Not Even Close - The State of Computer Security
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 163 | |
| Author | ||
| License | CC Attribution - NonCommercial - ShareAlike 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this | |
| Identifiers | 10.5446/49832 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
NDC Oslo 2015119 / 163
6
13
16
17
18
19
20
21
22
25
28
29
30
31
40
41
44
45
49
51
52
53
54
55
57
58
60
61
71
74
75
76
78
84
85
91
92
93
94
95
96
98
99
100
105
106
107
112
115
116
117
118
122
123
124
125
127
128
129
130
131
132
133
135
136
142
144
150
151
153
155
156
157
159
160
00:00
Information securityComputerState of matterSlide ruleInformation securityMoment (mathematics)ComputerThumbnailState of matterComputer animation
00:46
ComputerInformation securityComputerVideo gameInformation securityRight angleLine (geometry)Multiplication signHidden Markov modelGraph (mathematics)Cartesian coordinate systemComputer animationDrawing
02:12
Information securityInformation securityStrategy gameVideo gameDisk read-and-write headGame controllerMultiplication signReal numberMeeting/Interview
02:49
ComputerService (economics)Information securityBuildingOnline helpSocket-SchnittstelleComputer animation
03:18
Socket-SchnittstelleNormed vector spaceMatrix (mathematics)Socket-SchnittstelleComplex (psychology)Virtual machineRoboticsSeries (mathematics)Network socketRight anglePerspective (visual)Information securityMembrane keyboardComputer animationLecture/ConferenceMeeting/Interview
03:47
Socket-SchnittstelleInternetworkingBoom (sailing)SoftwareInteractive televisionType theoryTwitterRight angleOffice suiteIP addressComputer scienceAddress spacePhysical systemNumberHill differential equationIdentity managementInternet der DingeKälteerzeugungSurfaceMembrane keyboardConnected spacePoint (geometry)Maxima and minimaDisk read-and-write headComputerInternetworkingComputer animation
06:34
InternetworkingAddress spaceSmartphoneMultiplication signSingle-precision floating-point formatHacker (term)WebdesignVermaschtes NetzIP addressLocal ringInternet der DingeRight angleTwitterWireless LANInformationKernel (computing)PlastikkarteSoftware testingFront and back endsDebuggerReal numberVideo gameComputer animationMeeting/Interview
08:35
Address spaceFirmwareReverse engineeringInternetworkingSocket-SchnittstelleSoftwareWireless LANMathematical analysisMembrane keyboardReverse engineeringVulnerability (computing)Form (programming)Connected spaceKey (cryptography)Multiplication signNumberCommunications protocolRight angleGoodness of fitVermaschtes NetzFirmwarePasswordInternet der DingeInternetworkingSmartphonePlastikkarteType theoryTablet computerLocal ringInstance (computer science)1 (number)Polygon meshEncryptionComputer animationPanel painting
10:53
Key (cryptography)CryptographyPasswordLaptopWritingUniverse (mathematics)ComputerInformation securityKälteerzeugung2 (number)Key (cryptography)Functional (mathematics)Video gameFactory (trading post)Parameter (computer programming)Universe (mathematics)Boss CorporationCryptographyMathematicsIntegerCodeCalculationHacker (term)Point (geometry)EncryptionOnline helpException handlingPublic-key cryptographyLaptopPasswordRight anglePointer (computer programming)Electronic mailing listContext awarenessType theoryProcess (computing)Data miningComputer clusterComputer animation
14:05
Physical systemCryptographyPlot (narrative)InfinityObject (grammar)PurchasingPrice indexStandard deviationDisk read-and-write headCryptographyOperator (mathematics)Right angleMereologyPhysical systemLine (geometry)Multiplication signCartesian coordinate systemFunction (mathematics)Standard deviationObject (grammar)PurchasingDependent and independent variablesGraph (mathematics)Goodness of fitSinc functionDrop (liquid)Combinational logicPlotterInternetworkingBitSpiralTotal S.A.NumberGroup actionDifferent (Kate Ryan album)Numbering schemeSet (mathematics)Solvable groupComputer clusterData recoveryFeedbackPoint (geometry)Airy function2 (number)Computer animation
18:31
CryptographyDigital rights managementMathematical optimizationCopyright infringementHypermediaMultiplication signInformation securityTerm (mathematics)FreewareContent (media)Type theorySearch engine (computing)Key (cryptography)Right angleCommunications protocolComputer animation
19:24
CryptographyComputerControl flowCryptographyMathematical analysisMathematicianDigital rights managementInternetworkingVideo gameType theoryComputer animation
20:22
