S1: Streaming Security at Netflix

Episode Summary

Senior Software Engineers, Filip Paun and Bertrand Mollinier Toublet discuss working on the Streaming Security team at Netflix, being let go and coming back, and culture at Netflix.

Episode Notes

Senior Software Engineers, Filip Paun and Bertrand Mollinier Toublet discuss working on the Streaming Security team at Netflix, being let go and coming back, and culture at Netflix.

Episode Transcription



Intro:               We Are Netflix, the podcast for people who love Netflix and want to learn how we do what we do. 


Lyle:                Is it a rule in the security side of things that Netflix—to have people who don't speak English as their first language?  Is that a necessity?


Filip:                Yes.  It's a requirement before we hire you.


Lyle:                What languages do you guys speak?


Filip:                I speak Romanian and English.


Lyle:                I've noticed, which is good for me because I'm mono.


Filip:                And I'm doing a half-hearted job at teaching myself Spanish.


Lyle:                I thought it was Chinese.


Filip:                I gave up on Mandarin because to learn even the basics was just astronomical for me, a toned deaf person.


Lyle:                It's very hard if tone deaf, definitely. Bertrand, how do you say your first name?


Bertrand:         At home, I say Bertrand.


Lyle:                Bertrand.


Bertrand:         For the past 18 years in the Bay Area, I've said Bertrend.


Lyle:                Bertrand.  I'll just mutate it every time I say it.


Bertrand:         It's all good.


Lyle:                What about you?  What languages do you speak?


Bertrand:         Well, I was born and raised in France, so French, English obviously.  I spent a bunch of time in Spain and Mexico, so Spanish is okay.  It's very rusty right now, but that's about it.


Lyle:                I'm doing a disservice.  Michael?


Michael:          JavaScript.




Michael:          And then I'm just a touch of English, not enough to pass high school English as my teacher wrote on all my papers.  I was told I was the worst student she ever had.


Lyle:                And you've brought this up before.  I think there was some pain.  Have you gone back there to complain to her, to tell her, "Hey, I'm doing okay"?


Michael:          No.


Lyle:                Why not?


Michael:          She didn't show up to our 10-year high school reunion.She was scared.  I was the winner, at that point.




Lyle:                Filip Paun has a Bachelor of Science in Mathematics and Computer Science from Ohio State University, and holds a Master of Computer Science, with a focus in cryptography from Stanford University.  He graduated in 2007.  While finishing his master's, he's worked at Apple as an intern, focusing on FairPlay crypto.  And after his internship, Filip worked at Apple as a crypto software engineer and developer for two years. 


                        During his time at Apple and before and from school, Filip cofounded Good Game, a web-based project to process online event registration and credit card payments for student groups and university departments at Stanford.  Phillip left Apple in 2010 to join us here at Netflix, and over eight years at Netflix.How have things changed in that eight years?


Filip:                I've grown a lot personally and career wise.  I came in fairly green, I would say.  Netflix gave me a great opportunity to pursue different interests and learn about different technologies and just really grow as an engineer.  So it's been fantastic.  Every year has been better and better.


Lyle:                All right.  So we have an add in, your colleague.  Do you want to introduce your colleague?


Filip:                Sure.  This is Bertrand. Take it away, Bertrand.


Bertrand:         Kind of a [unintelligible 00:02:36] fellow.  But, yeah, I was born and raised in France.  I studied telecom engineering from '98 to 2002.  In 2000, I had an approaching teacher to come to the Bay Area for a one-year internship, a break year, if you will, during the studies and I met love in California.  And so in 2002, I came back, and I've been here since then.  I went through a bunch of different companies, but I ended up in 2007 joining Apple where I met Filip.  Two years into his 10 year at Netflix he was really trying to convince me to come join and so in 2012, I joined Netflix.  And with a tiny pause in the middle that we can talk about at some point, I've been here for six years.


Lyle:                You took a break from here?


Bertrand:         I took a break, yeah.


Lyle:                Why?


