We do no work whatsoever for the USG, or for any defense contractors. That's not an accident. There are other software security firms that do; Matasano does not.

Once again: I am not sticking up for NSA. I do not trust NSA. I probably share your opinion of NSA, modulo I might not mythologize their capabilities as much as other people on HN do.

I am sticking up for Google. I have friends who work there. I think very highly of their security group. From my vantage point, Google is in this instance fighting for the privacy of their users, at great expense, and getting shellacked in online forums by people who are happy to use the outrage over NSA overreach to tar Google, especially since Glenn Greenwald more or less defamed them in print.

When you say "that's not an accident" do you mean to imply you'd have ethical objections to it?

As you are one of the three most common defenders of the state that I have noticed on this site, that would be very surprising to me. But quite interesting if so, it would be some indication that your perspective on the issues and seeming constant defense is an indication of spiraling paranoia in counterparties to your arguments. Is this how you see it?

Yes, I have an ethical problem with doing the kind of work I do for defense contractors or for the USG. I'm not saying that doing work for USG, or even software security work for them, or even offensive software security for them is prima facie unethical; I only know that I don't feel qualified to navigate the ethical quagmire, and thankfully am not required to do so.

I'm also not a defender of the state. However, of the subset of HN users who are noisy enough to remember by name, I'm probably the most statist; believing in the utility of law enforcement probably puts me just slightly to the left of center among noisy HN'ers.

In the real world, I'm a liberal.

Be careful about assuming that you know what's in the heads of other people just from how they comment on HN. The things that spark arguments on HN aren't a realistic cross-section of policy debates in the real world.

That's why I seek to clarify, I know I don't know what's in your head. All I can know is what I see.

For the record, there is no doubt in my mind that rayiner is a hell of a lot more of a statist than you.

Presumably doing Matasano-type appsec work for DoD if it were for internal DoD software would be fine (i.e. making sure the VA's medical records system is relatively secure against outside threats)?

We don't do work like that.

I've had my differences with <tptacek> in the past -- I think polite disagreements over policy -- but he is quite correct here in what he says about Google.

I doubt that he has a professional conflict in this case. He is nothing if not consistent, his point of view here is exactly what you would expect from reading his past posts on other issues.