ComputerInformation securityDigital photographyPhysical lawSmartphoneRight angleMoment (mathematics)Computer animation
21:06
DemonSmartphoneCombinational logicDemonMultiplication signPhysical lawDemoscene
21:41
VotingCopyright infringementGame theoryRepresentation (politics)Series (mathematics)PlanningWordSmartphone1 (number)Point (geometry)Physical lawVotingHidden Markov modelMeeting/Interview
22:38
Declarative programmingComputerIndependence (probability theory)Information securityFacebookHypermediaVideo gameException handlingMultiplication signGoodness of fitSystem callComputer animation
23:22
VolumeDynamic random-access memoryHypermediaMultiplication signProduct (business)InformationFacebookSource codeComputer animation
23:54
ComputerInformation securityCuboidFundamental theorem of algebraIP addressEstimatorPlanningPhysical systemRight angleComputer animationMeeting/Interview
24:54
TouchscreenMusical ensemblePlanningRight angleDemosceneComputer animation
25:30
WebsiteDigital photographyLevel (video gaming)ComputerComputer animation
26:26
SicDisk read-and-write headType theoryDemonMeeting/Interview
26:53
Plane (geometry)Combinational logicVideo gameFitness functionWordReal numberDifferent (Kate Ryan album)RoboticsDimensional analysisPlanningData storage deviceComputer animationMeeting/Interview
28:18
ComputerState of matterInformation securityMultiplication signComputer animation
Transcript: English(auto-generated)
00:09
Good? All right, so everybody can see the slides now? Let me just tell you, that is the most horrifying moment as a speaker to ask people, can you see the slides,
00:20
and just to see a sea of thumbs down and no and go back to America. Well, guess what? Americans don't run, OK? So welcome to my talk. So hello, my name is James. And today, I'm going to talk to you about the sad state of computer security. I'm going to describe why the security community has failed in the past. I'm going to describe why the security community is failing right now.
00:41
I'm going to describe why the security community will fail in the future. There will be a symphony of failure. Every song will be a sad one. Children will be crying. Old people will wish that they were dead. Middle-aged people will be killing the old people. Nobody will survive. The only good news is that tonight is Thursday, which means that it's almost Friday.
01:00
But unfortunately, Friday is going to suck too. It never gets better. As shown by this graph, life only gets worse. Time is on the x-axis. Worseness is on the y-axis. That line is going up and to the right, ladies and gentlemen. So let's talk about computer security. Hi there, yeah. I'd like to talk about computer security.
01:21
Here is the biggest challenge with computer security. It's actually pretty fun to be a criminal. I'm not saying that you should be a criminal, but I am saying that you would be happier if you were a criminal. I mean, think about your life right now. Sometimes you sit around and you feel bad that you don't have things that your friend Todd has.
01:41
But if you're a criminal, you can just take that stuff from Todd, and it will feel great because you will have something that Todd does not have. And then Todd will sit around, and he'll have less than he had before. So you can feel double better than Todd. So I guess what I'm saying is that crime is actually a pretty good way to improve your life. So if there are any young people listening in the audience,
02:01
I hope you've written that life lesson down. Now, of course, we are members of the security community, and we'd like to think that we are better than the common criminal. Now, this is the way we think that we do security. We're fighting the bad guy. We've got all these advanced strategies in our head, and sometimes we go on the offensive, and sometimes we focus on defense.
02:21
But we feel like we're in control at all times. So this is the way that we imagine that life works. But of course, real world security looks something like this. We are constantly getting choked out by the bad guys. The best that we can do is protect maybe 4% of our data before we give in to the sweet release of death.
02:42
That's the security world that we live in today, and I'm going to describe this horrifying world in some more detail. So in particular, I'm going to provide three reasons why computer security is getting worse and probably won't improve ever. Basically, I'll explain why most of our hard work is immediately useless.
