Wanna see a magic trick?
August 18, 2018 8:34 AM Subscribe
Harvard's James Mickens (previously) recently gave the keynote address at the 27th USENIX Security Symposium. The title? Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible?
A: Because Keynote Speakers Make Bad Life Decisions and Are Poor Role Models
Abstract:
Some people enter the technology industry to build newer, more exciting kinds of technology as quickly as possible. My keynote will savage these people and will burn important professional bridges, likely forcing me to join a monastery or another penance-focused organization. In my keynote, I will explain why the proliferation of ubiquitous technology is good in the same sense that ubiquitous Venus weather would be good, i.e., not good at all. Using case studies involving machine learning and other hastily-executed figments of Silicon Valley’s imagination, I will explain why computer security (and larger notions of ethical computing) are difficult to achieve if developers insist on literally not questioning anything that they do since even brief introspection would reduce the frequency of git commits. At some point, my microphone will be cut off, possibly by hotel management, but possibly by myself, because microphones are technology and we need to reclaim the stark purity that emerges from amplifying our voices using rams’ horns and sheets of papyrus rolled into cone shapes. I will explain why papyrus cones are not vulnerable to buffer overflow attacks, and then I will conclude by observing that my new start-up papyr.us is looking for talented full-stack developers who are comfortable executing computational tasks on an abacus or several nearby sticks.
Abstract:
Some people enter the technology industry to build newer, more exciting kinds of technology as quickly as possible. My keynote will savage these people and will burn important professional bridges, likely forcing me to join a monastery or another penance-focused organization. In my keynote, I will explain why the proliferation of ubiquitous technology is good in the same sense that ubiquitous Venus weather would be good, i.e., not good at all. Using case studies involving machine learning and other hastily-executed figments of Silicon Valley’s imagination, I will explain why computer security (and larger notions of ethical computing) are difficult to achieve if developers insist on literally not questioning anything that they do since even brief introspection would reduce the frequency of git commits. At some point, my microphone will be cut off, possibly by hotel management, but possibly by myself, because microphones are technology and we need to reclaim the stark purity that emerges from amplifying our voices using rams’ horns and sheets of papyrus rolled into cone shapes. I will explain why papyrus cones are not vulnerable to buffer overflow attacks, and then I will conclude by observing that my new start-up papyr.us is looking for talented full-stack developers who are comfortable executing computational tasks on an abacus or several nearby sticks.
I'm not sure why I spent an hour of my Saturday morning watching a USENIX keynote, but I enjoyed it.
posted by maryr at 9:38 AM on August 18, 2018 [4 favorites]
posted by maryr at 9:38 AM on August 18, 2018 [4 favorites]
I clearly ducked out before the best part of USENIX. D'oh. Mickens routinely not only has me screaming with laughter, he manages at the same time to make me feel understood as a woman in tech who has run out of fucks for both infosec paranoia (see his earlier piece about how you're not going to get Mossad'ed upon (pdf)) and for Silicon Valley gee-whizzery.
posted by gusandrews at 10:59 AM on August 18, 2018 [5 favorites]
posted by gusandrews at 10:59 AM on August 18, 2018 [5 favorites]
James Mickens will save us all. Or at least make us laugh while we all perish.
posted by edheil at 11:38 AM on August 18, 2018 [2 favorites]
posted by edheil at 11:38 AM on August 18, 2018 [2 favorites]
I really enjoyed watching this last night, and today I found a tweet thread by Mefi's own Sam Hughes elaborating on it.
Now, humans in positions of power make bad decisions too. So a perfectly reasonable question is, why is replacing a human decision-maker with a machine decision-maker bad? [...]
Humans build the training data sets. Humans pick which data sets to use in the training. Humans implement the training algorithms. Humans decide *when* the machine is adequately trained. Humans install the machine. Humans decide whether to honour the machine's decisions [...] So what happens if any of the humans listed below is an attacker? And the system they're attacking is the very important real-world system which they are all nominally working together to automate? The criminal justice system or the healthcare system?
posted by teraflop at 11:44 AM on August 18, 2018 [6 favorites]
Now, humans in positions of power make bad decisions too. So a perfectly reasonable question is, why is replacing a human decision-maker with a machine decision-maker bad? [...]
Humans build the training data sets. Humans pick which data sets to use in the training. Humans implement the training algorithms. Humans decide *when* the machine is adequately trained. Humans install the machine. Humans decide whether to honour the machine's decisions [...] So what happens if any of the humans listed below is an attacker? And the system they're attacking is the very important real-world system which they are all nominally working together to automate? The criminal justice system or the healthcare system?
posted by teraflop at 11:44 AM on August 18, 2018 [6 favorites]
The Night Watch: "I HAVE NO TOOLS BECAUSE I’VE DESTROYED MY TOOLS WITH MY TOOLS."
