Main | « January 2004 | March 2004 » | Archives
Make me a logo, get $500
It may be too late for me to strive for personal comeliness, but that doesn’t mean my blog has to look dull as well. I’d like to commission some branding work from the Internet community. Here’s the deal:
I’d like a 150 x 150 pixel logo for use on this website and possible print applications. The logo should be direct, memorable and iconic. Like me. I’d also like an appropriately sized banner graphic for the top of the site. The banner should include the words “Vastly Important Notes”. All artwork has to be original and submitted to me by email. If I select your work, you must transfer all intellectual property to me and I’ll pay you $500 via Paypal or personal check. If I don’t select your work, I won’t use it anywhere and you may retain all ownership. If I don’t receive anything I really like, I won’t select anything. This offer is void if it’s illegal for some strange reason wherever you live; consider moving.
Oh, and I’ve already heard “*poof* you’re a logo”, in response to the title of this post. Please send artwork or funnier jokes only.
February 29, 2004 | Permalink | Comments (1)
Nothing new here
It turns out that my Google Superpowers idea had been previously described by Glenn Fleishman. It’s hard to come up with an original idea on the internet, but I take solace in the knowledge that my own entry was longer and more convoluted – thus demonstrating less respect for my reader(s)’ blog-surfing time. Customer service is what “Vastly Important Notes” is all about.
In an effort to ensure that even this admission of non-originality isn’t derivative of someone’s past work, I’d like to end with my favorite string of bytes from random.org:
dc 2f 09 c5 7b 00 8d 3d 42 67 00 22 a8 71 eb 30 64 b6 de 2d f3 89 bc 2b f2 8d 3d fe 6d 6c 1b e4
Thank you.
February 28, 2004 | Permalink | Comments (0)
Security in four simple words
Walking around the RSA show floor today, I was struck by the angry fruit salad of words that different vendors and experts use to talk about security. Of course any professional field develops an insider lingo, but the security industry seems to suffer from inconsistent definitions and obfuscated meanings. For example, the word “trust” has a nuanced and somewhat counterintuitive meaning in security technology circles. That’s fine, but how can we expect mainstream organizations and professionals to get comfortable with significant security changes if we pull the rug out from under them by redefining such foundational words? If I can’t even rely on my innate understanding of “trust”, I’m going to be pretty suspicious of just about everything else.
What is this “ice cream” thing you’re trying to sell, Mr. Softee… if that’s even your real name?
If we’re going to make people comfortable with security, it’s important to demystify the core concepts. I’ve been thinking of how to explain the basic ideas without using any words in non-obvious ways. Here’s my first pass.
Definitions of four core words you have to know about security that don’t pervert their non-professional meaning:
• Identity (noun) – Who you are.
• Privileges (noun) – What you’re allowed to do.
• Credential (noun) – A physical or electronic document that you can use to carry your identity and privileges.
• Validation (verb) – The action of making sure that your identity and privileges are accurate, right now.
The first three things are real or imagined objects. The last, validation, is an action that you have to perform pretty much every time you want to do something. Making validation reliable, fast and cheap is tricky and important. That’s what we do.
February 25, 2004 | Permalink | Comments (2)
Help my brother change his name
My younger brother, Mark Ayzenshtat, is about to graduate from Columbia University and wants to change his last name before plunging into the real world. He thinks his name is overly long and oddly spelled and has set up a blog to solicit name ideas. If you help him choose his new name, you’ll be able to wring a favor out of him later on in life. Or maybe I’m thinking of leprechauns again. Anyway, I’ve already suggested all of the scatological, juvenilely prurient and post-ironic names, so don’t bother with those.
February 24, 2004 | Permalink | Comments (7)
CoreStreet closes B round
We just closed our second round of funding, $8.5 million co-lead by Updata Partners and POD Holding. POD was also our A round lead and they've been fantastically helpful in the past year. Updata is a very impressive group and I have high hopes for the new relationship.
The funding announcement was covered in at least eight business and news publications today. We immediately received many congratulatory notes and resumes via email and it's going to take me a few hours to go through my voicemail when I get back to the office. When you announce a round of funding, everyone wants to sell you office supplies.
Needless to say, raising $12.5 million dollars in less than a year is a significant accomplishment for a young company, and I am deeply indebted to and impressed by our team of scientists, engineers, marketing and sales people. We’ve got the strongest start any company could ask for. Now it’s all about the execution.
February 23, 2004 | Permalink | Comments (0)
Google superpowers update
There’s been some discussion of my last post on Edward Felten’s Freedom to Tinker as well as by private email, so I thought I’d post a bit more detail on costs as well as a cautionary note.