03:01
We finish that work, and then immediately it cannot help anyone whatsoever on this planet. Now, after I conclude this talk, I will then leave the building. I will not provide you with psychological counseling services because I'm a jerk. So here's one big challenge in computer security. There are too many sockets. So Trinity from the Matrix wants
03:21
to open up a socket to the robot world and destroy it from the inside. Jack Bauer from the hit TV series 24 wants to open a socket to the terrorist machines so we can find them and yell things like, who do you work for, but he doesn't want to yell things like, why are all of you villains overly simplistic stereotypes that don't reflect the true complexities of the world on terror, right? Sockets.
03:40
There are too many sockets out there. We need fewer sockets, and the reason is that from the security perspective, sockets are like the mucus membranes on an animal, OK? They're the places where that animal is weak. You can't totally get rid of them, but the fewer the better. So let me give you an example. So here's the animal that I want to create, OK? So it's got the head of a dude, but it's got antlers
04:02
so it can attack things, and it's got goat legs so it can climb up on hills and it can trample its enemies and do all kinds of fun things. So that's a pretty cool animal, but as currently designed, this animal has no input-output ports, right? So it can't interact with the world. OK, fine. So I'm going to give this animal a mouth, boom. Now it can go eat things.
04:20
It can go to the dentist. It's amazing, right? But how is it going to find the dentist's office? OK, you got me. I'm going to give my animal some eyes, OK? Now my animal can see stuff, and it can react to jaguars, and it can look at stupid pictures on Twitter, right? OK, fine. Now of course the animal has to take care of some other animal business, so we give it one more input-output port,
04:41
but now we're done, right? This animal can do everything that it needs to do, and it has a minimal threat surface. Now let's say somebody comes up and they have the flu, right? That person can cough all over my animal's back, but hey, no mucous membranes there. OK, my animal's going to be fine, right? Now look, someone else might show up and cough
05:01
all over my animal's neck. You sick pervert, is that how you get your kicks, right? But guess what, my animal's not going to get sick. There's no mucous membranes on that neck, OK? Now heaven forbid some jerk might show up and cough directly in my animal's eyes. That's the kind of world we live in, OK? Yeah, my animal might get sick, but hey, I've defended two out of three attacks,
05:23
that's not bad, right? So here's the point, the world hates you, OK? This baby looks cute, right? There are eight people in this room who want to steal that baby's identity and use it to buy cheap whiskey and fireworks, OK? Look around you, eight people, they look just like you and me, but they hate babies and they love identity theft, OK?
05:41
So the moral of the story is that if you love a thing, let that thing talk to the world as little as possible because the world wants to cough in its eye. Now as computer scientists, we need to be suspicious of things, right? So when we design systems, we should really constrain the number and types of network connections that our systems can make.
06:02
Internet of things, oh no, right? So if you believe in the internet of things, which by the way, you should not, then you're excited about a future in which my thermostat has an IP address and my refrigerator has an IP address and all of my babushka dolls have IP addresses so I can ping each one and retrieve an XML document
06:21
that describes all the fun ways that my babushka dolls are stacked up against each other, like they're on a Tokyo subway, OK? Now did you just hear what I just said? Russian dolls on a Tokyo subway? Listen to how multicultural that sounds. Hashtag diversity, OK? I support it, right? Now by the way, do you recognize these people?
06:41
These are the same six people who are on every single tech company's website. Even though when you actually visit the company, you can never find the brown or the female people from this picture, right? Why is that? Where could these people be? Well today, I make a promise. We will find you, senior tester Ricardo Gutierrez.
07:01
We will find you, front end web designer Angie Tambourlin. We will find you, Colonel Hacker, Amy, Daria, Apsan, Humdere. I hope that everyone in the crowd will show your support for this mission by using the hashtag, we will locate the missing brown and female diversity people who are having a great time on tech company websites but don't actually appear to work at the actual companies.
07:26
Thank you, thank you for your support of diversity. Now note that that entire hashtag is actually 146 characters long. So if you want to include additional information in your tweet, you will have negative six characters to do so. So choose those negative six characters very carefully.
07:43
It's what Ricardo Gutierrez would have wanted if we could actually find Ricardo Gutierrez. So anyways, we were discussing the internet of things and why it's a terrible idea. So let me give you a real life example of why the internet of things is probably going to destroy us all. So in the future, your light bulbs will have IP addresses.
