I’m sure there’s nothing to this, but I have to point it out: a Microsoft employee publicly seeking information on Google PageRank. Roberto D’Angelo, in How Google PageRank(tm) works (the post has been removed, here is a PDF version of the original), discusses how the PageRank algorithm works as well as asks for others to provide additional information.
Anybody find this a bit odd?
I’m not trying to knock Roberto, or Microsoft, it just strikes me as odd that a Microsoft employee would be publicly seeking information on a proprietary feature of a competitor’s product. While it’s normal to review a competitor’s product to see what it does better, trying to figure out patented and proprietary technologies, in a public setting, seems like a bad idea to me.
What gets me about this, is that it’s so public. Digging into a competitor’s product in a public manner will lead to backlash, especially when we’re talking about Google and Microsoft. I can only imagine the comments that will be made as a result of his post. So far I’ve not seen any feedback on this, but I have to image that it will be coming. From a business perspective, I have to suspect this will be considered a mistake.
What do you think, is it really a good idea to publicly dig into the proprietary feature of a competitor’s product?
Update: Since this was published the original page was removed, making public discussion a bit of a moot point. I’m leaving this as I feel it’s an interesting point. I’ve removed the original link and added a link to a PDF file of the original page, for those interested in seeing what was said.
During a recent discussion about the DarkMatter CA on a Mozilla mailing list, it was found that their 64-bit serial numbers weren’t actually 64 bits, and it opened a can of worms. It turns out that the serial number was effectively 63 bits, which is a violation of the CA/B Forum Baseline Requirements that state it must contain 64 bits of output from a secure random number generator (CSPRNG). As a result of this finding, 2,000,000 certificates or more may need to be replaced by Google, Apple, GoDaddy and various others.
Security researchers play an important role in the industry, though one that doesn’t always receive the support needed. In this post, I am proposing the creation of a new non-profit entity, the International Association of Information Security Research Professionals (IAISRP), as a supporting group to push research forward, and provide the tools and resources to improve the quality of work, and the quality of life for those involved in this vital work.
For the second year I am publishing a year-in-review – something I had generally avoided in the past, as the tone of these posts is typically just cynicism and negativity. Looking back at 2015, it wasn’t all positive (what year is?), but there was certainly some good, and there are great things to look forward to.
In a season filled with empty marketing pitches, worthless predictions, and pointless projections – it’s important to look at the good and avoid the cynicism overload that is all too common.
Opportunistic encryption has become quite a hot topic recently, and blew up in a big way thanks to an Internet Draft that was published on February 14th for what amounts to sanctioned man-in-the-middle. Privacy advocates were quickly up in arms – but it’s not that simple (see here). As pointed out by Brad Hill, this isn’t about HTTPS traffic, but HTTP traffic using unauthenticated TLS; thanks to poor wording in the document, it’s easy to miss that fact if you just skim it.
…or, The Cost of Wild Speculation.
“We need to boost our security – I think the NSA has broken everything we use. AES-256 is too weak, I don’t trust it. Find a way to implement AES-512.”
Double-AES-256! It’d be easy, and double encrypting has never bitten us before. So, let’s write some code!
def encrypt(msg, iv, key) return e(e(msg, iv, key.slice(0..31)), iv, key.slice(32..63)) end def decrypt(cipher, iv, key) return d(d(cipher, iv, key.