Bertrand:         I was asked to leave, but then I came back.


Lyle:                And then you came back?


Bertrand:         Yeah.


Lyle:                Talk about growing opportunity.


Bertrand:         I know; right.


Lyle:                Okay.  We're going to dive right into that.  Here, you know, we're asked to leave if we're not filling the company's needs.  So at some point, someone made that decision.


Bertrand:         That's right.


Lyle:                What was that based around and did you agree with it?


Bertrand:         Well, so yeah—yes and yes; right.  So I joined in 2012 to run the iOS engineering team.And I think in retrospect I can say that I was not doing a very good job of that.  And so after 18 months my manager at the time decided that he needed to make a change; right.  Now, whether I agreed with it at the time, you know, it's a difficult conversation, so I can't say I was jumping for joy.  In retrospect, it was definitely a good move.


Lyle:                It worked for you.


Bertrand:         Yeah.  And, you know, it wasn't working.  There's no question there, I mean, if I think back about it.  I took a year to go do something else and it gave me an opportunity to think about what I liked to do and what I didn't like to do and what I did well and what I didn't do well. And so I came back in individual contribution role, and it's been going swimmingly since then.


Lyle:                So are you not looking at management then?  You were like, "I tried that.  It didn't work out for me."


Bertrand:         Yeah, pretty much.  It's interesting, though.  Because by the time I came back the person who had asked me to leave was now my plus two, was my new hiring boss's boss.


Lyle:                Oh, interesting.


Bertrand:         But, you know, we had a very straightforward conversation, and it made a lot of sense to him that I came back and it made a lot of sense to me, and so it's been going well.


Lyle:                It's really hard to get into a place where you're not doing excellent at your job and are asked to leave and grow from that.  I'm surprised you thought that it would make a lot of sense and feel good to come back.  Was it a good decision to come back here?


Bertrand:         It was a great decision to come back.  It wasn't as full out as you're making it out to be; right.It was really a question of—I left.I went to do something else for a year.It was a startup.  It was a failing startup. After a year, it was really time to go do something else and there happened to be a good opportunity that matched my skills and my interests well, and it happened to be at a place I used to work at.


Lyle:                Yeah, coincidentally.


Bertrand:         Right.  And then, at that point, the good thing about Netflix is the past does not really matter.But it wasn't like, "Hey, I really want to go back to Netflix."


Lyle:                Did you feel any embarrassment?  Did you see old people that knew the situation?  You're like, "Hey, I'm back, everybody."


Bertrand:         No. I mean, yes, it was, you know, it was that kind of a situation; right.  But then you make a decision; right.  Like, "Well, hey, I'm back.  I'm back on good terms.  I'm back into something that I think I'm going to do well.  So, hey, I'm back."


Filip:                Do you feel your previous experience and the relationship you had with the previous people impeded your progress, your initial progress when you came back?


Bertrand:         No, I don't think so.  Maybe the weirdest part was the interactions that, ultimately, I had to have with my successor, the guy who took over the position and I have a working relationship with now.  At first, you know, it was a little weird because, you know, in a security team, we have to, you know, we always tell people what they need to do; right.  Like, "Hey, you need to do this."And so, now, I'm going to the guy who used to have my job and I'm like, "Hey, you need to do this thing."  Like, "What does it mean?  Is it because I'm the security guy?  Is it because I want my position back?"  So kind of hard to dance a little bit around that and—


Lyle:                He's a pretty excellent person to work with, so I'm sure it hasn't been that difficult.


Bertrand:         Yeah, exactly.


Lyle:                Do you do that a lot?  Do you guys actually in the security go to teams and go, "You know what?  We're doing this wrong and we need to change?"


Bertrand:         I was saying that jokingly because it's been an ongoing point of debate within the team.  No, we don't want to be the enforcer, mostly because that's not productive; right.  Nobody likes to be told what to do.


Lyle:                Sure.  If you're told what to do and you don't understand the rationale, then it's not as good an experience to do it.


Bertrand:         That's right.