08:03
Now this, of course, is deeply problematic. So for example, there was a popular brand of smart light bulb which could be configured using a smartphone. So your smartphone uses wifi to send a command to one light bulb and that light bulb forwards the command to other light bulbs using a local wireless mesh network.
08:20
So you can use Wireshark to analyze the traffic going over that mesh network. Now did you hear what I just said? You can use Wireshark to analyze the network traffic that's being exchanged by light bulbs. The end times are here, okay? Jesus is about to come back or maybe the Buddha or maybe Godzilla's about to come back
08:41
but somebody's coming back and they're not gonna be happy, okay? Because we all know that light bulbs should not be exchanging IP packets over wireless networks. But anyways, a Wireshark analysis reveals the light bulbs exchange the wifi password over the mesh network. The wifi password is the thing that your smartphone and your tablet and your other devices
09:02
use to access the wireless internet that's connected to the public internet, okay? So the light bulbs exchange that wifi password over that local mesh network. So you might think, hey, I could just snoop on that mesh network and steal the wifi password. However, the light bulbs exchange that wifi password in encrypted form, so there's no problem, right?
09:22
Well, you'd be wrong because you can reverse engineer the light bulbs firmware to find weaknesses in that light bulbs mesh protocol. What? Let that sink in for a minute, okay? Light bulbs have firmware, okay? Factoid number one. And you can reverse engineer that firmware.
09:43
Factoid number two. I wanna be shot in the face right now. Factoid number three, okay? This is deeply problematic. So once you do that reverse engineering, you'll discover that each instance of this light bulb, right, every single one that was made, basically had the same cryptographic key, the same AES key, baked into the firmware, right?
10:02
So that means that once you extract that key from the firmware once from any light bulb, you can then use it to decrypt the wifi password and then connect to the wifi using that stolen wifi credential, right? And this attack will work on any house that uses this type of smart light bulb. So remember how I said that network connections are like mucus membranes?
10:20
Well, here's what a regular house looks like. Here's your house on the internet of things, okay? That animal on the right is going to be born and die immediately, okay? It comes out of the womb. It says, oh my goodness, this world is amazing. Then it catches all the diseases and then it dies, okay? PETA won't even have time to make a sad advertisement
10:41
about how you should go to the pound and go adopt that kind of animal because you can't adopt an animal whose womb only produces nine-headed dead things, okay? That is your house on the internet of things. So you're excited about the internet of things. Well, then guess what? Your toaster is gonna be controlled by a Russian botnet. Your refrigerator is gonna belong to the Yakuza and your alarm clock's gonna belong
11:01
to some drunk soccer hooligans who learn how to code in between cheering for Manchester United. Cheers, mate, you're living in the future, okay? Now, the second big challenge with computer security is that basically cryptography is ridiculous. People somehow assume that my computer can just get some keys and then do some fun things
11:20
with those keys and then my data will be fine. However, the process of doing fun things with keys assumes that you've answered a bunch of prerequisite questions. So for example, who made this key I'm supposed to be doing fun things with? How do I trust the people who made the keys? Do the key makers have public keys? Who assigns public keys to the key makers? How do I retract keys?
11:40
Is there some type of list of bad keys? Who makes that list? What if the people who make that list are bad? But what if there's a mistake in that list and I wanna make a bad key be good again because it was never a bad key in the first place? And FYI, does any of this matter if my 2,048-bit keys are stored on a laptop whose password is password123? Does any of this fancy encryption help me
12:03
if the first thing that I do when I find a USB keychain on the ground is to stick that keychain in my computer because there might be something fun on that USB keychain, like Stuxnet perhaps? Maybe this is how the hackers are going to break my unbreakable encryption.
12:20
I don't know. Your guess is as good as mine. But my point is that it's actually pretty difficult to write secure code. So for example, suppose that I wanna write a function to calculate factorials. Okay, that's pretty easy. But then what happens if my boss comes up to me and says you need to make this factorial function secure? So now I have a cryptographic key. Where does that key go? Like literally where do I put that key in the code?
12:43
I guess I accept it as a parameter to factorial, but what do I do with it? I can't just call a do security method and be done with it. I have to do the security myself, right? I have to create a little universe where factorial can be safe and play with its friends and live a rich, fulfilling life. How am I gonna do that when I just have a key? I wanna be with my friends having a drink
13:02
and you keep asking me to manipulate this key. I don't feel very comfortable right now. I don't even understand how to initialize the key. Anyone who's done crypto knows that I have to initialize the key by invoking some weird function with a bunch of underscores and pointer arguments like RSA underscore 1024 underscore and knit underscore context underscore context.