It costs $5 to set up an AdWords account. You can specify the maximum that you'll pay per click and the maximum that you'll pay in one day. Since an average name is unlikely to have much competition for ad space, your per-click rate will probably never go above the minimum per-click charge of $.05. You probably have to search for yourself and click through once or twice to make sure that google sees a click through rate high enough to take you seriously, so add 10 cents to the setup costs. Total cost to start: $5.10
Going forward, assuming a very high click through rate of 1%, you'd be spending $1 for every 2,000 times somebody googles you. That's pretty cheap.
Of course, there's the possibility of someone trying to disrupt your harmless narcissistic endeavor by engaging in several obvious types of odious behavior. There’s absolutely no benefit to the attacker for doing this, so you’ll probably go unmolested unless somebody really has it in for you. If that’s the case, just set your AdWords maximum per-day rate at a low value. A $1 a day cap will mean that the worst pocket-book damage your determined arch-nemesis could inflict would be manageably paltry.
Lastly, just in case this needs to be said, don’t put electrical heating elements on your head without the help of a properly licensed and bonded professional. Or at all.
Thanks to Seth Finkelstein of the well written Infothought blog for bringing some of this to my attention.
February 22, 2004 | Permalink | Comments (0)
Google superpowers
A few years ago, at the height of the millennial Internet euphoria, I was discussing plans for stock option-induced lifestyle changes over beers with a colleague. “I don’t want to retire personally”, he thoughtfully intoned, “but it would be nice if my wife could finally stop working for good.” We both blinked at each other for a second, raised our little fingers to the corner of our mouths and – with comic timing built up by an abundance of movies and a dearth of maturity – said, “…and start working for Evil. Muhahahaha.” This was post-Austin Powers and pre-Al Qaeda, so the word, “evil” was fair game for humor but had not yet entered serious political discourse. Good times. You had to be there, I guess.
Naturally, this got me thinking about what kinds of interesting, supernatural evil-villain powers could be brought to life using the Internet. You see, the dotcom boom was never going to end and eventually we’d need a new business plan to, um, capture sticky eyeballs for e-business. Or something. I’ve always thought that a keen super-villain power would be omniscience. Of course, knowing what everybody was thinking all the time would present data storage and user interface problems, but what if you could always know whenever someone was thinking about you? What if you could have a Sauron-like ability to bend your mind towards anyone speaking your name? It’d be a boon for junior high school girls and CEOs alike. Talk about demographics!
How would you make money on this, you ask? Which part of “dotcom” don’t you understand?
Some things are better left forgotten, and this nugget disappeared with the last beer. Now, four years later, it can come back - and the company that’ll bring it to you is Google. (Notice to AT&T lawyers: fair use of old advertising trademark for satirical purposes.) Without further ado:
Achieving a first order approximation of omniscience using only Google and parts you can buy at Radio Shack:
1. Purchase a Google AdWords keyword for your name. AdWords are those little text ad boxes that appear on the right hand side of Google search results and elsewhere. It doesn’t really matter what your ad says. Try, “I know you just searched for me. I am watching”, if you want be ominous. Feel free to link it to this post so if anyone actually clicks on it, they’ll know what’s up.
2. Whenever someone does a search, Google chooses which ads to display next to the search results from the pool of all ads which have been purchased for the relevant keywords. This means that unless many other people have bought your name as a keyword, your ad will pop up every single time someone googles your name. Like this. This won’t cost you anything unless someone clicks on the ad – in which case it’ll only cost you a few cents.
3. The AdWords management console will show you the number of impressions and the number of clicks for each ad. Since the number of impressions should closely track the number of searches (except for very popular, oversubscribed names), you’ll know whenever someone googles your name. Search for yourself a few times and click through to get the system primed.
4. Take your earmuffs (if you live in Boston) or iPod headphones (if you live anywhere else), and add an electrical heating element and wireless data receiver. Write a program to periodically check your AdWords reports and, every time a new impression comes in, send a ping to your headset. If you can’t write this program yourself, pay me to subcontract it out for you.
5. Since googling is more or less the same as thinking nowadays, every time somebody "thinks" of you, your ears will burn.
Google can cut out this whole AdWords steps and just offer the whole thing as a paid service: Iamsauron.google.com. Clearly, this is the promise of the Internet. Fulfilled.
Of course, Google can just as easily change their terms of service or ad selection algorithm and break this whole idea. When you’re an omniscient and supernatural dotcom survivor, that kind of power comes with the territory.
