James Mickens (previously) has a well-deserved reputation for being the information security world's funniest speaker, and if that were all he did, he would still be worth listening to.

But Mickens' great gift is weaponized bathos: the ability to induce whiplash in the listener with a string of hilarious technical zingers that lead to deadly serious, important insights into the field of information security. He embodies the entire ethic of "ha ha, only serious."





His keynote to the 27th Usenix Security Summit is a stellar example of just what makes his keynotes so fabulous. Mickens' topic is machine learning, AI, and security, and while he devotes a lot of energy to popping the hype bubbles surrounding these topics with scathing, scorching wit, he does so while laying out an enormous amount of subtle technical information, in eminently accessible form, describing the way that machine learning algorithms are designed and deployed in practice.

But as the talk progresses — ranging over AI, machine learning bias, the reproducibility crisis, even the two cultures — the whipsaw gets faster, from laugh to serious point, laugh to serious point, back and forth and back and forth, building to a stupendous crescendo. I don't lightly advise you to listen to a 55 minute talk (you can do the whole thing as audio-only with headphones or in the car, the slides aren't essential), but really, this is worth it.



Some people enter the technology industry to build newer, more exciting kinds of technology as quickly as possible. My keynote will savage these people and will burn important professional bridges, likely forcing me to join a monastery or another penance-focused organization. In my keynote, I will explain why the proliferation of ubiquitous technology is good in the same sense that ubiquitous Venus weather would be good, i.e., not good at all. Using case studies involving machine learning and other hastily-executed figments of Silicon Valley's imagination, I will explain why computer security (and larger notions of ethical computing) are difficult to achieve if developers insist on literally not questioning anything that they do since even brief introspection would reduce the frequency of git commits. At some point, my microphone will be cut off, possibly by hotel management, but possibly by myself, because microphones are technology and we need to reclaim the stark purity that emerges from amplifying our voices using rams' horns and sheets of papyrus rolled into cone shapes. I will explain why papyrus cones are not vulnerable to buffer overflow attacks, and then I will conclude by observing that my new start-up papyr.us is looking for talented full-stack developers who are comfortable executing computational tasks on an abacus or several nearby sticks.

Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible?

A: Because Keynote Speakers Make Bad Life Decisions and Are Poor Role Models [James Mickens/Usenix Security]

(via Four Short Links)