Via Deb-Tech: Security Watch Revisiting the 10 Immutable Laws of Security, Part 1. Very good post, definitely worth reading, I can’t wait for part 2 and 3. From the same author: Help: I Got Hacked. Now What Do I Do?. While you’re there, you can refresh your memory by reading the original 10 Immutable Laws of Security .
Yet an other reasons for being annoyed with commercial products: they arbitrarily restrict certain features with no technical justification. Also, a perfectly working free implementation of VNC is available from UltraVNC, they didn’t had to buy RealVNC (which from my experience is buggy). I would have left a comment on the posting if that would have been an option…
On the subject of overpriced products: I recently had the opportunity to play around with a Fluke Networks Etherscope and can’t imagine who would pay several thousands of dollars for it. It does basically the same thing as a netbook would with Linux and some software, but for ten times the price. And it’s incredibly slow (it took several minutes for it to boot, with no progress indicator!)
There is a patch for the recent MS RPC vulnerability for Windows NT 4.0. I think you have bigger problems than this if you are still using NT 4.0…
Via Carnage4Life: the Yahoo OpenID usability study. I can see how it is confusing. A very good advice: you can reduce the friction by directly presenting the most common providers. Somewhat similar: a proposed universal authentication system from the GNUCITIZEN blog. It seems a good idea which is easy to implement and explain to users. An extension of it (mentioned in the comments) is to use your IM for this (circumventing the problem that SMTP has no guaranteed upper bound on the delivery time).
Via Ovid’s journal: PHP is getting as the namespace separator. Weird. You can see (some) justification on the RFC wiki page, but it’s still seems wrong. Anyway, the important thing is that PHP has namespaces (finally).
Speaking of the PHP wiki: it runs Dokuwiki! Kudos to the Dokuwiki team for putting out such a high quality product. Andreas Gohr (the lead of the project) has the DokuWiki of the Month series on his blog, and this would be a worthy addition!
From Didier Stevens comse: YASIC – Yet Another Info Security Cartoon.
It seems that Yahoo! and Google are equally good in the search market (confirmed by a blind test), however – as a commenter points out – one of the should be at least twice as good as the competition to attract users over.