[see this update]
February 21, 2004 | Permalink | Comments (4)
Micali knows math
My colleague and co-founder, Dr. Silvio Micali, has won the RSA Conference Award for Mathematics. Congratulations Silvio! We wouldn’t be anywhere without you, or, err, math. The award will be presented at the RSA show in San Francisco on February 24th, and Silvio will probably make some remarks.
Speaking of speaking at RSA, three of us are giving talks at the conference.
February 19, 2004 | Permalink | Comments (0)
Reports of PKI death, greatly exaggerated
A 1991 college computer networking class almost stymied my vocational momentum. The professor, a genuinely keen and knowledgeable fellow, spent much time on the most important family of network protocols that we aspiring careerists workers would ever need to know: OSI (Open Systems Interconnect – the “seven layer chocolate cake”). One day, we briefly touched on an inelegant and accidental legacy protocol called TCP/IP. TCP/IP was practically dead. OSI was destined to eclipse and then replace it in the very near future. The experts had agreed: TCP/IP was insufficiently chocolaty.
By 1993, TCP/IP was clearly gripped in death throes. Over the next 10 years it grew by about 13,000%. Along the way, people figured out how to implement the more useful and attractive OSI concepts on top of TCP/IP. There are several other ways to measure the growth of the Internet, but the general consensus is that an upward trend is clearly visible. Meanwhile, OSI became a steakhouse.
A couple of years later, as TCP/IP’s health continued its precipitous non-deterioration, another technology conflict loomed large. The world’s microprocessor manufacturers had chosen sides in the great RISC vs. CISC architecture war. Apple and Motorola (new, small, simple, cheap RISC) had taken on Intel (traditional, big, complex, expensive CISC). IBM had a toe in both bathtubs. Billions of dollars and the future of life as we know it was at stake. One of these technologies would die; the other would rule the chip world. Analyst reports were written. Bar bets were made. I considered buying stock.
Do you remember who won? Most people don’t - it wasn’t much of a bang. Basically, both sides took good ideas from the other and successive generations of chips blurred the distinction until RISC/CISC wasn’t an interesting way for CPU engineers to talk about chip design anymore. Sometime later, the experts stopped talking as well.
The modern-day moral equivalent are digital certificates and Public Key Infrastructure (PKI). Over the past few years, fortunes have been made and lost (mostly lost) in the PKI markets and experts are sharply divided about the health of the industry. On the one hand, many of the hardest problems associated with PKI are being cleanly solved by persistent and/or innovative vendors. On the other hand, historically common failures have left many IT organizations with a bad taste in their mouths and user adoption continues to lag. Once, PKI was hyped as an almost magical solution to almost every IT problem. Then reality set in.
The good news is that the PKI debate is quickly fading away as customers stop focusing on technology and start focusing on specific applications. When Verisign’s certificate infrastructure went down for a day last month due to an unexpected validation problem, many people suddenly realized how surprisingly common digital certificates had become. Numerous web browsers, Java applications, antivirus packages, VPNs and document systems slowed to a crawl or stopped working entirely. The problem was resolved fairly quickly, but any illusions that digital certificates were exotic or uncommon were quickly dispelled. As strong security and authentication become increasingly important over the next few years, more and more applications will quietly incorporate digital certificates and PKI concepts into their core functionality. Combined with the best ideas of more traditional security approaches and large scale programs that are currently issuing millions of certificates to individual users (like the U.S. military’s Common Access Card), these applications will deliver significant security and convenience improvements to many everyday computing tasks. The days of buying specific security technologies (like PKI or symmetric keys or passwords or secure tokens) are mostly over. The days of buying secure applications are here today. Let’s put this debate behind us and start building real solutions for real security requirements. Or, um, wait for me to do it first.
I also hear that there may be a decisive winner in the Push/Pull content wars sometime soon. Call your broker!
February 16, 2004 | Permalink | Comments (3)
Coolest space mission that nobody remembers
Slashdot has a story today that jogged my memory. In 1970, the Russians landed a remote controlled rover called “Lunakhod 1” on the moon and drove it around for almost a year. It looked like a set of tractor wheels mounted on an old washtub - which is probably a reasonable guess about it’s actual method of construction. The name literally means, “moonwalker”, so while the Soviets did get an early lead on NASA in unmanned ambulatory space droids, they also planted the seeds of popular western culture which would eventually lead to the downfall of communism. Blowback.
February 11, 2004 | Permalink | Comments (2)