13:22
That function has an argument that's a pointer to the universe. Where do I get a universe pointer? I am not Galactus. I just feel very uncomfortable in this situation. I think I'm just going to throw a security not supported exception and go home.
13:41
So just stop talking to me. I just really feel like being alone right now. So the point is that hopefully you can see that cryptography is not the silver bullet that people want it to be, right? The ability to do fancy things to big integers is not going to save the world. This is why when people come up to me and they say things like James,
14:02
Bitcoin is gonna change everything. I'm like, really? Yeah? You think that Bitcoin's gonna change everything? That's what you think? You're adorable, right? And of course you are deeply, deeply confused because Bitcoin has a ton of problems. So for example, Bitcoin's cryptographic operations are actually not as useful as a strong regulatory system
14:22
that's provided by a federal government. And the reason is that in and of itself, cryptography doesn't provide legally enforceable penalties for misbehavior, right? Okay, assume that I'm a bad guy and I wanna steal your Bitcoin wallet. Who's gonna punish me? Who are the Bitcoin police? Is it gonna be Ayn Rand? Well, she's dead, unfortunately, right?
14:41
Is it gonna be Reddit? No, because they're too busy making animated GIFs. I should know I'm part of the problem, not part of the solution. So who's left? Who's left to be the Bitcoin police? Maybe Poseidon could be the Bitcoin police. He can't even remember to wear pants, okay?
15:02
So I suppose that some ragtag group of internet vigilantes could form a posse and bring me to justice. But if your justice system and your currency scheme requires posse or Poseidon to work properly, you are probably in trouble. In fact, we already know that Bitcoin is in trouble. If you read the recent newspaper stories about Bitcoins,
15:22
then you'll see that your Bitcoins are either going to be stolen by a gangster, trapped inside an insolvent Bitcoin exchange, or used to fund an assassination plot in which you yourself are the target of the aforementioned assassination, right? These are the kinds of fun things that happen when you create a market that's totally unregulated by the government.
15:42
And there's this other problem with Bitcoins is that they are inherently deflationary, right? So the ultimate number of Bitcoins is finite. After a certain point, you won't be able to mine anymore. Now what this means is that as the Bitcoin economy grows, that is to say, as there are more objects which are denominated in Bitcoins, the prices for those objects have to fall. Now things are fine in the regime that I show up here
16:02
because both of these lines, that is to say, the number of Bitcoins and the number of Bitcoin denominated objects, both of these lines are growing at the same time. But once we get here, prices have to start falling because the average price of an object is the total number of Bitcoins divided by the total number of objects. Now you might be saying to yourself,
16:20
hey James, a little bit of deflation, it's no big deal. But did you know that even a little bit of deflation can lead to a cyclone of economic ruin? Did you know that the Great Depression was caused by such runaway deflation? Did you know that the evils of deflation have been known for decades so Bitcoin enthusiasts should know better? Allow me to explain why Bitcoin people
16:40
should read more books. And by the way, I fully expect to be shanked in the parking lot by Bitcoin enthusiasts after this talk because as we all know, they're not very humorful people. Oh well, this is the price you pay for being a messiah and a prophet like myself. So this regime up here is called the deflationary spiral. Okay, so what happens is that the prices drop
17:00
and that price drop encourages people to defer their purchases of goods since prices will always be cheaper tomorrow. Now the price drops also lead to lower profits for businesses which in turn leads to lower wages. Now this combination of lower wages and deferred purchasing behavior leads to less aggregate demand in the overall economy.
17:21
And this lack of demand leads to lower prices creating the deflationary feedback loop. So at the time of the Great Depression, many countries were actually using the gold standard. Now like Bitcoin, the gold standard is a deflationary currency system because the monetary supply can't be easily increased in response to economic distress. So what did these countries realize?
