1. Question every requirement. Each should come with the name of the person who made it. You should never accept that a requirement came from a department, such as from “the legal department” or “the safety department.” You need to know the name of the real person who made that requirement. Then you should question it, no matter how smart that person is. Requirements from smart people are the most dangerous, because people are less likely to question them. Always do so, even if the requirement came from me. Then make the requirements less dumb.
   
   
2. Delete any part or process you can. You may have to add them back later. In fact, if you do not end up adding back at least 10% of them, then you didn’t delete enough.
   
   
3. Simplify and optimize. This should come after step two. A common mistake is to simplify and optimize a part or a process that should not exist.
   
   
4. Accelerate cycle time. Every process can be speeded up. But only do this after you have followed the first three steps. In the Tesla factory, I mistakenly spent a lot of time accelerating processes that I later realized should have been deleted.
   
   
5. Automate. That comes last. The big mistake in Nevada and at Fremont was that I began by trying to automate every step. We should have waited until all the requirements had been questioned, parts and processes deleted, and the bugs were shaken out.

• Ensimmäiseksi ilmaisemme omat tarpeemme.
• Toiseksi pyrimme tunnistamaan vastapuolen tarpeet.
• Kolmanneksi varmistamme, että molemmat tunnistavat vastapuolen tarpeet täsmällisesti
• Neljänneksi annamme empatiaa niin paljon kuin tarvitaan.
• Viidenneksi, kun kummankin osapuolen tarpeet ovat selvillä, ehdotamme strategioita, joiden avulla ristiriita ratkeaa.
  

1. Mistä olet kuulijoillesi kiitollisuudenvelassa?
2. Mitä kuulijasi pelkäävät?
3. Mistä kuulijasi tuntevat ylpeyttä?
   
   eetos
   
   
4. Mistä olet viime aikoina ollut innostunut?
5. Mitä itse pelkäät?
6. Miten voit puheellasi tehdä maailmasta paremman?
   
   logos
   
   
7. Minkä yhden lauseen toivot kuulijoiden muistavan?
8. Miten väännät sanomasi rautalangasta?
9. Minkä omakohtaisen tarinan voisit kertoa?
   

• People
• Architecture
• Chaos
• Applications
  

1. The current state of the organization's security program - expressed in term of risk, not maturity, not vulnerability, not potential impacts.
2. The planned future state ot the organization's security program.
3. How long it's going to take for us to reach our future state.
4. How much it's going to cost.
   

1. It's expensive.
2. It's easy for both the public and policy makers to discount future hypothetical risks.
3. The political process is complicated.
4. The government doesn't have direct control over most of our critical infrastructure.
5. Spending money on infrastructure isn't sexy.

• The proliferation of new sensor platforms. Around the globe, we have new and innovative ways of capturing information and data. They range from license plate readers and citywide television camera systems to drones, biometric identification systems, and other novel ways of collecting data.
  
• The increased power of data analytics to do correlation analysis of disparate data streams. Powered by Moore’s law—the seemingly perpetual doubling of processing capacity—algorithms today can find patterns in immense volumes of data. They often consider billions, if not trillions, of data points as part of the analysis.
  
• The ever-decreasing costs of data storage. We can imagine a world in which everything is digitized and stored permanently.

1. Decisions based on responses to macro-trends will be faster
2. In some cases, the Pulse will be more accurate than traditional methods of collecting data about major trends
3. Trends that otherwise would have not seen at all will be visible
4. Basic models of society will change

1. Myy ensin asiantuntemuksesi
2. Tee asiakkaallesi ehdotus, joka auttaa häntä päättämään
3. Rakenna asiantuntijoillesi auktoriteetin tunnusmerkit
4. Älä mäkätä asiakkaalle, mitä hänen tulisi tehdä
5. Rakenna kiitollisuudenvelkaa järjestelmällisesti
6. Imartele asiakastasi niin, että hävettää
7. Elä niin kuin saarnaat
8. Ryhdy tutuksi
9. Älä olehelppo nakki
10. Opettele kertomaan kiinnostavia tarinoita

• Väline: valta on väline, jonka avulla on mahdollista saada asioita tapahtumaan.
• Aloitteellisuus: valta merkitsee mahdollisuutta pitää aloite käsissään.
• Läpinäkymättömyys: valtaa on nähdä muiden läpi, mutta jäädä itse läpinäkymättömäksi.
• Tulkinnallisuus: valta merkitsee mahdollisuutta määritellä ympäröivää todellisuutta.
• Alueellisuus: valta on aina alueellista.

• Jämäkkyys: johtamisessa on pohjimmiltaan kysymys jämäkkyydestä, rohkeudesta tehdä päätöksiä ja ottaa vastuu kannettavaksi.
• Oikeamielisyys: johtajuutta on olla oikeamielinen kaikissa tilanteissa, joka tarkoittaa kunniallisuutta ja vastuunkantamista niin hyvinä kuin huonoinakin päivinä.
• Heikkous:  johtajuutta on tunnustaa heikkouksien olemassaolo itsessään ja muissa.
• Tiedonjano: johtajuus vaatii tiedonjanoa, pyrkimystä etsiä tietoa menneestä, olevasta ja tulevasta.
• Avuliaisuus: muiden asettaminen itsensä edelle on eräs johtamisen tärkeimmistä ulottavuuksista.
• Joustavuus: johtajuus vaatii joustavuutta erilaisissa tilanteissa ja erilaisten ihmisten kanssa työskenneltäessä.
• Usko: johtajuus vaatii uskoa tehtävään, tulevaisuuteen ja muihin ihmisiin.
• Uudistuminen: johtajuus vaatii johtajan oman elämän rikkautta, kehittymistä henkilökohtaisissa kokemuksissan ja taidoissaan, valmiuttaa muuttaa tarvittaessa suunnitelmia tai kykyä valjastaa uusia ajatuksia, menetelmiä tai välineitä toimimaan tavoitellun päämäärän hyväksi.
• Suunnitelmallisuus: johtajuudessa on kysymys kyvystä laatia ja toteuttaa suunnitelmia.

1. What is the decision this is supposed to support?
2. What really is the thing being measured?
3. Why does this thing matter to the decision being asked?
4. What do you know about it now?
5. What is the value to measuring it further?

1.  Your problem is not as unique as you think
2.  You have more data than you think 
3.  You need less data than you think 
4. There is a useful measurement that is much simpler than you think.

• Lawsuits that do not involve you become a security concern.
• Many of the laws and standards that govern your IT infrastructure were created without virtualization in mind.
• The idea of perimeter seecurity is largely nonsensical in the cloud.
• How you manage your credentials goes beyond standard identity management.

• The first major destabilizing trend is that of Moore's Law applied to the cost and effectiveness (kill power) of weaponry over time.
• The second trend adding to the general volatility is small world effects, the consequence of major innovations in mobility and connectivity.
• The final destabilizing trend is the growth in global population, which naturally conflicts with other social and environmental forces and constraints.

RBAC is more general than either MAC or DAC. Unlike MAC, which was designed to prevent unauthorized information flow, RBAC is policy-independent, meaning that it can support a variety of policies.

