Yeah; I've posted on that. Think about it, though. There's no need
to use a blockchain for that, when embedding a checksum in a log file —
what's variously called hash chaining and linked time-stamping — works
just fine. But given that logging on a compromised system is entirely
suspect (what gets logged, what lots are still present, what gets
deleted, etc), and anybody that needs higher assurance either sends the
logging messages to remote logging servers — whole lot tougher to forge
that traffic, as multiple systems and network security have to be
compromised, and the checksums can be included in the messages should
that be deemed necessary — or uses a local WORM device, or a
combination.
Put another way, how many folks need this level of logging integrity?
Sure. Some will. And how far up (or down) the OpenVMS development
priority list might this requirement be? I'd rather have syslog-ng or
analogous distributed logging support long before having to wade into
setting up and troubleshooting a host-specific distributed ledger
implementation, too. If there are a couple of standards for
distributed ledgers available in a few years — Ethereum or whatever —
maybe look at adding support then?
And this assumes that the distributed ledger logging implementation is
fast enough. Some of the observed cryptocurrency transaction rates
are way below the rates that even smaller systems and smaller apps can
generate logging messages. Hopefully that observed under-performance
is addressed, too.
> I saw some work a while ago on a network protocol that used the
> blockchain for verification that a packet was authentic (obviously not
> useful in a large public blockchain but perhaps doeable in VMS cluster
> that are a closed network shop).If VMS is going to claim to be the
> bee's knee's in security then it might want to start to look at making
> itself one step ahead of the general riff raff.
Could you elaborate on the connection between hash chaining or linked
timestamps or blockchains, and clustering? Because I really don't see
a firm link there; not anything that's at all specific to clustering.
Even positing that it'd be nice to have forensic-grade logging, major
parts of OpenVMS logging and operator communications are unfortunately
largely stuck in the 1970s, more than a little of it is disjoint at
best, and all that'll best be brought forward first. There's a lot of
other work here.
> With a blockchain, you can get each device that deals with the packet
> to register it's interaction. The recipient can then query the
> blockchain to ensure the packet passed through only sanctioned
> equipment/pathways.
> Might not be fast enough for general network operations but could be ok
> for file transfers or email or...(VPN is end to end, it cannot verify
> that the intermediary isn't copying / capturing packets for later
> decryption attempts)
>
> Put VMS reference files on a blockchain maybe? In a closed system such
> as a VMS cluster running a private blockchain, you could distribute a
> software upgrade and know that it's authentic. The average VMS shop
> might not be interested but perhaps the military might pay for such a
> level of security?
I'd much rather have an IDE integrated with the compilers and the
debugger and distantly feature-comparable to Xcode or VS, an SMB3
server and an SMB3 client, integrated and always-present IP networking,
integrated web services, actual LDAP support past password
authentication, a framework that abstracts networking and TLS and
authentication and easing upgrades, a framework that makes it feasible
to design and develop and operate apps in a cluster without rolling
your own everything from first principals, multiple- and cross-cluster
support for job scheduling and process control, support for current
standards among the compilers for the major languages, modern patch
management tools, integrated Python support, overhauled remote
management, online price lists and online purchasing of OpenVMS
licenses, a completely overhauled PAK system, TLS and DTLS 1.3 and
preferably kernel support, IPv6 support, encrypted disks, full IPv6
support, json/yaml/xml support, a mail server at least approaching
Postfix and Dovecot, sandboxes and support for isolating containers,
ASLR/KASLR/no-execute, GUIDs replacing facility prefixes and other
coordinated magic values, preferences storage frameworks so that we're
not all writing our own, integrated certificate management, PostgreSQL
and SQLite in the base distro, the removal of CDSA and the retirement
of SYSUAF et al (for LDAP), maybe MQTT or CoAP support, clustering via
TLS/DTLS, maybe OO API support, support for consistent backups of open
RMS files, etc., .etc., etc., ... before I get really interested in
adding blockchains in logging, and that's all only after the OpenVMS
x86-64 port is available and stable and layered products and
third-party packages are becoming available. And maybe not even then.
I'm presently wrestling with a major programming language that isn't
working right on OpenVMS. And it should. Blockchain support isn't at
the top of my list, nor I'd suspect near that of most folks.
There are applications for blockchains. Definitely. And for
cryptocurrencies. Cryptocurrency wallets are pretty good intrusion
canaries, for instance. But blockchains? In OpenVMS? Unless
somebody can better elaborate the case for adding blockchains for
clustering or logging or other purposes, that's seemingly just so far
down the priority list that anybody that needs a blockchain in an app
can use some of the available open source. Have a look at
https://www.ethereum.org or otherwise. There are enough half-baked
grafted-on giblets on OpenVMS — digital certificate management comes to
mind, here — that adding blockchain "support" could certainly comprise
a checkbox feature, and some marketeering fodder.
In all seriousness, do please convince me that there are bigger
applications for integrating distributed ledger support into OpenVMS
here, past a adding a framework or two. Reasons ahead of getting a
whole lot of other work, as nobody around here has infinite staff and
schedule. I'm certainly interested in hearing about those cases and
those applications, too. And also hearing how VSI is also going to
sell more OpenVMS licenses to existing and/or to new customers with
those blockchain features, too.