The Lazy Programmer's Guide to Secure Computing
Sign in to YouTube
Sign in to YouTube
Sign in to YouTube
Uploaded on Mar 19, 2010
Google Tech Talk
March 11, 2010
ABSTRACT
Presented by Marc Stiegler.
This presentation starts with a simple block of code written by the Lazy Programmer, to observe how laziness made the code more compact and simpler. We then define the Principle of Least Authority(POLA), and explain why it is a best practice for secure programming. We show how laziness in that first example enabled enforcement of POLA. We then put the Lazy Programmer through a series of increasingly more difficult tasks as management attempts to make the Lazy Programmer work hard. To achieve maximum laziness, the Lazy Programmer is driven toward increasingly more modular, encapsulating OO designs that happen to implement POLA; ultimately compelled to build systems with defense in depth to avoid work. A secret truth is thus revealed: lazy OO programmers have been using secure techniques for decades, if only they had known. We then describe the tools that turn laziness into correctly enforced security for JavaScript, Java, and distributed computing.
Marc Stiegler is a researcher at Hewlett-Packard Labs who has written "Introduction to Capability Based Security," and designed CapDesk and Polaris, a windows overlay that isolates applications from one another to allow virus safe computing.
-
Category
-
License
Standard YouTube License
Loading...
Loading...
Loading...
Loading...
Loading...
-
6:13
Larry Wall: 5 Programming Languages Everyone Should Knowby Big ThinkFeatured
135,331
-
1:00:18
How To Design A Good API and Why it Mattersby Google Tech Talks
174,103 views
-
48:11
Building a JavaScript-Based Game Engine for the Webby GoogleTechTalks
215,283 views
-
38:25
"The Clean Code Talks -- Inheritance, Polymorphism, & Testing"by Google Tech Talks
126,406 views
-
55:02
Your Brain at Workby Google Tech Talks
218,790 views
-
1:13:53
Advanced Topics in Programming Languages: Java Puzzlers,...by Google Tech Talks
202,049 views
-
49:04
What Every Engineer Needs to Know About Security and...by Google
9,102 views
-
4:19
How to be a Good Software Programmerby Geek Lifestyle (with Chris Pirillo)
46,896 views
-
59:26
The Go Programming Languageby Google Tech Talks
302,063 views
-
59:53
Douglas Crockford: Principles of Securityby YUI Theater
15,271 views
-
1:24:43
Crockford on JavaScript - Part 5: The End of All Thingsby YUI Theater
14,220 views
-
51:53
Crockford on JavaScript - Scene 6: Loopageby YUI Theater
9,583 views
-
1:04
Isogenic Engine: HTML5 Canvas - 4 MILLION TILES ON A MAP in JAVASCRIPT! - Advanced Paging Algorithmby Rob Evans
8,113 views
-
0:45
Isogenic Engine: HTML5 Canvas Isometric Game Engineby Rob Evans
21,003 views
-
1:10:14
Tech Talk: Linus Torvalds on gitby Google
1,108,799 views
-
7:19
Let's Program 2by icefox192's channel
873 views
-
0:31
Life Of A Programmerby RasburryMuphinz
167,656 views
-
56:23
Speed Up Your JavaScriptby Google Tech Talks
93,171 views
-
22
videos
Play all
Ford Upgradesby AutoAnything
-
54:09
The Clean Code Talks - "Global State and Singletons"by Google Tech Talks
57,190 views
-
1:03:43
The Quantum Conspiracy: What Popularizers of QM Don't Want You to Knowby Google Tech Talks
302,596 views
- Loading more suggestions...
Top Comments
naughttube 2 years ago
He is a funny guy :) This video makes me want to perfect my laziness :)=
Sign in to YouTube
Sign in to YouTube
jp3d2k 2 years ago
"efficiency" is simply a euphemism douchebags use for their laziness ;-P
Sign in to YouTube
Sign in to YouTube
All Comments (20)
Florin Jurcovici 2 weeks ago
IMO, laziness is a quality every good programmer must have.
Sign in to YouTube
Sign in to YouTube
Lava Kafle 3 months ago
wowowow great security laziness
Sign in to YouTube
Sign in to YouTube
gedq 11 months ago
he may look sweet but you just know he's got a robot powered island full of minions somewhere just waiting to make his move. His lazy move.
Sign in to YouTube
Sign in to YouTube
石村 耕平 1 year ago
i think His talk is easy to understand and useful.
Thanks for posting this informative video!
Sign in to YouTube
Sign in to YouTube
opaqueproductions235 1 year ago
and what do you do for work... you merit-less prawn.. It really is the freaks and mutants that save and create this shared world.. hope you enjoy your life in the customer service field loser..
Sign in to YouTube
Sign in to YouTube
Alpha Male 1 year ago
I am being serious! Excellent content and quality video...
Sign in to YouTube
Sign in to YouTube
gbsons 1 year ago
That guy your calling nerd probably has a mansion three times the size of your house.
Sign in to YouTube
Sign in to YouTube
James Donnelley 1 year ago
Mark has considerable experience with Windows, but as you say not working on what is typically considered Windows 'security'. That is not working on internal features of Windows to do permissions checking, authentication, etc. Instead he has focused most on changing the game of Windows security by working on the HP Polaris project that provided a POLA environment for execution of programs running under the Windows API,
Sign in to YouTube
Sign in to YouTube
strcmt 2 years ago
awesome programming explanation!!!
Sign in to YouTube
Sign in to YouTube