Alä koskaan anna kahta nuolta aloittelijalle. Jos hänelle antaa kaksi nuolta, tulee hänen mielessään aina olemaan ajatus, että hänellä on vielä varanuoli...

"So who were the guys that grabbed me in the parking lot? Mister Wood and Mister Stone? Who were they?"
Wednesday grunted. "Just spooks. Members of opposition. Black hats."
"I think," said Shadow, "that they think they're the white hats."
"Of course they do. There's never been a true war that wasn't fought between two sets of people who were certain they were in right. The really dangerous people believe that they are doing whatever they are doing solely and only because it is without question the right thing to do. And that is what makes them dangerous."

- Kuolema on varjo, josta emme koskaan pääse eroon. jonakin päivänä tuo varjo muuttuu villieläimeksi, jota emme enää pysty pitämään poissa kimpustamme.
- Toivon, että paranen.
- Jos ette parane, niin suosittelen Bachia. Se on ainut lääke, josta on jotain apua. Siitä saa lohdutusta, hitusen kivunlievitystä, tietyn määrän rohkeutta.

You realize that the important parts of culture are essentially invisible. Culture at this deeper level can be thought of as the shared mental model that the members of an organization hold and take for granted. They cannot readily tell you what their culture is, any more than fish, if they could talk, could tell you what water is.

See, there was the hard way to do things and there was the easy way. The hard way looked good at the time; in fact, it looked like the only way. But it upset your stomach and could break your knuckles. It produces blind spots that could mess you up and cause pain, not to mention losing your ass. The easy way required thinking and remaining cool. Not standing-around cool, but authentic genuine cool. Cool when you wanted to smash something or break down a door. No, hold it right there. Think how to do it the easy way. Then turn the knob gently and the door opens.

To be somebody or to do something. In life there is often a roll call. that's when you will have to make a decision. To be or to do? Which way will you go?

U.N. law governing transfer and ownership of war viruses was clear to the point of bluntness. Inert viral forms could be owned as subjects for study, or even, as one bizarre test case had proved, private trophies. Ownership or sale of an active military virus, or the codes whereby a dormant virus could be activated, was a U.N. indictable offense, punishable with anything between a hundred and two hundred years storage. In the event of the virus actually being deployed, the sentence could be upped to erasure. Naturally these penalties were applicable only to private citizens, not military commanders or govenment executives. The powerful are jealous of their toys.

Information is a product. You can buy it, trick someone out of it, extort it. Muscle it over to your side of the table...even dig for it yourself. But there's no Consumer Reports for the product. You don't always get what you pay for. You have to put it together, piece by piece, always testing the next chunk against what you've got so far. One little flaw in the logic chain, and the gun doesn't fire. Or it blows up in your hand.

The maddog left the recorder's office an walked through another glorious fall day to the library, to the crime section, and began pulling out confessional books by burglars. They were intended, their authors said, to help homeowners protect their property.

From a different perspective, they were also a short course in burglary. He has studied a couple of them before he went into Carla Ruiz' studio. They helped. The maddog believed in libraries.

"And you learned?"

"What breeds respect. Not to walk away from a fight. Take a beating if you have to, but a beating's never as bad as the feeling of shame you get when you back off."

"That's your youth talking right there," said Strange. "One day you're gonna learn, it's all right to walk away."

Similar to software debugging, reverse engineering by definition goes in reverse. In other words, you must be able to think backward. Zen meditation skills will serve you better than many years of formal education training. If you are good at solving verbal brain-teaser riddles on long trips with friends, you will be probably good at RCE. In fact, master reverses like +Fravia recommend cracking while intoxicated with a mixture of strong alcoholic beverages. While for health reasons we cannot recommend this method, you may find that a relaxing cup of hot tea unwinds your mind and allows you to think in revers.

Nick Naylor had been called many things since becoming chief skokesman for the Academy of Tobacco Studies, but until now no one had actually compared him to Satan.

Little did I care. I was telling the truth and damning the consequences. I was a local hero. Subscriptions jumped to almost three thousand. Ad revenue doubled. Not only was I shining a new ligh into the county, I was making money at the same time.

Intelligence gathering had never been easier. Codes intercepted by the NSA entered TRANSLTR as totally illegible ciphers and were spit out minutes later as perfectly readable cleartext. No more secrets.

I guess it would even be possible to knock the server down just by visiting http://payment.example/default.asp?id=3;SHUTDOWN  (Hey, don't do it!)

Individuals, as we've seen, don't care much about privacy in the aggregate at all: Faced with a choice between privacy and exposure, many people would rather be exposed than be private, because the crowd demands no less. Concerned mainly about controlling the conditions of their own exposure, many people are only too happy to reveal themselves promiscuously if they have the illusion of control.

Lyhyesti sanottuna ihmisen elämä on kriisistä toiseen etenevää matkaa. Aivan kuin olisitte tivolin kummitusjunassa seisaallanne ja selkä menosuuntaan: näette vain menneen ja tämän hetken ettekä koskaan tiedä, milloin iskette takaraivonne seuraavaan kattoparruun. Mutta varmasti iskette. Sellaista on elämä.

At the core of the design in the superworm is the use of an anonymous Chord network. Through the use of the Chord system, each node in the network can be reached by any other node at a maximum of O (log N) hops. Furthermore, any node only has to keep track of O (log N) of its peers. For a network of 10 million nodes, a maximum distance of 23 hops separates any two nodes or entries in its host table. The dramatic reduction in the network view for any node immediately assists in the scaling of the worm network for a fully connected system.

A security pattern describes a particular recurring security problem that arises in a specific security context and presents a well-proven generic scheme for a security solution.

Monessa liemessä keitetty: Positiivinen ilmaus henkilöstä, jonka elämänkokemus on karttunut monissa ammateissa. Executive product program manager, joka on työskennellyt viiden viime vuoden aikana viidessä työpaikassa, on monessa liemessä keitetty. Siivousteknikko, jolla on samassa ajassa yhtä monta työnantajaa, on tiimityöskentelyyn sopeutumaton tulevaisuuden syrjäytyjä. Sanonnan gastronomisesta ilmiasusta huolimatta elintarvikealalla ei tunneta useammassa liemessä keittämistä.

"I can't believe she'd kill her husband for money. She seemed so devoted to him."

"Sean, for you all intelligence and sophistication, sweetie, you really know shit about women."

That was always the dream, wasn't it? I wish I'd known then what I know now? But when you got older you found out that you now wasn't you then. You then was a twerp. You then was what you had to be to start out on the rocky road of becoming you now, and one of the rocky patches on that road was being a twerp.

Phrenology, as everyone knows, is a way of reading someone's character, aptitude and abilities by examining the bumps and hollows on their head. Therefore - according to the kind of logical thinking that characterizes the Ankh-Morpok mind - it should be possible to mould someone's character by giving them carefully graded bumps in all the right places. You can go into a shop and order an artistic temperament with a tendency to introspection and side order of hysteria. What you actually get is hit on the head with the selection of diferent size mallets, but it creates employment and keeps the money in circulation, and that's the main thing.