17:40
They realized that they needed to abandon their deflationary currency. Now what this graph up here shows is the economic output for a bunch of countries that were using the gold standard. The x-axis is time and the y-axis is the amount of economic activity. The line for each country becomes more brightly colored when that country abandoned the gold standard. Now what we see is that abandoning
18:01
the deflationary currency system led to faster economic recovery. So if you could travel back in time to the 1930s, here's what 1930s people would tell you. First of all, don't use Bitcoins. Second of all, keep your eyes on the Germans. I don't think they learned their lesson. Third, don't take cocaine to cure headaches
18:20
because cocaine brings you a different set of problems which are probably worse than the original set of headache problems that you had. Also don't use Bitcoins. So Bitcoin people represent this amazing intersection of non-empiricism and a completely unjustified sense of optimism. The only other people in the security community who are goofy like this are the people
18:41
who invent new DRM protocols, right? So every time someone creates a new media technology, the digital rights management people claim that cryptography can somehow prevent piracy. They claim that cryptography can prevent people from stealing content. But if that's true, why can I go to any bit-torn search engine
19:01
and type in any noun plus the term HD and immediately get access to terabytes, petabytes of free content in crystal clear 1080p, right? It's almost like it doesn't matter that my media devices have cryptographic keys. That's wacky. Let me tell you why cryptography
19:21
is much weaker than you think. When security researchers typically think about who's trying to break cryptography, they typically envision highly trained mathematicians who use computers and sophisticated analysis to break RSA and SHA and things like that. However, these aren't the people who are actively attacking things like DRM. You really need to worry about people like this guy, okay?
19:44
This guy put up flyers at his school for a Dungeons and Dragons club. Nobody showed up, okay? The internet told this guy that you couldn't catch all the Pokemon. He caught them all. Guess what? Nobody cared, okay? So this dude is gonna devote his entire life to breaking the copy protection
20:01
on Battlestar Galactica DVDs, okay? You can't defeat a person like this, okay? I don't care what type of cryptography you're using. This guy will not be denied. I mean, life will deny him the opportunity to experience real happiness, but at least he'll be able to watch Battlestar Galactica. So this is why DRM won't always fail us.
20:21
Now, the final thing that I wanna discuss today is the law and how it interacts with the computer security. Now, in particular, I want to discuss the Supreme Court in America. So in America, the Supreme Court ultimately determines how a lot of security law is interpreted. And that's a problem because the Supreme Court is largely made up of people who are worried that when you take a photograph
20:42
of someone, you steal that person's spirit, right? So my favorite legal moments are when a Supreme Court justice is confronted with a question about security law and the justice says, what would Thomas Jefferson do? What would Thomas Jefferson think about how the Constitution applies to smartphones?
21:01
Well, let me tell you what would happen if you showed a smartphone to Thomas Jefferson. First of all, he's gonna freak out because he's gonna look at the smartphone and think it's made from demons because Thomas Jefferson is from the 18th century. And then after he freaks out, he's gonna die of a combination heart attack, stroke. Same time, heart attack, stroke, heart attack, stroke.
21:22
That's how that scene's gonna go down. So let's not pretend that the founding fathers would somehow be masters of technology law if they were magically transported from the spirit world to the 21st century. I mean, look, the founding fathers had some very good ideas, but they also had some very bad ideas. They missed a few things.
21:41
So for example, rejecting the monarchy and allowing the public to choose elected representatives. That sounds like a great idea, but women can't vote. I think that you missed something, founding fathers. There may be a minor flaw in your plan there. It's like, hey, attacking the Barbary pirates. That's cool. Pirates should stop stealing our stuff. By the way, slavery's okay.
22:01
Maybe I should live with the pirates then. So let's play a little game that I call WWTJD. What would Thomas Jefferson do when confronted with this series of questions involving technology law? Well, for example, he might say that you need a warrant to search a smartphone.
22:21
And he'd also say that Native Americans don't own Mississippi, even though they were the first ones there, and the word Mississippi's actually a Native American word. Hmm, this is awkward. Maybe we should stop playing this game. This has become very bad for America. Moving right along. So my point is that the founding fathers have given us no direct wisdom
22:40
on the issue of computer security. And to make things worse, the judges in the American Supreme Court don't have a strong grasp of how people interact with technology. So for example, Justice Scalia was talking about Facebook one time, and he said, what kind of a narcissistic society is it that people want to put out there? This is my life, and this is what I did yesterday.
