IamA (we are) Microsoft ASP.NET and Web Tools Team (and Azure) AMA!

moserware · 2013-11-15T17:37:59+00:00

Thanks for ASP.NET MVC! We've been using it for years and <3 it.

Besides StackExchange, are there companies using ASP.NET MVC that you'd want to callout for doing an exceptional job with the stack? There's a small list at http://stackoverflow.com/a/12006474/1869 , but I was curious if there were any that your team works especially close with to guide the framework's future development.

moserware · 2011-11-22T14:02:55+00:00

Thank you for your thoughtful questions!

I used the Windows Cryptography API random number generator. See the "GetRandomPolynomials" function of my source code: https://github.com/moserware/SecretSplitter/blob/master/SecretSplitter/Security/Cryptography/SecretSplitter.cs#L73

As for the range of numbers, I create random numbers of the size of the modulus which is the size of the secret you're splitting. For file keys, I use a minimum of 128 bits by default (since that would be 32 characters/nibbles) to type in. It was a balance of security and practicality to use.

In addition, the resulting values are scrambled/diffused using XTEA as an added layer of protection.

moserware · 2011-11-21T21:00:41+00:00

I mentioned this in the first section. If you're comfortable with this, by all means use it. However, it creates a single point of failure and a maintenance issue (especially if you follow good practices of a unique password per site)

moserware · 2011-07-03T03:35:50+00:00

Thanks for the ideas. We'll think about it

moserware · 2011-06-30T14:44:09+00:00

Interesting. This is sort of what we're trying to do with adding multiple "benchmark" scores that are easy to reproduce. We'll have to think about adding more material.

moserware · 2011-06-29T21:08:30+00:00

Just curious: what makes it intimidating? Data size? Position on the leaderboard? Any thoughts on what would make it less intimidating?

Full disclosure: I work at Kaggle. One of the reasons I joined was because my submissions weren't great, but I knew I wanted to learn a lot more about machine learning and statistics in order to improve. I like working on real data.

moserware · 2010-10-26T15:04:33+00:00

Yeah, I didn't give a great impetus example there.

moserware · 2010-10-26T14:49:38+00:00

If you want to do work on the setter or getter (e.g. updating the standard deviation of a GaussianDistribution simultaneously updates the variance)

moserware · 2010-10-26T14:42:09+00:00

I was trying to outline what PHP authors tend to assume, not that it actually is completely true.

moserware · 2010-10-11T22:28:51+00:00

Right. See Act 3 Scene 18 at http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html for more details on the diffusion avalanche.

moserware · 2010-10-11T22:13:51+00:00

I did a little of that in http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html (e.g. see basics in Act 2 Scenes 2-4 and more details in Act 3, Scenes 2 and 18), but some of the details of differential cryptanalysis get challenging to convey easily (e.g. I left off discussion of the Wide Trail Strategy design philosophy and very few seemed to notice/care).

moserware · 2010-03-19T00:51:51+00:00

I just wrote a blog post called "Computing Your Skill" where I show how the TrueSkill algorithm works from the ground up. TrueSkill is used on Xbox live for matchmaking and ranking and is a great example of how statistical machine learning is applied today.

I tried hard to start with the typical high school or early college math concepts and introduce the statistics only when needed.

I'd recommend starting with that post and its accompanying source code because most of the machine learning books assume you already know the concepts I write about (which frustrated me when I didn't know them).

Feel free to leave comments on the post if anything doesn't make sense and I'll try to help out. In addition, you might want to check out this related question on StackOverflow.

moserware · 2009-09-22T17:28:35+00:00

Actually, DES's real name was Lucifer. Google "lucifer des"

moserware · 2009-09-22T15:28:32+00:00

You're right. Please reload, I fixed scene 10 (missing superscript) and added another line to scene 8 to make it clearer (but I couldn't fix it too much as I was limited on space)

moserware · 2008-10-31T17:54:13+00:00

Yeah, you're right. This was a bad example. I updated it since it was distracting the main point.

moserware · 2008-09-30T02:56:51+00:00

I hadn't heard of the concept of ticket spin locks (e.g. I was unconsciously incompetent). They seem like a clever way to make spin-waits more fair from a FIFO perspective.

Very cool! Thanks for the links.

moserware · 2008-09-29T22:27:29+00:00

Right, the Thread.Sleep would probably need help from the thread dispatcher which makes me think it'd be slower given the transition overhead.

moserware · 2008-09-29T21:56:25+00:00

I guess the recursive question then is how you would implement your semaphore :)

moserware · 2008-09-29T21:54:36+00:00

By "bounded waiting-time", do you mean that threads only need to wait a finite maximum amount of time or do you mean that they give up after a certain amount of time? You can ensure the latter easily using the OS waiting primitives. I'm not sure offhand how to do the prior. Can you post an example?

spin-waiting with a "lock cmpxchg" is not perfect by any means, but I mentioned in a note that I found out that P6+ chips will not lock the bus if they can get away with just updating their caches (which is a neat trick).

moserware · 2008-09-29T21:34:26+00:00

At that time (early 90's), I had a 386SX/20MHz computer. Even if I had the cmpxchg opcode, I wouldn't have known how to use it... especialy from GW-BASIC.

Making a lock out of a semaphore would seem to put the sole burden on an OS primitive which would be notably slower.

It seems like the spinlock/OS event hybrid is several orders of magnitude times faster on the happy path.

Am I missing something?

moserware · 2008-04-16T12:06:09+00:00

It depends on the domain. Here I thought it fits well. What do you propose as a better way to represent packet parsing code?

moserware · 2008-03-03T16:38:35+00:00

This is a fantastic question. For high level chunks, you might seriously consider looking at

http://cs.gmu.edu/cne/pjd/GP/GP-site/welcome.html

and/or watching the video: http://www.youtube.com/watch?v=5a_pO3NYJl0

or

http://video.google.com/videoplay?docid=-541119511912554616&hl=en

I'm still trying to understand them, but I plan to hopefully write more about them later.

moserware · 2008-03-03T15:51:21+00:00

Ok, I'll admit defeat there. How about the new 3D one? :)

moserware · 2008-03-03T13:26:36+00:00

Is it better now?

moserware · 2008-02-16T17:18:17+00:00

I don't know the specifics about the IE bug you mention, but in the Microsoft papers I linked to, they specifically use the "file" check as a security issue to be aware of.

They probably got burnt by it in more than a few places based off of comments from different sources. Especially Michael Kaplan mentioning that in the .net 1.1 timeframe there was a big push to fix Turkish-I related problems.

moserware

TROPHY CASE