012 11:33 PM, Troy Benjegerdes wrote: > >If we dust off some old AFS code and paint up with YFS, TFS, and > >WTFS (What The Foo is this File Stuff) logos, and have ourselves > >a nice horserace all the spreadsheet guys can take bets on, what > >might happen? > As I understand, YFS, Inc. is taking this approach. > >How about at the next DEFCON hacker convention we organize a demo > >of a real-time AFS protocol encryption cracker and file-server spoofer? > >I expect this would have all the impact of turning off your servers but > >conveniently providing someone else to blame. Spreadsheet pushers like > >to play blame games, you know. > Manager/Security: "What do you mean that the bloody protocol is > compromised and we can't fix it?! How much to get off of this crap > right now?" > > Much backlash. That would just make AFS fail. > > I doubt that we would win any customers by deliberately exposing > them to security, regulatory, or legal problems.
Someone else commented about 'nuking bridges', and demoing an encryption cracker without tested replacement code would be more like nuking all the bridges from orbit, which is why I haven't seriously considered it. Now, here's the thing though... Look at the competition.. iCloud, amazon S3, google drive. THOSE are protocols that are broken. Spreadsheet guys don't understand protocols, or why they are important. At least with AFS we have a solid protocol, and (I think) an accepted path forward (rxgk), and all that is lacking is *paying someone to write the code* If the support vendors have good PR people, the response to the manager will be "Here, we have a new upgrade to sell you, that will be $X, and here are our pen test reports showing how easy it is to hack everything else because the only protocol that actually addresses the threat is AFS" On my more cynical days, I think the only way to actually make money in today's current software/hardware business is to abuse your customers with licenses, upgrade treadmills, and FUD. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