I need to figure out how to subscribe to James Mickens' work, because everything he does is delightful and I cannot brook any delay.
posted by Pronoiac at 12:46 PM on August 18, 2018 [5 favorites]
I need to figure out how to subscribe to James Mickens' work, because everything he does is delightful and I cannot brook any delay.
posted by Pronoiac at 12:46 PM on August 18, 2018 [5 favorites]
That was great, the bit at 11:50 especially cracked me up.
posted by lucidium at 1:22 PM on August 18, 2018
posted by lucidium at 1:22 PM on August 18, 2018
He is very funny and the talk is enjoyable, but the substance and coherence of the talk itself could be better. Like... why have that lecture in "Gradient Descent" in there? It's not followed up. OK, we don't know how to set the meta-parameters for gradient descent exactly, but how is that connected to the racial bias emergent in the prison system? And why the total change of topic to IoT security for the last 15 minutes?
The comedy is great, and maybe he is just doing his best bits, but the substance of the talk doesn't quite tie together in the end.
posted by yoz420 at 2:26 PM on August 18, 2018
The comedy is great, and maybe he is just doing his best bits, but the substance of the talk doesn't quite tie together in the end.
posted by yoz420 at 2:26 PM on August 18, 2018
The Peter Thiel Encourages You To Drop Out Of College Start-Up Fellowship Because Education Is Overrated And If Your Start-Up Fails, Don't Worry Because Peter Thiel Is Still Rich So The Story Has A Happy Ending. Fellowship.
I love how Mikens manages to debunk the whole drop-out-and-start-a-startup idea in one aside.
posted by suetanvil at 2:30 PM on August 18, 2018 [14 favorites]
I love how Mikens manages to debunk the whole drop-out-and-start-a-startup idea in one aside.
posted by suetanvil at 2:30 PM on August 18, 2018 [14 favorites]
Like... why have that lecture in "Gradient Descent" in there?
I think he’s making at least a couple of points:
1. A lot of people are creating startups based on a knowledge of AI that can be explained in a five minute mini-lecture, which is not great, especially when those startups are based on using AI to make serious decisions (eg bank loans) or handle a lot of personal information.
2. Understanding an AI algorithm does not mean you necessarily understand how the resulting model comes to its conclusions (“the weights are the weights”). But not understanding what the model is actually doing leaves you open to malicious inputs and bias.
posted by jedicus at 5:04 PM on August 18, 2018 [13 favorites]
I think he’s making at least a couple of points:
1. A lot of people are creating startups based on a knowledge of AI that can be explained in a five minute mini-lecture, which is not great, especially when those startups are based on using AI to make serious decisions (eg bank loans) or handle a lot of personal information.
2. Understanding an AI algorithm does not mean you necessarily understand how the resulting model comes to its conclusions (“the weights are the weights”). But not understanding what the model is actually doing leaves you open to malicious inputs and bias.
posted by jedicus at 5:04 PM on August 18, 2018 [13 favorites]
I will explain why papyrus cones are not vulnerable to buffer overflow attacks
I am skeptical. What if the attacker accelerates the papyrus cone to beyond the speed of sound?
Computer security is hard. I'm not even sure it's a good idea. Fear of "hackers" is the only thing that keeps a lot of people from giving Facebook their fingerprints and bank account numbers.
posted by sfenders at 5:50 PM on August 18, 2018 [2 favorites]
I am skeptical. What if the attacker accelerates the papyrus cone to beyond the speed of sound?
Computer security is hard. I'm not even sure it's a good idea. Fear of "hackers" is the only thing that keeps a lot of people from giving Facebook their fingerprints and bank account numbers.
posted by sfenders at 5:50 PM on August 18, 2018 [2 favorites]
Mmmmmmeh. ML as applied to edge network security is old-hat circa the Obama administration. As of 2018, network security is actively employing ML, through third party services who employ computer scientists who do indeed understand the math. We can and do judge these services by real-wold results.
Distributed ledger databases is where the new headache lies. (That and serverless cloud solutions, yeah, its serverless, but your required JS or PY libraries are out of date and compromised as all hell) Yes, there are solutions in place here, as well.
There is a thriving industry in skepticism, there is a thriving industry in telling gullible execs what the grunts already know and have lined up solutions for. Nice use of unlicensed pop-culture images, tho.
posted by Slap*Happy at 9:18 PM on August 18, 2018 [4 favorites]
Distributed ledger databases is where the new headache lies. (That and serverless cloud solutions, yeah, its serverless, but your required JS or PY libraries are out of date and compromised as all hell) Yes, there are solutions in place here, as well.
There is a thriving industry in skepticism, there is a thriving industry in telling gullible execs what the grunts already know and have lined up solutions for. Nice use of unlicensed pop-culture images, tho.
posted by Slap*Happy at 9:18 PM on August 18, 2018 [4 favorites]
That was amazing. Especially liked the concept of "Technological Manifest Destiny".
posted by molecicco at 10:48 PM on August 25, 2018
posted by molecicco at 10:48 PM on August 25, 2018
« Older Lick the Rock! Lick it! | Are You Now Or Have You Ever Been A Member Of The... Newer »
This thread has been archived and is closed to new comments
posted by fencerjimmy at 9:24 AM on August 18, 2018 [8 favorites]