If you want to spend your time "putting out fires," do it right - join the fire department because you will not be a successful ISSO.

Kaiken kaikkiaan Sonera on varoittava esimerkki siitä, mitä tapahtuu, kun omistajaohjaus ontuu ja sisäinen hallinto romahtaa. Pörssiyhtiölle valtio-omistus on edelleen riski. Kun ministeri vaihtuu, yhtiön strategia voi vaihtua sen mukana. Politiikka ja populismi alkavat ohjata yhtiön käyttäytymistä, kuten Soneran optiopäätös ja päätöksen peruminen keväällää 2001 osoittavat.

Moottorit ovat esimerkiksi miehisiä....Mutta voiko mies ommella ompelukoneella? Vispata kermaa sähkövatkaimella? Lypsää lehmiä lypsykoneella? Tai tyhjentää astioita pesukoneesta? Voiko tosimies imuroida autonsa ja silti säilyttää kasvonsa. Siinäpä teille muutama kysymys pohdittavaksi.

It's strange how hacker's mind work. You might think that white hat hackers would be on one end of the spectrum and black hat hackers on the other. On the contrary, they are both at the same end of the spectrum, with the rest of the world on the other end. There really is no difference between responsible hacking and evil hacking. Either way, it's hacking. The only difference is the content. Perhaps that's why it's so natural for a black hat to go white, and why it's so easy for a white hat to go black. The line between the two is fine, mostly defined by ethics and law. To the hacker, ethics and laws have holes, just like anything else.

What the journalists don't understand is that, given a slightly different set of chilhood influences, hackers would be wearing rubber forehead prostheses and talking Klingon at Start Trek conventions. They're just immature, poorly socialized punks; they are not a military or social threat to the world order.

When the new U.S. Embassy building in Moscow was being constructed in the 1980s, Navy Seabees (construction specialists) were brought in to monitor the movements of the Russian workers, some of whom were thought to be KGB spies. One Seabee considered himself an expert in the field of espionage - after all, he'd read nearly every James Bond novel. He suggested to his fellow Seabees that each day, while they were working at the embassy site, the KGB was entering their hotel rooms and searching their luggage. So the clever Seabee devised a trap: He rigged a piece of luggage with a can of shaving cream that would discharge on the person attempting an unauthorized opening.

At the conclusion of work that day, he and his colleagues rushed back to his room to see if the trap had worked. And it had. The suitcase was partially open, and shaving cream was all over the place. While congratulating himself for outwitting the KGB, the Seabee detected an odd odor. He opened the luggage and discovered that someone had defecated on his packed clothes. Moral of the story: Never claim to know spy shit unless you really do.

Snort is dependent on libpcap to be portable to almost every OS. Libpcap is a great sniffing library, but it was never intended to acquire traffic beyond a saturated 100 Mb pipe. Snort really starts to gasp for air above 100 Mb, even with Barnyard installed.

Muori virnisti. "Sekin on eräänlaista magiaa."

"Mitä, asioiden tietäminen vai?"

"Sellaisten asioiden, mitä toiset ihmiset eivät tiedä."

When the technology is changing beneath your feet daily, there is not much point in hiring for a specific, soon-to-be-obsolete set of skills. You have to try to hire for a general problem-solving capacity, however difficult that may be.

Five pirates on an island have one hundred gold coins to split among themselves. They divide the loot as follows: The senior pirate proposes a division, and everyone votes on it. Provided at least half the pirates vote for the proposal, they split the coins that way. If not, they kill the senior pirate and start over. The most senior (surviving) pirate proposes his own division plan, and they vote by the same rule and either divide the loot of kill the senior pirate, as the case may be. The process continues until one plan is accepted. Suppose you are the senior pirate. What division do you propose? (The pirates are all extremely logical and greedy, and all want to live.)

Suomessa tehtiin maailman ensimmäinen graafinen web-selain, Erwise.

Erwise oli suomalaisen tietoyhteiskuntakehityksen käännekohta. Se tehtiin TKK:n opiskelijatyönä hypertekstin selaamiseen. Sitten se heitettiin roskiin. Kenellekään ei tullut mieleen tuotteistaa järjestelmää. Erwisen demossa kerrottiin, että "World Wide Web on työkaluohjelmisto, jonka avulla on mahdollista toteuttaa sähköinen tietosanakirja".

Web Services change the risk levels associated with deploying software because of the increased ability to access data, and as a consequence, security is becoming an important design issue for any e-business software component.

Critical security vulnerabilities can often result not from coding or design mistakes, but merely from unanticipated interactions between system elements that by themselves are neither unsecure nor badly engineered.

As a bridge-playing expert that we know observed after a disastrous tournament result, "No one made any mistakes. Only the result was ridiculous."

Nokia spends about a hundred times more money per phone on battery security than on communications security. The security system senses when a consumer uses a third-party battery and switches the phone into maximum power-consumption mode; the point is to ensure that consumers buy only Nokia batteries. Nokia is prepared to spend a considerable amount of money solving a security problem it perceives - it loses revenue if customers buy batteries from someone else - even thought that solution is detrimential to consumers. Nokia is much less willing to make trade-offs for a security problem that consumers have.

"You know, Kidd, you told me once that revenge doesn't make any sense, because the dead guy won't know what you're doing and won't care, because he's dead. So what I'm wondering is, What are we doing?. Jack won't know and Jack won't care."

Though the intent of the Movie [War Games] was to warn audiences across North America that crackers could break into any computer system, as the 414-gang had, many viewers walked away from the film perceiving that attractive youg women could actually become attracted to previously ignored computer geeks.

In the world of computers, he was Zyklon, the aggressive "cracker" named after a poison gas, who had the skill to break into the Web sites of movie studios, universities, and even the Chinese government.
But on the other side of the monitor - according to federal prosecutors-Zyklon was really Eric Burns, a lanky, shy 19-year-old, a former student at Shorewood High School with few friends, several run-ins with the law, and an unhealthy obsession with a woman who didn't know anything about him.

He had some classes with her and she was dating someone else and he would tell you how much he loved her on these sites. One of his friends showed her [what he'd done] and I don't think she liked it very much. I don't think many high school girls are impressed with someone hacking a Web site in their name...Flowers and a poem might have gotten the job done better.

Jälleen yksi opetus, hän sanoi.  - Vaikka asiat suunnittelisi kuinka hyvin, aina tapahtuu jotain yllättävää. Mutta juuri siksi tarkka suunitelma on välttämätön. Jos sellainen on olemassa, niin on olemassa myös improvisoinnin mahdollisuus. Jos asiat eivät ole järjetyksessä, yllätykset aiheuttavat vain kaaosta ja sekaannusta.

Security has discovered an extra bag and was now determined to match it with a passanger - a primitive, yet effective deterrent to nonsuicidal bombers. Simon chukled to himself - in the hightech world of computers, X-ray scanners, and bomb-sniffing machines, the ultimate safety measure came down to each passanger having to step forward, stick out a finger, and point.

Solutions nearly always come from the direction you least expect, which means there's no point trying to look in that direction because it won't be coming from there.

