[e-lang] E + MinorFs + AppArmor: adding Tahoe to the stack ?
Zooko O'Whielacronx
zookog at gmail.com
Thu Jan 28 11:08:29 PST 2010
On Thu, Jan 28, 2010 at 12:02 PM, Raoul Duke <raould at gmail.com> wrote:
> the question i have is: who really is the audience? my impression is that the audience for security is something of a niche.
You might like my blog post: "security is an anti-feature":
http://testgrid.allmydata.org:3567/uri/URI:DIR2-RO:j74uhg25nwdpjpacl6rkat2yhm:kav7ijeft5h7r7rxdp5bgtlt3viv32yabqajkrdykozia5544jqa/wiki.html#%5B%5Bsecurity%20is%20an%20anti-feature%5D%5D
I've been thinking that maybe the security community is the wrong
market. Most users, I've come to believe, will instinctively reach
for the *other* tool if one of the tools is labelled as "secure".
This may sound strange, but I think it is true and that there is a
good reason for it. Users know that a tool which comes with a
"security" sticker on it means more hoops they have to jump through
before they can get their work done: pop-up dialogs asking "Are you
sure?", key-management hassle, access-denied errors, etc.. They also
know that most of the time bad guys aren't going to be attacking them
and most of the time this tool isn't going to be the weakest link in
the chain anyway. In short, users are rational and correct when they
pass over the products with "security" in favor of the products with
"get your job done today".
Now we have always tried with Tahoe-LAFS to make something which
provides security *without* introducing lots of hassle. I think we've
at least partially succeeded (although I'm still alert for more
evidence from the field to indicate what's working and what isn't).
So maybe we should find some way to appeal to those people who just
want a reliable and easy-to-use cloud storage tool and don't want an
extra helping of "security".
More information about the e-lang
mailing list