Lyle:                And if you understand the rationale, you don't need to be told to do it.


Bertrand:         I think, to your point, it really depends on the situation.And I think for us to be successful, we have to assess each situation kind of individually.  Usually, our normal stance, our default stance is one of consultants; right.  We're here to help you.  And we come in with an open mind of trying to learn, what are the stakes?  What are their interests?  What are their business goals?  What are they trying to do, and then provide guidance, provide some boundaries for them to achieve those goals?


Lyle:                There's a lot of security groups at Netflix, and I know that there are teams that help me, you know, make sure that I've got two-part authentication on my system.  You guys don’t do that.  There's a lot of space there.  So can we focus now a little bit on what your group actually focuses on right now?


Filip:                Streaming Security.


Lyle:                Making sure our files stay private, but also shared to everyone on the planet.


Bertrand:         We wear a few hats, at a very, very high level—yes, making sure of that.  I think the way that we can define ourselves as distinguished from whole other security work is our focus is primarily on the devices on the client side; right, where most of the security and the rest of the world, too, most of the security teams would be applications security. 


But for back end applications would be network security.It would be IT security.  We're focusing on content security.  We've established that, also device security.We work closely with our partners to make sure that their devices are robust enough against, you know, tampering of some kind.  Another way that the team evolved and the history of how things developed, we happen to also own the security protocol that we use for some of the communication between the client and the server.


Lyle:                Can you give me some names of those security protocols?


Bertrand:         Sure.  So the protocol itself, we call it "MSL," M-S-L, Message Security Layer.  We've open sourced it.  It's on GitHub.  You know, in a way, we're the cookie guys who said, "Well, TLS is not good enough for us so we're going to invent our own thing." It sounds not that great when you put it that way.  We, of course, think that we had a really good reason that TLS was not meeting our needs and that we needed our own thing.


Lyle:                Let me just clarify.  That's kind of a shocking thing to hear.  But TLS is the backbone.  If you were to go to a website that's secure, HTPS, or you see the lock and the icon and all of that, the protocol that does that, the handshaking that does that is called "TLS."  It used to be called "SSL," but it's actually TLS now.  And so, you're saying the entire internet uses this protocol, but, "We're going to do something better for us."  Why would you—


Bertrand:         And also, you know, Security 101 says, "Never go invent your own protocol when you can use something established."


Lyle:                Well, unless you have expert cryptography people, which of course that's who you guys are; right.  So why did we do that?  What did we go to MSL and not do TLS?


Michael:          Do a little benefit, pros and cons here.


Bertrand:         TLS has enough variability that, you know, there are ways to make it work.  But it's really geared toward this asymmetric communication, where you're some anonymous client, your web browser is some random Joe, right, at home, and you connect to somebody well known, you connect to your bank, to Google, to something.And so there's an asymmetry there where, as a client, I want to know who I'm connecting to, but who I'm connecting to doesn't really care about who I am; right, and then that communication is secured.And this whole system relies on this fairly heavy duty—


Lyle:                Handshaking?


Bertrand:         Well, the handshaking itself, but like the infrastructure around the determination of who you're connecting to.  The bank has—


Lyle:                That's a big piece of it; right, all these certificates that are signed and make sure that trust authority—


Bertrand:         Right, exactly.


Lyle:                …that whole thing—


Bertrand:         The whole like 7/9 PKI thing; right.  That's really heavy duty and it comes with very high requirements.And it is asymmetric where—and it's difficult [unintelligible 00:10:37] this will help you as you the client, you the user and decide who you're going to connect to, but not the other way around.At Netflix, we own both ends.  We own the backend, obviously, but we also own the Netflix app that runs on the clients; right.  And we care to enforce that only Netflix clients connect to our backend and use the Netflix service.


Michael:          By Netflix clients, do you mean Netflix approved devices or logged in users?