The Master said, 'To lead uninstructed people to war, is to throw them away.'

'I always hate having to do that,' Palloid muttered. 'Goddam lawyers.'

'Signatures can be forged, Pal. Same with fingerprints, cryptociphers, and retinal scans. But a soul-seal is unique.'

"Look, that's why there's rules, understand? So that you think before you break 'em." 
-- Lu-Tze

Turner showed him how to press his palm against a glass pad and stare into a retinal scanner. "It knows you", Turner said. "Better still, it likes you."

"Thank god," Dicken said

"Security is god here," Turner said. "The atomic age was a firecracker compared with what's on the other side of that door."

Without numbers, there are no odds and no probabilities; without odds and probabilities, the only way to deal with risk is to appeal to the gods and the fates. Without numbers, risk is wholly a matter of gut.

Traditional bugs are found by looking for behaviors that don't work as specified. Security bugs are found by ignoring the specifications and looking instead at additional behaviors, their side effects, and the implications of interactions between the software and its environment.

The battle analogy is a useful way to think about software testing. A good wartime general can get into the mind of his enemy, understand what capabilities the enemy possesses, and create ways of disrupting those capabilities.

There is a misguided belief in the market that people who can break into systems are also the people who can secure them. Hence, there a lot of would-be consultants who believe that they need some trophies mounted on their wall for people to take them seriously. You don't want your product to be a head on someone's wall!

There has been a gradual paradigm shift in the way security is viewed, from one of risk to reward.

Buffer overflow problems have been known for 40 years. Perfectly good solutions to avoid them have been available for the same amount of time. Some of the earliest high-level programming languages, such as Algol 60, completely solved the problem by introducing mandatory array bounds checking. Even so, buffer overflows cause about half of the security problems on the Internet. And still people refuse to banish them by using better tools. We consider this criminal negligence. It is comparable to a car manufacturer making the gas tank out of waxed paper. Sure, if everything goes right, there's no problem, but we'd throw the CEO into jail all the same. For some reason, large part of our IT industry act as if they were not responsible for the consequences of their actions. With this prevailing attitude, we sometimes wonder whether it's worth attempting something as advanced as cryptography at all.

Because the XMLDSIG standard provides a very flexible digital signature mechanism, there are lots of ways to misuse it and produce insecure or misleading results.

Luotettavuus, toimintavarmuus on määritelty "kohteen kykynä pystyä suorittamaan vaaditut toiminnat määritellyissä olosuhteissa ja määrättynä ajanjaksona. Teknologian alue, joka pyrkii paikallistamaan kohteen viat ja löytämään keinoja niiden eliminoimiseksi".

Delivery on a new Gulfstream 5 would be a minimum of twenty-two months, probably more, but the delay was not the biggest obstacle. The current price tag was $44 million, fully loaded, of course, with all the latest gadgets and toys.

They (Arkan, Basaev, Catli) all began with back-alley shooting and ended up in economics. This is the natural career arc of a modern warlord. Sooner or later he comes to realize that true domination is about the money and not about the guns. Because money will get you guns much more easily than guns will ever get you money. Some dealt drugs, some dealt arms, but all three of them dealt in oil. Drugs are toxic, and arms often more trouble than they are worth. But no modern society can exist without oil.

In the world's black markets, the dieselashi is king. Even the squeamish Americans will climb out of their Stealth planes and risk a bloody land war for the black gold of the oil fields. For both the New World Order and the New World Disorder, oil is the number one source of global insecurity. Without question, oil is the most dangerous contraband in the world.

The challenge is to ensure that the firewall rules are in sync with the Web Services themselves - and it seems obvious that UDDI and WDSL should be used for this purpose.

The next challenge is to ensure that only permitted traffic travels out of the network to third-party Web Services.

A fact about JAR files that many developers don't know is that they can also be used for security purposes, both allowing code to be signed and by allowing the packages they contain to be sealed.

When Hans Kruuk studied hyenas in the Serengeti, he found that putting paint on an animal quaranteed it would be killed in the next attack. That was the power of difference.

So the message was simple. Stay together. Stay the same.

She knows, now, absolutely, hearing the white noise that is London, that Damien's theory of jet lag is correct: that her mortal soul is leagues behind her, being reeled in on some ghostly umbilical down the vanished wake of the plane that brought her here, hundreds of thousands of feet above Atlantic. Souls can't move quickly, and are left behind, and must be awaited, upon arrival, like lost luggage.

There are many things experts can see that are invisible to everyone else:

• Patterns that novices do not notice
• Anomalies - events that did not happen and other violations of expectancies
• The big picture
• The way things work
• Opportunities and improvisations
• Events that either already happened or are going to happen
• Differences that are too small for novices to detect
• Their own limitations

There are two guidelines for a reliable alerting mechanism: Keep it simple, and keep it redundant. Keeping alerts simple means to use known, stable technology that consistently works. Yes, it would be great to have XML-based alerting mechanism that tunnel over the Internet, using SSL for encryption and certificate keys for authentication. Then these alerting mechanisms would upload into an interactive database that calls a user's home phone number and in a computer-generated voice explains the situation to the security administration. While highly secure and functional, would it work? The more complexity and pieces you add to the process, the more likely something will break down somewhere.

There's a fine line between healthy mistrust of humanity and outright paranoia. It's perfectly okay to think that Microsoft is cloning huge attack dogs to further its goal of total global domination, but you don't want to say it out loud. Then, when the dogs attack, and you're the only one wearing Kevlar underpants, you'll have the last laugh.

They say a lie can run round the world before the truth has got its boots on.

He watched Lamar move slowly through the courtyard, not too fast like he was scared, chin level, squared up. Strange thinking, You learned early, Lamar, and well. To know how to walk in a place like this was a key, a basic tool for survival. Your body language showed fear, you weren't nothin' but prey.

Finally Brian spoke. "Why didn't you say something when I sent that email with the product specs and source code?"

"What email!?"

Brian stiffened. "Oh...shit!"

(see the missing chapter, http://www.wired.com/news/culture/0,1284,56187,00.html) 

Hunter's First Law: The network is an amplifier

Hunter's Second Law: When everything is known, no one knows everything

Second Corollary: People see only what they want to see, and that's usually what lies on the path of least resistance.

Third Corollary: People mostly see the exceptions: those things at the very bottom, or very top, of any scale.

What a laugh, though. To think that one human being could ever really know another. You could get used to each other, get so habituated that you could speak their words along with them, but you never knew why other people said what they said or did what they did, because they never even knew themselves. Nobody understands nobody.

And yet somehow we live together, mostly in peace, and get things done with a high enough success rate that people keep trying. Human beings get married and a lot of marriages work, and they have children and most of them grow up to be decent people, and they have schools and businesses and factories and farms that have results at some level of acceptability - all without having a clue what's going on inside anybody's head.

Muddling through, that's what human beings do.

Suurin harppaus sitten SIM-korttien käyttöönoton tullaan ottamaan lähivuosina pankkimaailmassa. EMV-standardin käyttöönotto tulee korvaamaan nykyiset magneettijuovat älykorteilla vuoteen 2002 mennessä.

