a trainwreck of a technical interview: skye cloud dns

Posted on by michael

@SimpleNomad threw down a doozy of a link today to a CNet interview with Jon Shalowitz, general manager of Skye, a new hosted DNS ‘cloud” division for Nominum, who talks about why his proprietary DNS cloud solution is better than what is currently used. This is an example of many things, including how some people will say anything to market their product. And a shining example of irresponsibility in putting crap like this into ears of other managers who may then bring up these “solutions.”

Freeware legacy DNS is the internet’s dirty little secret — and it’s not even little, it’s probably a big secret…Given all the nasty things that have happened this year, freeware is a recipe for problems, and it’s just going to get worse.

So, freeware (later he clarifies that he means “open source” when he says freeware) is the root of evil. Moving on…

Freeware is not akin to malware, but is opening up those customers to problems. So we’ve seen the majority of the world’s top ISPs migrating away from freeware to a solution that is carrier-grade, commercial-grade and secure.

So, freeware is not carrier-grade, commercial-grade, nor secure. This is a big jump in logic with nothing backing it up. And there is nothing inherent in a non-freeware solution that makes it carrier-grade, commercial-grade, or secure.

By virtue of something being open source, it has to be open to everybody to look into. I can’t keep secrets in there. But if I have a commercial-grade software product, then all of that is closed off, and so things are not visible to the hacker.

So, does this mean code review is bad, or improving security through obscurity is good? I’d ask that as a question as I don’t want to strawman the poor fellow, but none of this really demonstrates any understanding of development practices or security common sense. You shouldn’t be relying on keeping secrets. At least open source code with holes exposed has the chance to close those holes rather than keep them latently present for years.

Nominum software was written 100 percent from the ground up, and by having software with source code that is not open for everybody to look at, it is inherently more secure.

And how does anyone know your software is “inherently more secure” if no one can look at it? Because you can keep your little secrets hidden, the secrets of shoddy code?

I would respond to them by saying, just look at the facts over the past six months, at the number of vulnerabilities announced and the number of patches that had to made to Bind and freeware products. And Nominum has not had a single known vulnerability in its software.

Jon has used lame examples of security incidents this year to somehow prove his “statistics,” so I’d offer it right back that Microsoft and Apple and Adobe have closed source software but have been inundated with security issues all year and beyond. Oh, and a commentor linked to a disclosed vulnerability for Nominum software. Granted, it’s not this Skye “cloud” DNS solution, but I have a strong suspicion Skye is just the same products rebranded by marketing.

By delivering a cloud model that allows essentially any enterprise or any ISP to have the wherewithal to take advantage of a Nominum solution is like putting fluoride in the water.

An argument can be made about a homogenous environment being inherently less secure…I mean, if we’re talking about “inherent” assumptions.

You really do need to look under the hood and kick the tyres. Maybe it’s a Ferrari on the outside, but it could be an Austin Maxi on the inside. The software being run and the network itself are very critical. And that’s one point the customer really needs to be wary of.

Umm, exactly. People need to be able to look under the hood of the code. Oh, and saying something to the effect of, “If you care about security you’ll accept we’re right,” is not an argument. It’s typical marketing/sales-speakto confuse the dimwitted.

All in all, poor Jon has given us an example of how NOT to give a technical interview. By the way, if you dig a bit on him, you’ll see he is marketing and product management (more marketing), not technical. Especially when the interviewer makes a point of asking point blank if he means open source. That is an obvious giveaway that you’re doing something wrong and you need to stop and back up, not truck forward like an idiot.