Bertrand:         Netflix approved devices.  We care about the log in user as well, obviously.  But even before that, we care about this needs to be a Netflix device.  So we need to identify the client and TLS doesn't help all that well with that.  There are ways that it helps.  Now there's mutual authentication; right.  But then if we do it the TLS way, then that means the client needs to carry its own certificates and then that comes with heavy requirements about time management, which, you know, embedded devices don't do well.


Lyle:                Okay.  So once you've made that decision, I understand.  It sounds like a pretty intelligent decision thought out.  I'm sure you—Filip, you have some experience here trying to do it all in TLS.  Because MSL's a relatively new protocol.  I mean, it's been around—it's started since I got here four years ago or so.


Filip:                Yeah, before we had MSL, we had NTBA. There's a high desire for flexibility.


Lyle:                Is NTBA our own protocol as well?


Filip:                A Netflix ticket-based authentication.  It was heavily influenced by Kerberos, Microsoft Kerberos.  But, yeah, we desire a high-level flexibility.  We're on many, many thousands of skews of devices and it's paramount for us to be able to graphically identify and authenticate each device because that tells us something about the platform security, that device.  That tells us something about the level of security provided by that device, which tells us something about what type of content we should authorize for that device.  It gives us high assurance that, as an example, the Netflix application is less likely to be used as an attack vector to target specific users.


Lyle:                Meaning we're putting some software on people's TVs or on their DVD players?


Filip:                Exactly.


Lyle:                And technically, the larger surface area the more complicated that application is, the more risk we put their device, other attacks.


Filip:                That's exactly right.


Lyle:                Okay.  So we need to be careful about that.


Filip:                Very careful, right.


Lyle:                It's a big [unintelligible 00:12:57] role.  Okay.  So as we decrease the stack and understand the stack better, producing it into something like a protocol of ourselves.  We're not relying on something like open SSL, which, how could that ever have a bug in it?Oh, wait it does.  So it allows us to have a safer environment for our customers.


Filip:                That is completely right.  And on several devices, we don't control that open SSL stack, actually the whole HTDP, HTPS, open SSL stack is provided by our device partner.


Lyle:                Right, the operating system effectively.  It has to be at some level.  So I'm sure that was a painful experience for us at some level.I won't get into that, though.  I do want to ask you, when we decide to say, you know, "We're not going to do TLS.  We had this older protocol and we've learned from that.  And we've learned from the Kerberos flow and now we're going to produce this new thing called, "MSL."  We've got to develop a whole new way of ensuring all these things that you're talking about and replacing these technologies that are heavily proven over time, you have to invest a lot of software engineering time to make that work.


Filip:                And we're still investing.


Lyle:                And so you being on the podcast with us to talk about it.


Filip:                We have three of our colleagues that are deeply invested in this.  I mean, they put many hours in still.


Bertrand:         They're fulltime on this now.  So we find that MSL—we came up with it because we had a need.  We find that it fulfills the need but there are challenges.  And one of the challenges, TLS, for other people, for you guys, is great because there are a ton of tools.  If you need to you can always go debug what you need because all of the tuning is there because the rest of the world uses it; right.  For MSL, we've been suffering a little bit about that because if there's going to be tuning, we need to develop the tuning.


Lyle:                Let's dive into that, for example, for just a second.So right now, I'm on the iOS platform and Michael's on TV and website platforms, and so we're developing all the time, but we're getting a lot of data.  Of course, we do get the streaming data, which comes through MSL, but we also have images and data like the title and synopses of all the episodes and all of the images for the episodes, the whole user interface.  And all of that stuff also is going through TLS; right.And it's doing that because we're doing more standard systems. 


We're using Tomcat on our groovy layer, or Java layer.  That's the webserver that's running and we're of course running in Apple's device and we're using HTP stack from their end.  So to get really secured data, TLS makes a lot of sense.  And we use this great little—I use this great, little app called "Charles," which is a proxy, that allows me to put inserts into the proxy in my device and I can inspect that.  I can create a man in the middle attack for myself to help me develop the application.It's a very useful tool.


Bertrand:         Charles is a great tool.