We start confusing quality with elegance, brightness, weight, and other subjective things. Then even those get compared when we talk about good quality, bad quality, high and low quality, and all those things. So far today we've used the word quality fifteen or twenty times, and each meaning has been different. If we're going to have a quality improvement program, we have to agree on what the word means. We don't want an elegance improvement program, do we?

For anyone who has assempled even the most rudimentary Web site, you know this is a daunting task. Faced with the security limitations of existing protocols like HTTP, as well as the ever-accelerating onslaught of new technologies like WebDAV and XML Web Services, the act of designing and implementing a secure Web application can present a challenge of Gordian complexity.

Sekä TSM (Total Safety Management) että TSEM (Total Safety and Environmental Management System)  ovat sellaisenaan ominaisuuksiltaan rajoittuneita soveltumaan joustavasti kokonaisvaltaisen yritysturvallisuusjohtamisen malleiksi...laadunkehittämisen mallit (ISO9000, TQM) kokonaisuutena soveltuvat selkeästi paremmin yritysturvallisuuden johtamisen malliksi kuin perinteiset turvallisuusjohtamisen mallit.

Kun kansalaisten toiminta paljastuu yhä selvemmin valvojille, näiden tulee paljastaa vastaavasti omaa toimintaansa ja sitä, mitä kerätyillä tiedoilla tehdään. Valvonta ei saa johtaa yksipuoliseen kontrolliin, vaan molemminpuolisen avoimuuden lisääntymiseen.

Most software process definitions lump security into the same class as other non-functional system requirements, such as reliability, availability, portability, performance, and testability. Security does not belong within a system in a same manner as these other non-funtional requirements, however, and cannot be treated in a uniform manner.

We believe that this situation is a fundamental cause of many of the difficulties associated with introducing security into a system's architecture.

I imagine one could say: "Why don't you leave me alone?! I want no part of your Internet, of your technological civilization, of your network society! I just want to live my life!"  Well, if this is your position, I have bad news for you. If you do not care about the networks, the networks will care about you, anyway. For as long as you want to live in society, at this time and in this place, you will have to deal with the network society. Beacuse we live in the Internet Galaxy.

Mortlach 16-year-old 43%

Massiivinen tuoksu: lihaisa, savuinen ja nahkainen, siitä löytyy myös mehiläisvahaa, kuivattua luumua ja palo cortado-sherryä. Maku tulvii pitkin kitalakea jättäen jälkeensä parkittua nahkaa, mustaherukkaa ja kriikunaa. Suunnaton. ****

Remember, the enemy's gate is down

A belief in God would demand one hundred percent obsessive devotion, influencing every waking moment of this brief life on earth. But your four billion so-called believers do not live their lives in that fashion, except for a few. The majority believe in the usefulness of their beliefs - an earthly and practical utility - but they don't believe in the underlying reality.

Maybe the hardest game on the planet is convincing a hooker you're not a trick.

If there's no punishment, there's no discipline.

• At the first instance of one's desregard in following the rules, he should lose his mouse-clicking finger.
• The second instance, he should lose his mouse hand.
• The third instance he should lose his Internet connection.

Harri Koponen toimi aiemmin Ericssonin USA:n matkapuhelinmyynnin vice presidenttinä eli hän ei ollut Ericssonin ylimmän johdon jäsen, vaan kuului välijohtoon. Koposella ei ole akateemista loppututkintoa. Markkinat ja asiantuntijat olivat pettyneitä siihen, että Soneran oli pakko tyytyä näin kevyen sarjan toimitusjohtajaan. Koponen on kuitenkin huimasti parempi ratkaisu Soneran toimitusjohtajana kuin Relanderin jatko tehtävässään. Jos Relanderin tilalla Soneraa olisi vuosina 2000–2001 johtanut vaikkapa kummituseläin Papua Uusi Guineasta, olisi Sonera nyt kaikin puolin huimasti paremmassa kunnossa.

Pakkanen on tappanut enemmän suomalaisia kuin sota.

I have also been involved in numerous dot-com companies and high-tech firms throughout the country where nobody but the original programmer ever sees the computer code that gets installed in the final system.

But Hiram, his troubles dismissed, grasped the implications immediately. He glared into the air. "I wonder how many of them are watching us right now?"
Mavens said, "Who?"
"In the future. Don't you see? If he's right this is a turning point in history, this moment, right here and right now, the invention of this, this past viewer. Probably the air around us is fizzing with WormCam viewpoints, sent by future historians. Biographers. Hagiographers."
He lifted up his head and bared his teeth. "Are you watching me? Are you? Do you remember my name? I'm Hiram Patterson! Hah! See what I did, you arseholes!"

And in the corridors of the future, innumerable watchers met his challenging gaze.

There is simply no substitute for applications that employ secure defaults.

The coding cowboy's day is done. There was a time when everyone admired the brilliant programmer who worked in self-imposed isolation, creating powerful functions and elegant user interfaces, ingratiating himself with the user community while ignoring his colleagues and his project manager. He had the panache of a rock star and the vanity of a prima donna. Unfortunately, when he rode off into the sunset his code turned out to be undocumented, unextendable, and unmaintainable.

If death could snatch such heavy hitters as Elvis and JFK, a nobody like me is easy pickings.

Never trust anyone you don't understand.

"Did you get a phone call from someone you love?" Cousins asked.

"Yeah," I said.

"Your dead wife?"

"Yeah..."

"What was your cut?" Ray asked.

"Fifty percent off the top for the lawyers, then expenses, the rest went to the clients. That's the bad part of a contingency contract - you have to give half to the client. Anyway, I had other lawyers to deal with, but I walked away with three hundred million and some change. That's the beauty of mass torts, Ray. Sign 'em up by the truckload, settle 'em by the trainload, take half off the top"

So the Web is moving from what we could call the HTML Web - the Web that Tim Berners-Lee developed to publish information - to what will be a next-generation semantic Web, in which information will still be linked and so forth but won't be intended principally for human consumption. It will be intended and structured for processing by software, and if that happens we'll still call it the Web but it will be based not on HTML but on XML. Still, my guess is that the next big Web will be something more - something that we haven't thought of yet or that Tim Berners-Lee hasn't thought of yet, because that's the way it usually goes on the Web. Surprise, surprise, surprise.

...

"The Internet was never built for commerce!" they swoon. "The purpose of the Internet was..." - and then they simply make up stuff about what the purpose was, as if it matters what the purpose was at the beginning. It doesn't matter what was, it just matters what is. And what the Internet has proven, despite the inflation and deflation of the dot-com bubble, is the future of commerce.

Bob Metcalfe

An investment is not a statement of who you are. Stocks are simply a way to increase your wealth.

Sivistys, niin kuin sen itse ymmärrän, on ensisijaisesti vapaa-ajan tuote. Sivistyksen taito on siis ennen kaikkea vetelehtimisen taitoa. Se, joka on kaikkein viisaimmin jouten, on kiinalaisesta näkökulmasta kaikkein sivistynein. Kiireen ja viisauden välillä näyttää nimittäin olevan filosofinen ristiriita. Viisaat eivät pidä kiirettä, ja liian kiireiset eivät voi olla viisaita. Viisain on siis se, joka vetelehtii kaikkein kauneimmin.

