On Mon, Feb 17, 2014 at 04:07:08PM -0800, Russ Allbery wrote: > Jeffrey Hutzelman <jh...@cmu.edu> writes: > > On Mon, 2014-02-17 at 13:11 -0600, Troy Benjegerdes wrote: > > >> So $10k for design, and $100k for implementation sufficient to protect > >> a small business's data worth between $250k, and $1M. > > > No, that's not what Jeff said. What he said was that doing the design > > and analysis work required to come up with an estimate could cost $10k. > > I happen to think that's a bit high, but then, I'm not volunteering to > > do it. > > Generating these sorts of numbers are all about what assumptions you want > to make, but if you assume 50% overhead from whatever organization has to > do the work to write the contract, deal with all the legal issues, route > the money to people, maintain office space or benefits or whatnot, and so > forth, and then figure you want three people thinking hard about this and > those people make around $75 an hour, $10K pays for about 20 hours for > each of those three people. > > That's not out of the realm of possibility. We've collectively spent far > more than that on the rxgk specification, although I suspect much of that > time was uncompensated or written off as some variety of overhead by a lot > of different institutions.
I remember hearing lots of arguments that getting rid of DES keys would take tens or hundreds of thousands of dollars, and that 'developers need to eat' etc etc. Then one day an exploit was announced, and all of a sudden we got http://www.openafs.org/pages/security/how-to-rekey.txt I need to eat too, but I'd rather focus on marketing and identifying who exactly the customer base is that's going to pay for AFS file encryption, and IPv6, and disconnected operation, and give them a free teaser of working code than whining about how it's how hard to get the current customers to buy stuff. Who's the new customer base? How do we educate all the new bitcoin-based businesses on the benefits of AFS for running a production grade distributed filesystem to support cryptocurrency trading? These guys literally make money and if you can take payment in the money they make, you can cut half the overhead costs out. ---------------------------------------------------------------------------- Troy Benjegerdes 'da hozer' ho...@hozed.org 7 elements earth::water::air::fire::mind::spirit::soul grid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info