23:01
I mean, good grief. Doesn't that strike you as strange? I think it's strange. Well, you know what? It is strange, Justice Scalia. Social media is a newfangled contraption that was not mentioned in the Declaration of Independence even one time, right? Never in the history of mankind have people wanted to put their life out there in public,
23:21
except for cave paintings, woodcuts, phone calls, and handwritten letters, right? But other than that, also one-person theater productions. But other than that, also the autobiography of Mark Twain and books in general. But other than that, it's unprecedented, okay, for people to want to share information about their lives. It just didn't happen before 2004
23:42
when Facebook was founded. So think about that, young people, but just don't social media about that, because that's unnatural, and that's not what a dead Thomas Jefferson would want you to do with your spare time. So in conclusion, I hope that we now all understand that computer security is just a big, big mess, okay?
24:00
Fundamentally, none of us really know what we're doing. We don't know how to use electronic devices. We don't know how to protect electronic devices. And yet for some reason, we're giving IP addresses to light bulbs. This makes no sense. We're just messing everything up. People can't even use cameras correctly, okay? Even though there's a book inside the camera box
24:21
that's called how to use the camera that's inside this camera box, right? People still struggle to understand something as simple as a camera. But we can totally make operating systems secure. It should take maybe about a week, maybe eight days. That's like a maximum estimate. We can totally knock that out, right? Of course we can, right? So the fundamental problem with computer security, I think,
24:41
is that basically this world, it's too complex now. The world has essentially left us behind, but we don't realize that we've been left behind. Now I was reminded of this notion of being left behind on my plane ride from America to Norway. So I flew on Lufthansa, the German airline, and the plane had these TV screens
25:01
in the back of all the seats. So I was looking around for a movie to watch, and I found this one called The Scorpions, 50th anniversary tour. Now as many of you know, The Scorpions are a famous band that wrote songs like Rock You Like a Hurricane. So I plugged in my headphones. I started to watch this movie. Now at first the screen was dark, and then I heard the lead singer yell out,
25:21
hello, we are The Scorpions. And I was like, OK, I expected that the movie would then show me a scene like this, right? A picture of The Scorpions in their prime at the height of their powers, right? But this movie was about The Scorpions being around for 50 years, right? So instead of this, I actually saw something that looked like this.
25:41
Basically, a bunch of old German dudes running around in wheelchairs trying not to actively die on stage. And what was so funny slash tragic was that the singer was still yelling, we are The Scorpions, we will rock you, as the lead guitarist was actively decomposing on stage. It was quite difficult to watch.
26:02
And so I thought to myself, what's going to happen to me, James Mickens, in the future? Well, I failed to realize that the world has left me behind. So I went to this website. It's a real website called in20years.com. So the basic idea is that you upload a photo of yourself and then the website will edit the photo
26:20
to show what you'll look like in 20 years. So this is a real website. So I went to the site and I uploaded this photo. It's what I look like now. The website then told me that I will look like this in 20 years, OK? Apparently, my next 20 years are not going to go well for me. So my head appears to have transformed
26:40
into some type of angry potato demon, but whatever. So I tried to imagine what I would be saying at NDC Oslo in the year 2035. Hi there, welcome to NDC 2035. For some reason, I talk like The Scorpions in 2035. It's very weird.
27:00
Anyways, I want to talk to you about technology and why it sucks. Why is it that when I want to send a hologram of myself to my friend Gunther, that hologram looks nothing like me? I've never worn that outfit in my life. I look like a combination of a farmer and an elf. Elves aren't real. And there are no farmers in the future
27:20
turned by robots. Bring Gunther here. He will tell you the truth of this. It's very weird. I hate these holograms. I went to the store today. I bought a food pill that said it would taste like ice cream. That food pill tastes nothing like ice cream. Has that person ever even tasted real ice cream before? I don't think so. Bring Gunther here. He will know the truth of this.
27:43
I was flying to the moon today. I had to squeeze into a tiny seat. Why are all the moon plane chairs so tiny? I'm not the child. I cannot fit into a children's chair. Do I look like a children to you? Bring Gunther here. He knows my exact physical dimensions. These tiny chairs are madness. Note that when I say the word madness,
28:01
I'm saying madness, not my friend, Magnus. Can you hear the difference? Listen, Magnus. Magnus, did you hear it? Listen, Magnus. Magnus, it's very different. Bring Gunther here. He can hear it. I say in DC also 2035, bring Gunther here.
28:20
I will be here. Thank you for your time. Let's enjoy the party.