On Sep 29, 2012, at 11:52 PM, Troy Benjegerdes <[email protected]> wrote:
> On Sat, Sep 29, 2012 at 10:13:58AM -0400, Jason Edgecombe wrote: >> On 09/28/2012 11:33 PM, Troy Benjegerdes wrote: >>> If we dust off some old AFS code and paint up with YFS, TFS, and >>> WTFS (What The Foo is this File Stuff) logos, and have ourselves >>> a nice horserace all the spreadsheet guys can take bets on, what >>> might happen? >> As I understand, YFS, Inc. is taking this approach. >>> How about at the next DEFCON hacker convention we organize a demo >>> of a real-time AFS protocol encryption cracker and file-server spoofer? >>> I expect this would have all the impact of turning off your servers but >>> conveniently providing someone else to blame. Spreadsheet pushers like >>> to play blame games, you know. >> Manager/Security: "What do you mean that the bloody protocol is >> compromised and we can't fix it?! How much to get off of this crap >> right now?" >> >> Much backlash. That would just make AFS fail. >> >> I doubt that we would win any customers by deliberately exposing >> them to security, regulatory, or legal problems. > > Someone else commented about 'nuking bridges', and demoing an > encryption cracker without tested replacement code would be more > like nuking all the bridges from orbit, which is why I haven't > seriously considered it. > > Now, here's the thing though... Look at the competition.. iCloud, > amazon S3, google drive. THOSE are protocols that are broken. > Spreadsheet guys don't understand protocols, or why they are > important. > > At least with AFS we have a solid protocol, and (I think) an > accepted path forward (rxgk), and all that is lacking is *paying > someone to write the code* > > If the support vendors have good PR people, the response to the > manager will be "Here, we have a new upgrade to sell you, that will > be $X, and here are our pen test reports showing how easy it is to > hack everything else because the only protocol that actually addresses > the threat is AFS" > > On my more cynical days, I think the only way to actually make money > in today's current software/hardware business is to abuse your customers > with licenses, upgrade treadmills, and FUD. *cough*Oracle*cough* > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
