I agree, up to a point. But there's no way you can teach that sort of understanding in 1 hour. :-)
The purpose of this talk was to provide a checklist for developers of what they should and should not be doing.
* How to set the counters so that counter/IV can't collide and destroy your security
* What metadata your messages need to include to make them not replayable
* How to canonicalize your messages so that the process of packing, authenticating, encrypting, decrypting, and unpacking doesn't change the intent of a message.
I think that may be what the grandparent comment is getting at.
Put another way: find me one crypto library or application implementing CTR mode that got all the above issues right but used a poor block cipher (not AES or 3DES).
You don't want developers to follow a checklist, you want them to use their intelligence.
One hour is enough to make developers realize they know nothing about cryptography. Once they reach that point, they will be on the right path (ie really learn about the topic or ask someone who knows).
The most common error isn't improperly used algorithms or techniques, it's improperly used cryptography.
Example: securing a file with AES-CTR and having the password hardcoded in the binary.