Lyle:                But that won't work with MSL, is what you're saying.And so a developer that's doing streaming stuff can't use a tool out of the box like that from some other company.You've got to generate your own.


Bertrand:         Right, exactly.  So we do have a proxy, an injected proxy to dump out MSL code.  But, of course, we had to come up with it.And, you know, as much—I mean, I love Charles.  It is a great tool.  It's very easy to use.  I don't know that we had the same level of application know-how in this area, within the team, to make a tool that's quite as nice to use; right.


Lyle:                It has a lot of features I never use the truth is.


Bertrand:         Right.  You know, but honestly, whatever it is that we came up with, you know, it's not that easy to use; right, and that's, you know, that is the crux of the problem.It is somewhat of a tough sale across the company because it also comes with a higher bar in terms of usability; right.So I've convinced myself that it is up to us to rise to the challenge, so to speak, and make sure that as we care to get MSL inducted widely within Netflix, we need to give ourselves the means to do so; right.


Michael:          Is that one of the hires that we are picking up, someone to build tools to make this easier, more adaptability?


Bertrand:         We're trying to pick someone up to join the MSL team, you know, whose responsibilities would be to do what, you know, that's open.  But it seems, in general, would be responsible to, yeah, to also do the tuning, yes.




Lyle:                For a long time, we moved away from our own like physical hardware server rooms.  We were in AWS.  We do have physical hardware, though.  We have these open connect boxes.  They're all over the place on the planet, and that's our own hardware that has our catalog and this allows us to make really great relationship with smaller ISPs, where they don't have to use out bandwidth.  They can use bandwidth from inside their ISP to their customer base using one of our boxes and we manage those boxes.  And we traditionally, for our images, and other static assets, we've put it on a large CDN like Akamai, some public company that does that kind of work, or even on AWOS [phonetic 00:17:07] a service of that layer. 


                        We've been moving slowly to our own boxes to do some of those assets, because, in some regions, it's really beneficial for the customer.  We can actually get better traffic throughput from our boxes local, you know, somewhere in India or something.  When we do that, as we move to open connect, and we control the entire hardware stack and everything in there, are you saying that potentially we could move to all assets being delivered through MSL instead of TLS because we control both sides of the conversation?


Bertrand:         I would categorize the effort to gain that performance from MSL slightly higher, because the effort to optimize HTPS has already been done.  So now, you're asking other teams like—well, you have this thing that works and works fairly in an optimized way, hey, come and do this other new thing and by the way you have all this effort that you need to put up to get the same optimization. 


Lyle:                I'd never the heard the idea of moving other resources besides the streaming feed to MSL, so that was why I was curious about it.  Because from a—I've been here awhile and hadn't heard that idea.


Bertrand:         There are many reasons, internal and external, as to why it also makes a lot of sense to keep assets and asset delivery over HTPS.


Lyle:                When we're dealing with a partner, one of these large companies, I'm assuming that as this point, there's a lot of desire to have Netflix on devices and such; right.  So, first, to start a relationship with a company like that is it at least starts as, "Hey, this is a good business process for us."  So by the time you guys are talking to engineers, those teams, they're kind of onboard in solving the problem.  So I'm assuming that you engage with people at these large corporations that are engineers like yourselves doing this.  What is it like to do that?  What's the relationship like?


Filip:                It's great. 


Lyle:                How so?  Why?


Filip:                It's super interesting.  Because we get to foster this relationship with our colleagues at other companies, big companies, like Samsung, LG, Sony, and all the SOC vendors; right, Realtek, MediaTek, Broadcom.  I'm name dropping, but it's like these big companies; right, and we're security consultants for these colleagues.  We're trying to help them.  We're trying to help them with their design.  How do you design a robust platform security where the Netflix application can run in a manner where the user doesn't have to worry about being targeted with viruses or worms?  They don't have to worry about the Netflix application being an attack vector for someone to display their choice of UI to extract data from like their credit card information, their account log information.


Lyle:                Your TV feels safer than your web browser?


