Thursday, December 23, 2010

More Good Geekery

If you liked that talk by Marcus Ranum I posted yesterday, you might also enjoy a discussion he had with Dan Geer, in March of last year. I thought it was utterly fascinating.

No way to embed, so you'll just have to head over to Rear Guard Security, look for "#5: Interview with Dan Geer," and do that right-click, Save As thing on the .mp3 link right below that. (Or just do that r-c, SA thing here.)

Dan's name may be familiar to you, from a kerfuffle during the early Pleistocene era of the Internet: he co-authored a paper in 2003 describing the monoculture of Microsoft as a threat to national security and was fired the day it was published. Not to worry -- he has since about the day after been gainfully and happily employed, the company that fired him is gone, and later versions of Windows reflect enough acknowledgment of his critique that he can confidently claim victory. (When you hear him speak in the podcast, you'll realize how modest he is, which makes the claim all the more significant.)

Marcus and Dan start by talking about cloud computing and what that means for security. They then branch off into a more broad discussion of how we have moved from a problem of worrying about the network being secure to today, where our biggest headaches are due to our endpoints not being secure. (Spoiler alert: Microsoft-driven systems? Still not completely fixt.) They also discuss the problems that have obtained by the reality of today's state of the art, where it is more expensive to delete files than it is to store them. Dan then draws some fascinating analogies to biological systems (evolution of course, but also considerations of (1) inherent limits on size, and (2) parasites. Part of the conversation is even philosophical. There is a question raised at the end which I shall not spoil. Suffice it to say that I thought pffft, of course when I first heard it, but the more I think about it, the more I'm not so sure.

All this is to say that it's not overly technical, and you don't need special knowledge to follow the discussion. If you can use a computer and/or a smart phone, you won't get lost, and come to that, if you do use those things, I think you should care about the issues Dan and Marcus consider. Finger-wagging aside, it's highly recommended, just for the pleasure of it.

No comments: