In cyberspace, the old dictum "the best defense is a strong offense" does not hold. The best defense is a good defense. Cyberwar pundits who talk about pre-emption or retaliation are just hanging a sign around their neck that reads "I don't actually understand the internet, or warfare, or technology newer than WWII-era strategic bombing."
New Stuff
Hitler Learns about Cloud Computing
This was Gunnar's idea. Really. I swear. I just did the video editing and wrote a lot of the script. Update: Youtube may have taken this video down - but you can still see it here.
Feel free to host your own copy if you like, just please credit me and Gunnar appropriately.
Interview with Northwest Florida Arts Association We did this interview as an online chat, and it turned into a 3 hour long back-and forth. This version is edited down and decorated.
mjr@TEDx, Mid-Atlantic
When TED invited me to do a talk, I was in a bit of a panic. The initial request was that I do a talk about Department of Homeland Security, based on my rather unsuccessful book "The Myth of Homeland Security." I explained that if TED is supposed to be forward-thinking and optimistic, it would probably be a bad idea to stand up and say "I told you so" and point and jeer. So I asked if I could do a sort of historical talk, instead. The idea behind this talk has been in the back of my mind for the better part of a decade, ever since I started looking closely at FTP, and wondering "if the guys who coded that knew it'd be around for this long, would they have done it differently?" As Ray Wylie Hubbard says: "the most important thing about songwriting is, when you finish a song, to ask yourself if you still want to be playing it 25 years later." As I look at computing, I see these kind of simple "tiny" mistakes all over the place - and they are constantly costing us insane amounts of effort to maintain and deal with. We have become curators. Curators in The Museum Of Bad Software.
Cloud Computing Security
Everyone wants to weigh in about cloud computing and whether it's a security problem. After about the 200th time I got asked, I decided to produce a short little video spot explaning the real issues. As you can tell, I think cloud computing has some security implications but nobody really has a handle on what cloud computing even is.
White Hat World Podcast/Interview on Penetration Testing It happens every time! Someone wants to debate me about my views regarding penetration testing and, about 20 minutes later, they realize that they're violently in agreement with me. The question remains one of method. We had a good discussion and you can hear the whole thing here.
Here's the problem in a nutshell: I say "current approaches aren't working," and everyone agrees. They then proceed to talk about how we need to amplify our efforts in pursuing the current approach. It remains obvious to me that evolutionary approaches to system security are doomed to fail; we need to turn problems on their heads - otherwise we're just riding on the gravy train of failure.
I keep repeating myself:
I've been patiently challenging the established "wisdom" that cyberwar is a "force multiplier" that nation states might reach for. Fear-mongering or attempts to dismiss the argument is all you'll get, usually. This video, done for AT&T, was shot in November, 2007.
5/2009: CyberWar is bull!*&$*#t
I gave a talk explaining why conventionally marketed cyberwar is nonsense; it
wasn't a popular view. Oddly, however, most cyberwar proponents can't seem to
refute my argument(s) - they just change the goal-posts, or definitions, or try
to dismiss them as "what does he know, anyway?" (Other than reading about 60
metric shelf-loads of books on military history and theory, and serving in the
army? Nothing) The talk is here. Some feedback is here.
