The Bane impression is priceless.
posted by The Michael The at 6:51 PM on May 13, 2014 [1 favorite]

As a Microsoft employee, I'm always happy when Microsoft Research produces something of value. Also, I will MapReduce your heart.
posted by Slothrup at 7:47 PM on May 13, 2014

Very very amusing.

Also devoid of content (I'm only 20 minutes in though, maybe he packs all the content at the end). Love a good rant though.
posted by el io at 8:37 PM on May 13, 2014

I do like the Mossad/Non-Mossad threat model. I'm going to start framing security discussions at work with that.
posted by qxntpqbbbqxl at 12:05 AM on May 14, 2014

He elaborates on his threat model in this paper. Bottom line: if Mossad wants your data, you're fucked anyway. Otherwise, good passwords go a long way.
posted by Herr Fahrstuhl at 12:50 AM on May 14, 2014

DUDE OVERFLOW DETECTED
posted by Ivan Fyodorovich at 1:34 AM on May 14, 2014

When he gets to the bit about how "of course" the NSA was monitoring everyone, he seemed to me to be ignorant of the actual history of that organization, and how it changed radically after 2001. It didn't start spying on everyone spontaneously - it was a policy decision.
posted by thelonius at 2:43 AM on May 14, 2014 [1 favorite]

When none of the available operating system choicese can enforce a Bell LaPadula model, it's silly to think that anything can secure a system that is attached to the internet.

Any determined attacker can get your stuff if your operating system can't be trusted.

The "Not Mossad / Mossad" threat matrix is a false choice, at least for the next 10 years.
posted by MikeWarot at 12:51 PM on May 14, 2014

"The 'Not Mossad / Mossad' threat matrix is a false choice, at least for the next 10 years."

I don't see that. He's making a very general point; one that's just as applicable to home security.

Very nearly all security threats (computer or with our homes and belongings) are in one of two categories: casual or expert. The casual threats are sufficiently repulsed by quite minimal security efforts, such as using passwords other than your pet's name and locking your doors. The expert threats are not going to be defeated by even much more elaborate security measures, they're going to get in, anyway.

In his lecture, as well as that article from a few months ago, he talks about the various threats which are quite serious, but which cannot be ameliorated by more elaborate security measures. The most obvious is that the vast majority of computer security threats are those targeted at very poor security. Bad passwords or, as he mentions, social engineering of one sort or another. And then his point about the NSA, and which applies much more generally, is that for very expert and determined threats, your security is only as strong as your weakest link. And we have absolutely no clue about either the integrity or hardness of all the links in the chains from end-to-end.

The NSA has subverted hardware manufacturers. They tap into transatlantic cables. With specific targets, they've developed a plethora of methods to get what they want.

But this is true to a lesser extent about any and every very expert and serious threat. They only need to find their way in somewhere, and they can, if they've not already found it.

He's using humor and hyperbole to make his point and his exaggeration shouldn't be seen as weakening that basic argument. The fact of the matter is that there is little benefit in securing against the edge cases when most people can't be bothered to lock their doors and the mafia owns the lock company, built your house, and installed your safe.
posted by Ivan Fyodorovich at 2:02 PM on May 14, 2014

Worth it for "Your reads and writes should be free to chose their own destinies" and "say word count one more time" alone.
posted by zoo at 11:22 PM on May 14, 2014