Filip:                Yeah, and we would like to say that we have a small part in making sure—generating that feeling from users, end users.


Lyle:                So when you're working with a team, you're not just talking about like, "You have to do these things."  You're also talking about maybe problems they might have with what they're implementing and how to potentially harden it.


Filip:                That's right.  Under the time constraints, right, because everybody wants to ship a device.  Everybody wants to ship a product.  Time constraints and also business goals, which may be at times in direct conflict with security goals.  So then, establishing the right tradeoff between security risks and business reward becomes an interesting equation.


Michael:          One thing I'm very curious about with securities due to how it impacts our customers.  How does freedom and response really look like on the security team?


Filip:                Lots of freedom, no responsibility.  No, I'm kidding.


Michael:          Because it sounds like it's just responsibility and more responsibility.


Filip:                No, there's quite a bit of freedom, because a problem has many types of solutions.  And each solution reduces risk in different ways to different levels, a security risk.So there is a lot of freedom for us to reach out to our counterparts at these big companies and engage in a frank conversation about, "Here's where your device is today.  Here are the risks that we see with what you're doing right now. We understand your business goals.  We understand our business goals.  We also understand that we need to ship this like yesterday.  What can we do?  What can we do in the short term and the midterm and what's our strategic bets to make sure that these risks that we have identified gets reduced?"  It gets reduced to a level where everybody feels comfortable.


Lyle:                When you're assessing that risk, do you guys mostly do this—do you talk a lot amongst yourselves?  How many are on your team, Bertrand?


Bertrand:         There's 14 of us.


Lyle:                Fourteen.  Okay.


Bertrand:         It's a big team.


Lyle:                That's a big team, yeah.  So I'm assuming there's some separation of responsibilities and stuff.Like maybe only a few of you are talking to LG or something like that.  How do you assess best practices and make sure that all of you are kind of in alignment with—


Filip:                I feel like that's the strength of the team, because we do talk with each other.  None of us know everything.  It's just impossible.  But we leverage each other's knowledge and experience to get to a really—well, the best state we can.  So there's a lot of talk.  There's a lot of conversations, at times, heated, a lot of banging on the table.I'm not going to name anybody, Bertrand.But, yeah, at the end, we have—we're attacking the problem.  We're all focused on attacking the problem.


Lyle:                You know, it's funny.  It sounds like so much of your job is not at a keyboard typing away code.It sounds like it's a lot of relationships.


Bertrand:         Yes and no.  So, yes, the partner facing job is one of our hats, and you can tell Filip wears that hat quite a bit and wears it very well.  We have some time at the keyboard too, more of that kind of an engineer.And one of the reasons for that is while most of our clients are, in the end, done by third parties by OEM partners, some of our clients, we ship ourselves.  So the mobile apps and the [unintelligible 00:22:48] TV app as well.  The game consult version of Netflix, we develop inhouse and ship ourselves.


                        The browser version of the player, we do ourselves, obviously.  So for those platforms, on a technical level, rubber hits the road.  And we have to actually provide and integrate ADRM solution.And we have to do it in a way that is, again, robust enough that meets a bar that we find commonly agreeable but within the constraints of not always being able to rely on the system itself to do it for us.


Michael:          Can you talk about the roles that you guys do have open and kind of what you're looking for?


Bertrand:         Can you, Filip?


Michael:          Can you? 


Bertrand:         Will?


Michael:          May you?  I don't know what the proper—


Filip:                We need a director.  We need two managers, and we need a bunch of [unintelligible 00:23:40].


Michael:          So it's just an IC playhouse right now?


Filip:                Effectively.  We lost our director, so we need a replacement.  We need somebody to take on that role and, you know, run the team for us.There are two manager positions open, one for our team for the engineering team, one for the—we were talking about the MSL engineering team.  You know, we're going to split it off, and we need somebody to run that; right.  We have, I think—


Lyle:                That's a neat opportunity because MSL's an open source project.  It's rare that you get—you know, lots of people in the tech world like to work on open source projects, from the public facing aspect of it and like benefitting society and the world in general.  And to have a company like Netflix backing the development of it is kind of a neat space to be in.  So that's a pretty compelling space to work in.


