Authentium spoke to Craig via phone last week

Craig Newmark, the fellow who co-owns (along with eBay) Craig’s List, posted an entry on his blog saying Authentium won’t talk to him about the problem his web site had with Authentium’s firewall. Here’s the Authentium response

Re Craig’s post today, in which he says – “I wanted to give the Authentium folks to today to respond; that didn’t happen, and I guess we’ve waited long enough.”

This isn’t accurate. Three business days ago (i.e. last week), Ray Dickenson, our head of products, initiated a phone call to Craig – at his offices – and spoke with Craig directly. During that call, Ray shared with Craig the following information:

1. The technical issue caused by the conflict between Craigslist servers and the Authentium firewall is fully resolved, and was resolved back in March. The beta fix was made available to all customers at that time. It was made available through their support organizations to every subscriber requesting it. This is normal procedure for our beta software releases.

2. In terms of our responsiveness, Authentium reacted immediately upon hearing about the issue by calling Craig. Upon understanding the issue, we acted immediately to resolve it. We posted a fix within days of its emergence in February. The fix has been available ever since.

3. Regarding release dates, this fix involved rewriting of a core system-level component. Our process for releasing these kind of components is very strict – the final version enters GA only after the completion of several cycles of QA testing on the next full version release of our security suite, and beta release testing. This practice is followed by most, if not all, system-level software developers.

As I’ve said before in other posts, we have no ax to grind here – this isn’t a story about net neutrality – it is basically a story about different approaches to handling data.

For more on the technical details of this, please browse to the Craigslist link at www.authentium.com/support/ or contact your Authentium service provider partner support center.

Thank you,

John Sharp
Founder & CEO
Authentium

Once again, Craig Newmark has been caught lying without a clue.

Here’s Dave Utter’s account of the story, and here’s Authentiums’s customer advisory.

Authentium and Cox should sue Craig Newmark for libel and slander.

My prior story is here.

For more info, see George Ou’s dissection of the Craig’s List misconfiguration, Matt Sherman, and James Lippard.

UPDATE: See Jim Lippard’s wrap-up, and TLF’s belated commentary.

FINAL UPDATE: Craig has issued a retraction. Apparently he didn’t know that his people were talking to Authentium all along. I know that’s hard to believe, but his company is a weird little enterprise.

6 thoughts on “Authentium spoke to Craig via phone last week”

  1. Based on the evidence, I’d say craig’s ethics and competence are a tad lower than those of most telco executives.

  2. Since you posted the answers without posting the questions, I’ll post them, along with the answers, so your readers can come to their own conclusions about how Authentium’s responsiveness:
    Craig’s questions appear in this typeface
    My interspersed comments appear in this typeface

    1. why did it take so long?

    The technical issue caused by the conflict between Craigslist servers and the Authentium firewall is fully resolved, and was resolved back in March. The beta fix was made available to all customers at that time. It was made available through their support organizations to every subscriber requesting it. This is normal procedure for our beta software releases.

    So is this new beta software being handed out to all new customers or is the flawed software still being shipped. Is there any method to advise customers that that they might want to run the beta? What does Cox recommend users run at this point—beta software or production software? Its not “fully resolved” until the end users are running working software
    2. why were my calls and emails unanswered?

    In terms of our responsiveness, Authentium reacted immediately upon hearing about the issue by calling Craig. Upon understanding the issue, we acted immediately to resolve it. We posted a fix within days of its emergence in February. The fix has been available ever since.

    So why were the emails unaswered? It appears as if they were difficult to contact when the problem first arose, finally placed a phone call after this issue hit the press. Nothing in this response directly addresses Craig’s direct question.
    3. how will this be fixed in the field?

    Regarding release dates, this fix involved rewriting of a core system-level component. Our process for releasing these kind of components is very strict – the final version enters GA only after the completion of several cycles of QA testing on the next full version release of our security suite, and beta release testing. This practice is followed by most, if not all, system-level software developers.

    Once again, absolutely nothing about how this fix will actually be rolled out. Will it be proactive, or will it just replace the sofware in the new user package and be suggested for any legacy users that complain?

  3. Let’s take an honest swipe:

    1. why did it take so long?

    It took a few days for Authentium to give Craig’s List the special treatment it demands, and Craig’s List is still sending out garbage.

    2. why were my calls and emails unanswered?

    They were answered, Craig lies about this.

    3. how will this be fixed in the field?

    How do you fix any end-to-end software bug in the field? You update all the affected computers, or you update Craig’s List’s computers. Craig is unwilling to fix his system, so the Authentium customers will have to update theirs; or quit using Craig’s List for hookups.

  4. 2. why were my calls and emails unanswered?

    They were answered, Craig lies about this.

    Don’t mean to sound tooo snarky, but if Craig’s email systems are even half as bad as his webhosting infrastructure, perhaps the email never made it to Authenium in the first place:)

  5. Craig Newmark is entirely responsible for the problem.

    TCP window size is a byte (not packet) based option. The default setting is normally 4k, with 64k or higher in common usage. Values of 0 to 2**30 (2 to the 30th power) are legal with zero being interpreted as a congestion induced “back pressure” indication. In practice the window size should be adjusted based on the number of streams per session and congestion/delay.

    There are two options as to the source of the problem:
    1. To achieve the window size values above 64k requires negotiation of a scaling factor. Misnegotiation of the scaling factor is possible if there is some REALLY legacy/off brand customer premise equipment at Craig’s List or the equipment defaults are badly misconfigured. Misnegotiation of the scaling factor could cause the observed problem.

    2. The other potential source of the problem is a site upgrade or site change as Craigs List. If level of competence of the system administrator of Craig’s list, who set up the server or some of the other customer premise equipment (routers/switches/firewalls), was too low to allow him to understand what he was doing when he set some of the default equipment parameters, problems would ensue. This is the “he actually set the window size to zero” scenario.

Comments are closed.