Lin Yutang, 1938

Even if you trust a man not to play certain cards, there's no point in dealing them to him.

Suomessa analyytikot ovat tuttuja vieraita yritysten hiihtomatkoilla Saariselällä. Jopa viikon kestävät kevätseminaarit sisältävät vähän asiaa ja paljon vapaa-aikaa. Analyytikot ovat päässeet nauttimaan yritysten vieraanvaraisuudesta myös formulakisoihin maailman kilparadoille. Kyllä toimitajiakin Lappiin kutsutaan ja heihin yritetään vaikuttaa, mutta yritysjohdon ja analyytikkojen välinen kanssakäyminen on suoraviivaisempaa. Jos analyytikko pettää luottamuksen, ja laatii negatiivisen raportin, sen tuntee helposti nahoissan.

"Here, my dear, is what we did last Christmas. Six thousand, one hundred dollars we spent on Christmas. Six thousand, one hundred dollars."

"I heard you the first time."

"And precious little to show for it. The vast majority of it down the drain. Wasted. And that , of course, does not include my time, your time, the traffic, stress, worry, bickering, ill-will, sleep loss - all the wonderful things that we pour into the holiday season."

Oma periaatteeni on aina ollut, ettei mulkkujen kanssa tehdä päivääkään töitä, ja  uskon että valtaosalla wapitilaisista oli sama filosofia. Niinpä yksi tärkeimmistä keinoista pitää ihmiset töissä on olla olematta mulkku.

Bad software is to blame.

Viime kädessä yrityksen tai palveluyrityksen toimitusjohtaja vastaa siitä, että yrityksen järjestelmät tuottavat oikeaa tietoa.

Kuten vanha sijoitussääntö kuuluu: sijoittamisessa täytyy muistaa vain kaksi asiaa.

1) Älä koskaan häviä rahaa.
2) Muista aina sääntö numero 1.

Laitakari puhui kiihkeästi."...jos analysoitte meidän tuotteitamme, huomaatte että olemme edelläkävijöitä. Olemme kehittäneet ensimmäisen langattomien lähiverkkojen tietoturvan takaavan..."

Tommilan kuiva nauru keskeytti Laitakarin vuodatuksen: "Ensimmäinen ei mekitse mitään. Boeing 747:n siipien väli on pidempi kuin Wrightin veljesten ensimmäinen lento. Me olemme kehittänet teidän ainoan kunnollisen tuotteenne toimivaksi", hän sanoi.

Nyt alkaa juhlivan viherväen ja jopa rauhallisuudestaan kuuluisan kuuluttajan kärsivällisyys pettää. Kun osallistutaan tällaisille päiville, joilla pohditaan maapallon tulevaisuutta, niin kannattaa vähän miettiä, miten käyttäytyy. Muut on otettava huomioon. Siis kerran vielä. Olkaamme toistemme veljiä. Ystävällisesti pyydämme tätä mulkkua, joka ei voi millään siirtää Ford Escortia Yleisradion auton edestä, siirtämään sen purkkinsa ja sassiin. Tiedonvälitys kärsii. Sananvapautta rajotetaan. Siirrä heti, kuka oletkin arvoisa kansalainen, autosi vittuun.

Four basic values of project management:

• Cooperation
• Teamwork
• Trust
• Effective communication

Overnight the Finns had gone from being celebrated mainly for their tendency to drink too much and then kill themselves to being heralded as the geniuses who built the most advanced communications industry on the planet. They done this in spite of being personally uncommunicative, the only people I have ever met who, as they become drunk, grew even more silent.

Vuonna 1986 Kairamo puhui Tukholmassa suomalais-ruotsalaisen kauppakamarin 50-vuotisjuhlilla. Hänen aiheensa oli varsinaisesti "Pohjoismainen teollisuus ja pohjoismaiset yritykset". Puhe saavutti huippukohtansa, kun Kairamo otti taskustaan kännykkänsä, joka oli liitetty puhujapöntön mikrofoniin. Hän soitti Tukholman taksikeskukseen tilatakseen taksin. Hän odotti ja odotti. Mitään ei tapahtunut. Sitten puhelunvälittäjä vastaa:
- Ei ole vapaita autoja. Joudutte odottamaan hetken.
Näin Kari Kairamo havainnollisti, mihin kilpailun rajoitukset johtavat.

People in the computer industry are well aware of the innumerable difficulties, but they sometimes defend their failed practices as part of the price we must pay for progress and innovation. One often hears the statement "There are always bugs." Such an outlook makes it sound as if defective products and flawed systems are inevitable. And it quickly becomes an excuse for shoddy work - software products that are badly designed, poorly tested and rushed into the marketplace.

A recurring theme is the correlation between quality and security. For example, it has been shown that investment in software quality will reduce the incidence of computer security problems, regardless of whether security was a target of a quality program or not; and that most effective quality measure from the security point of view is the code walk through.

Yhtiön tärkein yksittäinen menestystekijä on sen toimitusjohtaja. Loppujen lopuksi yhtiön menestys tai menestymättömyys riippuu ratkaisevasti yhden henkilön taitavuudesta ja tarmokkuudesta. Sijoitus pörssiosakkeeseen on samalla sijoitus ihmiseen. Pörssiyhtiöitä verrataan tunnuslukujen valossa, mutta yhtä tärkeää on selvittää tunnuslukujen taustat. Liikeyritys ei ole mitään ilman ihmisiä ja erityisesti sen avainhenkilöä, joka kantaa vastuun päätöksistä.

Anyway, my sister was telling me how she thought that Stephen was a cyber virgin, or did she say virtual virgin?

Oh dear, now what was the distinction again?

You know, a cyber virgin has never had intercourse outside of virtual reality, whereas a virtual virgin has never had intercourse with a real person, even in virtual reality.

How about someone who has never been intimate with a real or simulated person in real or virtual reality?

Hmm, we don't seem to have a term for that.

There has never been a lack of hostile people with a motive to attack. Aggression is as old as Cain and Abel. Until recently, very few people had the means or the opportunity. The geometric growth of the Internet has provided attackers with these last two ingredients.

One result of the Internet's growth has been an upsurge of attacks against people, products, and institutions that can be launched anonymously and, therefore, with impunity. Fake names and addresses easily conceal the true identity of the user. The Internet thus allow anyone to make fun of Mike Tyson's lisp from the safety of his own den, something he would never do if he saw Tyson on the street.

What would be the point of cyphering messages that very clever enemies couldn't break? You'd end up not knowing what they thought you thought they were thinking...

On May 3, 1863, Idestam visited Lüders's factory and persuaded his colleagues to demonstrate the operations of the mill. As they were displaying the new manufacturing equipment, Lüders heard of the presentation and rushed to the scene. He had spent years designing the new process, had invested significant capital in the new machinery. and had no desire to be a gracious host. Lüders ejected Idestam for trying to gather information on a proprietary technology - what he deemed to be industrial espionage. Despite the precipitous end to Idestam's visit, he had seen and heard enough to believe he could create in Finland what he had seen in Germany.