Filip:                Yes, absolutely.  Most of the focus of the team is on the integration of MSL within the Netflix ecosystem itself. So that touches less maybe on the open source part of it, right, which is really like the core, like, okay, the basic system, but not when it comes to integrating.This is where most of the work has to be done, but nonetheless.  And then we have at least one open position on the MSL team. We know that, and one on our team, as well, and one on the partner facing team.  So if you want to go travel all over Asia and Europe and talk to, you know, all the big names as far as [unintelligible 00:24:56] manufacturing, and with all of the cable providers across the world, you know, please—and you want to talk to them about security, please, you know, consider—


Lyle:                Let us know at jobs@netflix.com, I think is how it works.


Filip:                And it's not just about talking to them, but having a direct, positive influence into the devices that get built and shipped.


Lyle:                Do you travel a lot, Filip?


Filip:                I used to.  But now with two young kids at home, I try not to.


Lyle:                That's part of the freedom; right.


Filip:                But I used to travel quite a bit.


Lyle:                You get to not travel as much now because of that.Well, thank you, both.  Was there anything else you guys want to talk about regarding what you're doing and why it's interesting before we wrap it up.


Bertrand:         I think there's one aspect that maybe we haven't cleared enough, and it's, why do we exist in the first place, right? Because you could say, you know, 00:25:42 content, it only tells so much of the story.  The way like you think of our role is kind of like oiling the gears of business.Because at the core of what we do at Netflix in general is we distribute somebody else's content.  I mean, we still like to do a lot of our own content, but we started by doing somebody else's content; right. 


When somebody else trusts us with their content, they come in with their own requirements, and you really need to make sure that you're not going to lose track of this because, you know, otherwise, that's [unintelligible 00:26:14] to me. And we are committing in business terms to those content owners.  Then we turn around and we work with, as we said, the device manufacturers.  And we have to have the same conversation of, "Hey, look, we're on the hook for that content.  We're the ones where the badness will happen, so we need to work and come to agreeable terms where you're going to be able to help us."And so that's the business aspect of it.


We, of course, you know, support the technical aspect of it and help putting the whole picture together to make sure that we can all—that we have technical solutions that are, you know, available and suitable and appropriate for the problem at hand.  But, to me, for as long as I've been working on content protection solutions what I've liked is that aspect of being at that intersection between technology and business.  And that's something that's, you know, what you're saying to the public sees—maybe the technical part of it and the constraining part of it, but you also want to think about DRM as being the small necessary price to pay for all the content to be available in the first place.  It makes the business possible.


Lyle:                Filip, yeah?


Filip:                I fully agree with what Bertrand described.  And I would like to add one more dimension and that is the user experience.  When we think about security related stuff, one of the functional requirements that's very dear to us is, how does that impact the user experience?  And we take it as a mandatory functional requirement to preserve a good UX; right, to enable a good user experience. If instead, we develop or design something that leads to a bad user experience, we've not done our job.  So a lot of our conversations internally and externally starts with that, with the first bullet point being, how does this impact user experience?


Lyle:                It's a good way to align people's goals; right?


Filip:                Oh, yeah. And it just, to me, makes a lot of sense, because we're in the business of delighting lots and lots of users.  And if you fail to do that, then, well, we, this—your team, are not contributing to the company's goals.


Lyle:                All right.  What are you guys watching right now?  Filip, what have you been watching?


Filip:                I just started a really dark series—


Michael:          Is it called Dark?


Filip:                No, I forgot the name of it.  I just watched an episode last night and I had some nightmares.


Michael:          Altered Carbon?


Filip:                No, but I like that show.


Lyle:                Okay.  Well, I'll let you pull out your phone and look if you want.


Michael:          Black Mirror?