Humans are destined to be party animals, and technology will follow.

Don't design your CRM systems from the inside out to serve your employees. Design them from the outside in to serve your customers...Then give that same information and assistance to the employees who serve your customers...Once you've provided customers and customer-facing employees with the information and streamlined processes that customers care about, you can add functionality that may be of value to your direct sales organization or to your marketing department.

That's the thing about being a Labrador retriever - you were born to fun. Seldom was you loopy, freewheeling mind cluttered by contemplation, and never at all by somber worry; every day was a romp. What else could there possibly be to life? Eating was a thrill. Pissing was a treat. Shitting was joy. And licking your own balls? Bliss. And everywhere you went were gullible humans who patted and hugged and fussed over you.

Security staff are paid to be paranoid. It's a definite job requirement and should be listed in the job advertisements.

The NSA, the CIA, and the FBI all want to prove they are the best at apprehending criminals, so the president gives them a test. He releases a rabbit into the forest and commands each of them to catch it. The NSA places animal informants throughout the forest and interrogates all plant and mineral witnesses. After three months of extensive investigation, it concludes that rabbits do not exist. The CIA, after two weeks with no leads, burns down the forest, killing everything in it, including the rabbit, which an unnamed agency source announces had it coming. The FBI takes only two hours to emerge from the forest with a badly beaten bear. The bear is yelling: "Okay, okay, I'm the rabbit, I'm the rabbit."

None of the architectures is perfect for all situations. Each PKI architechture has its own strengths and weaknesses. By understanding your organization and its requirements, you will be able to choose the architecture that best meets those needs: 

• single CA
• CA list
• hierarchical PKI
• mesh PKI
• extended CA list model
• cross-certified enterprise PKIs
• bridged PKI

Did these pioneers of cryptography indeed use their own system to protect their ideas? "I remember our decision was, 'Naaah, it's too much trouble,' " says Adleman. "Too much work to encrypt it. And we never did." The irony was lost on them. But the reality was they were harboring big-time hopes for a technology that even its inventors considered a pain in the ass to use!

In the past, you belonged to the elite when you no longer had to run from one place to the next, working all the time; nowadays, the elite consists of people perennially on the move, taking care of urgent business on their mobile phones and always trying to survive some deadline.

http://www.hackerethic.org/

GNU/Linux and the open source projects are not about software code only - they are also about freedom, sharing, and community; they are about creation, beauty, and what hackers call "fun" - though "joy" would be nearer the mark. They are about the code within that is at the root of all that is best in us, that rebels against the worst, and that will exist as long as humanity endures.

He'd have furnished it (the gun) with no questions asked. But now I'd have to get it somewhere else. Because now he would know what I wanted it for. He might provide it, but my asking for it would be an abuse of our friendship. And that is something I take seriously. like sobriety, or suicide.

They were farmers, hardworking men who embraced pessimism only when discussing the weather and the crops. There were too much sun, or too much rain, or the threat of floods in the lowlands, or the rising prices of seed and fertilizer, or the uncertainties of the markets. On the most perfect of days, my mother would quietly say to me, "Don't worry. The men will find something to worry about."

While inside DeTeMobil, SKiMo also learned how to interpret some of the mapping and signal-strength data. The result? If one of the company's customers has his mobile turned on, SKiMo says he can pinpoint the customer's geographic location to within one kilometre. The customer doesn't even have to be talking on the mobile. All he has to do is have the phone turned on, waiting to receive calls. 

SKiMo tracked one customer for an afternoon, as the man travelled across Germany, then called the customer up. It turned out they spoke the same European language. 

`Why are you driving from Hamburg to Bremen with your phone on stand-by mode?' SKiMo asked. 

The customer freaked out. How did this stranger at the end of the phone know where he had been travelling? 

SKiMo said he was from Greenpeace. `Don't drive around so much. It creates pollution,' he told the bewildered mobile customer. Then he told the customer about the importance of conserving energy and how prolonged used of mobile phones affected certain parts of one's brain. 

http://www.underground-book.com/ 

From start the finish, it took the Bank of Bermuda 25 months to implement the PKI.

From start to finish, Perot Systems implemented PKI for VPN within 25 months.

Idaho National Engineering and Environmental Laboratory took just 17 months from conception to its first PKI production rollout.

It took U.S. Patent and Trademark Office just three months from the time it finished developing its master plan to deploying its first PKI pilot, and an additional 15 months for its first deployment for internal operations.

Where Ruesch knew that it would use some form of authentication and encryption, it took the company only six months to implement its PKI from start to finish.

The law and justice are not synonymous, amigo. Not in this country, not in my country, not in any country. Never have been. Never will be.

Mundus vult decipi

Poliitikolle ja sudelle oli yhteistä se, että molemmat hakivat johtajuutta. Oli raaka luonnonhistoriallinen totuus, että johdettavuus on ihmiselle ja monille muille nisäkkäille kuuluva tärkeä yhteinen biologinen ja periytyvä ominaisuus. Nisäkäs nimeltä Homo sapiens alistui vaistomaisesti johdettavaksi - ilman johtajuuden kunnioittamista lauma ja yhteisö ei toimisi.

Fermentaatio on taianomainen kemiallinen prosessi, jonka monimutkaista kulkua ei täysin tunneta. Tupakan kemiallinen koostumus muuttuu jokaisen fermentaatiovaiheen aikana. Nikotiinin, tervan, ammoniakin ynnä muiden epäpuhtauksien määrä vähenee ja tupakan happamuusaste alenee. Tämän seurauksena sikaritupakka on maukkaampaa, miellyttävämpää ja yleisen arvion  mukaan myös vähemmän haitallista kuin vähemmän käynyt tavallinen savuketupakka.

I have nothing more to say than this: We are all of us standing on the brink of Hell.

"Bless me, Fatha, for I have sin. I kill seven people that time I'm still a boy and we kill the inyenzi, the cockroaches. I kill four persons in the church the time you saying the Mass there and you see it happen. You know we kill five hundred in Nyundo before we come here and kill I think one hundred in this village before everybody run away."

This is the nature of the Internet. Flame wars target people with unpopular views, attack the weak networks, ignore the web sites with nothing to offer, and support an ecommerce engine bound to continue creating untold billions in paper wealth as we learn how to coexist with this global network we have built.

Dabbling in U.S. domestic politics, hackers have made their presence felt. In the early days of her campaign, some Web surfers found it impossible to reach Hillary Clinton's Web site (www.hillary2000.org). Their browsers would go automatically to a rival site (www.hillaryno.com), maintained by Friends of Giuliani (her former potential rival for a New your Seanate seat) instead.