Lyle:                It could have been Black Mirror.  That's a good guess, too.  Bertrand, what have you been watching?


Bertrand:         I'm catching up on Hap and Leonard.  It's two guys, somewhere in the wet, hot South, east of the U.S., having, you know, adventures.


Lyle:                Adventures, cool.


Bertrand:         Grimy adventures.  I like it.


Lyle:                Michael?  You've got small kids, so you're probably watching a lot of kid shows.


Michael:          No.  Actually, we do very little television for the kids.  But us adults, Lynn and I, we do Westworld, which is an HBO show currently and the new season's out, and it's been very good.


Lyle:                Is this second season as good as the first one?


Michael:          I don't know.  I'm going through the first one right now.  But really, what we're very, very excited for is the 3% coming up, so we're kind of counting down the days.


Lyle:                So you watched the first season of 3%.


Michael:          It was so good.


Lyle:                Oh, cool.


Michael:          Holy cow.


Lyle:                Is that a Brazilian show?


Michael:          It is a Brazilian.  It's our first Brazilian [unintelligible 00:29:43] show. 


Lyle:                And do you watch it dubbed or subbed, meaning is there English speaking in it?


Michael:          Subbed only.  I cannot do dubs. 


Lyle:                So you read it all?


Michael:          Reading doesn't bother me.  I'm one of the, I guess, whatever that group of people are called, the people who have no problem reading.


Lyle:                I love this conversation of whether it's okay to read or hear a second [unintelligible 00:29:58.]


Michael:          There's a whole group that would rather have it dubbed and—


Lyle:                Lots of people are back and forth, yeah.


Michael:          …and some people would rather have it subbed, and it's very strong.


Bertrand:         Turns out that your Brazilian is much better than you thought.You don't even need to read.  Well done.


Michael:          Who?


Lyle:                Your Brazilian [unintelligible 00:30:08] really good.  You're just hearing it perfectly.


Bertrand:         Yeah.  You're like, "Oh, I don't want to speak English."  No, no, no, it's a Brazilian [unintelligible 00:30:14.]


Filip:                The Alienist


Lyle:                The Alienist.


Michael:          Oh, I saw some previews for that.


Filip:                It's dark.


Lyle:                Well, very cool.  Thank you both for joining me on this.  I feel like because we talked about dark shows, we seem to all be enjoying dark shows right now.  Is there anything light and fun that's been—Comedians in Cars is really fun for me.  Anybody else?


Filip:                I like the Santa Clarita Diet.


Lyle:                That's pretty dark, too.  It's about a zombie.  But you're right, it's comedy.


Filip:                I'm learning quite a few things about myself right now.I'm not sure if I like them.


Michael:          A nice—the uplifting show, Santa Clarita Diet.


Lyle:                I think there's something about having young kids and being around them all the time that you need a little bit of an escape that's not that delicate, you know. 


Filip:                And then once a while I go back to The Office and watch—select TV episodes.


Lyle:                Always fun to do.


Filip:                Because they're just able to capture un-comfortability, about how people feel uncomfortable.


Bertrand:         Do you watch the British Office or the American Office?


Filip:                Both.


Bertrand:         The British Office is really, really—like it puts a knife in there and it turns it slowly and it's like I'm squirming and squirming and squirming.


Michael:          Michael Scott is just so painful in some episodes.  Like he's like crying on the floor in a company meeting.  It's just like, "Oh, I can't do it."


Lyle:                I'm assuming that's very different than the office space here, right, than what we feel here at Netflix.  But what's the best thing about working here?


Filip:                Oh, there's many things.  But I would say my colleagues.  I'm always pleasantly surprised.  I'm always in awe for how talented and hard working they are.  And it really is great when you have a colleague that says, "Yes, I'll do that," and then it magically gets done.


Lyle:                It's nice to rely upon your colleagues.


Filip:                It's amazing.


Lyle:                Thank you both for joining us.


Filip:                Yeah, thank you.


Bertrand:         It was great.


Lyle:                A real pleasure.