Information security laws:

• Client-side security doesn't work.
• You can't exchange encryption keys without a shared piece of information.
• Viruses and trojans cannot be 100 percent protected against.
• Firewalls cannot protect you 100 percent from attack.
• Secret cryptographic algorithms are not secure.
• If a key isn't required, you don't have encryption; you have encoding.
• Passwords cannot be securely stored on the client unless there is another password to protect them.
• In order for a system to begin to be considered secure, it must undergo an independent security audit.
• Security through obscurity doesn't work.
• People believe that something is more secure simply because it's new.
• What can go wrong, will go wrong.

If J. Random Websurfer clicks on a button that promises dancing pigs on his computer monitor, and instead gets a hortatory message describing the potential dangers of the applet - he's going to choose dancing pigs over computer security any day.

The users of an intrusion detection system hold the keys to the ultimate success or failure of the technology. Knowledgeable users can compensate for the inherent weaknesses of a particular package, whereas inept or hostile users can nullify the value of even the best system design and implementation.

"Yksi tuttu investointipankkiiri kertoi minulle hiljattain, että heille oli tullut taas kolme kappaletta hakemuksia, joissa haettiin riskirahoitusta wappi-deitti-palvelun tekemiseen."

"Minähän olin revetä, kun tietää, miten vähän wappeja on ja minkälaisilla ihmisillä. Mieletön nissipalvelu: homoinsinöörit voi deittailla keskenään! Miksi rakentaa deittipalvelu sellaisille laitteille, joiden käyttäjäkunnassa ei ole yhtään naista?"

 Sallamaari Muhonen

A consistent directory strategy across and between enterprises is becoming more critical. This is due to the changing nature of business relationships and the need for more accurate information, reduced administration costs, and better security, as well as the complexity of distributed computing platforms.

Our boss came in and asked, "Wendl! What are you doing?"
 Wendl said, "I'm thinking." 
And the boss said, "Can't you do that at home?"

There's three things in software: quality, features and schedule. The problem is that you only get to pick two.

Unfortunately, this category of secrecy is itself so secret that its very existence is secret, and so he can't actually reveal it to anyone - unless he finds someone else with Ultra Mega clearance.

She was talking to a kid with brain damage, right? A kid who doesn't get out of the house too much, right, because he gets lost in the neighborhood? And she asked him if he had ever found a system that he couldn't eventually get into. And Matt Singer paused a long time before giving his considered response: No.

There are infinitely many ways to lose a day...but not even one to get one back.

Intrusion detection is the process of identifying and responding to malicious activitys targeted at computing and networking resources.

"Matter of fact, I got a car. An American fuckin' car. Made in the motor city US-fuckin'-A, out of sweat and American steel" - Wayne's voice began to rise - " not some fuckin' wop, faggot, greaseball-built pile of tin shit for queers! A Lamborghini! Bruce, I am surprised at you."

At conferences, the number one question people ask me is, "How much does it cost to build a good web
site?" What do these people want to hear? They want to hear some low number, so they can go ahead
with their plans. They expect me to say something like, "Well, for a small site, it's this much; for a
medium-sized site with a shopping cart, this much." They want to hear the secret to saving money.
Instead, I give the same answer every time: "How much does it cost to have a baby? The lifetime cost of
keeping your commitment is much higher than the initial cost of delivery."

http://www.futurizenow.com/

The history of computing is littered with unsuccessful standards that sought reliability through specification rather than experience.

IP networks and security technology will become increasingly integrated over the next several years. Regardless of organizational or philosophical barriers, network and security managers should plan on being bunkmates and close collaborators for the long term.

Networks become less like fixed plumbing and more like ad hoc furniture arrangements configured for particular, temporary purposes.

"It's called extortion, Quince, and you're caught. It's cruel and mean and criminal, and I don't care. I need money, and you have it."

She guessed that was what they meant by it being addictive. That she'd gotten just that little edge of it off the country singer sticking his tongue in her mouth and now the actual molecules of diz were twanging at receptor sites in her brain, saying gimme, gimme.

suomalaisten yritysten tietoturvallisuusasioiden ylläpitoon ja kehittämiseen liittyvät asiat ovat huonolla tasolla verrattuna vastaaviin hyvin hoidettuihin ulkomaalaisiin yrityksiin

You're too busy "doing business" to answer our e-mail? Oh gosh, sorry, gee, we'll come back later. Maybe.

http://www.cluetrain.com/

Enterprise Javabeans promises to revolutionize the way we think about developing mission-critical enterprise software. It combines server-side components with distributed object technologies such as CORBA and Java RMI to greatly simplify the task of application development. It automatically takes into account many of the requirements of business systems: security, resource pooling, persistence, concurrency, and tranactional integrity.

Within a day and a half, I had compromised twenty-eight of the company's twenty-nine top development projects and collected over a billion dollars' worth of sensitive information. And no one even noticed me.

En halunnut riitaa. En sanonut, että vain naiset pitivät keskustelua muusta elämästä irrallisena tapahtumana, jossa istutaan sohvalla, pidetään toista kädestä ja ynistään moneen kertaan sovittuja asioita. Tajusin, että minun pitäisi lähiaikoina käydä keskustelu, jossa käytetään ilmauksia "avautua" ja "voimmeko me kohdata ihmisinä". Otin kynän ruukusta ja merkitsin asian muistiin Hesarin kulmaan, jonka repäisin taskuuni. Vaimo kysyi mitä tein. Sanoin pelastavamme liittomme.

I just sat there and took it. The way I always do - fear and rage dancing inside me, nothing showing on my face.

"You're saying you get an indicator that she is returning before she has left?"

Security should present no impediment to the user in terms of hindering him/her from doing the tasks
that need to be done. Security should require of the user no special knowledge, should demand of the
user no special procedures, and should burden the user with no special delays.

"For years I've been waiting for nature to react our environmental bullshit, tell us to stop overpopulating
and depleting resources, to shut up and stop messing around and just die. Species-level apoptosis. I think
this could be the final warning - a real species killer"

"Time is a gentle deity," said Sophocles. Perhaps it was, for him. These days it cracks the whip.

The krewe always played poker with European cash. There was American cash around, flimsy plastic stuff, but most people wouldn't take American cash anymore. It was hard to take American cash seriously when it was no longer convertible outside U.S. borders. Besides, all the bigger bills were bugged.

Kun myynti sujuu, elämä hymyilee. Kun myynti ei suju, pyhimmätkin lehmät teurastetaan.

Out of the box, NT is configured to give away just about any piece of information a hacker would desire, and then some.

Nowhere is the labor market so twisted as in Silicon Valley. At the Shoreline Cineples in Mountain View, before the lights go down and the previews roll, all the ad slides between movie trivia questions are for jobs. Outside every expresso shop stand shiny blue news racks stuffed with thick, free career magazines: zero percent editorial, 100 percent recruitment advertising. One of the best ways to get rid of a troublesome coworker is simply to give out his name to a few headhunters, who will quickly bombard the guy with so many offers that he will resign on his own within the month. In the ultimate perversion, companies hire headhunters to telephone their own employees (without identifying that's who they're really working for), in order to discover which ones are unhappy and vulnerable to being picked off. Do they fire these troublemakers? Odds are they'll be placated with a raise or a spontaneous performance bonus of two thousand stock options.

The venator had looked at him. Peter had sensed the wildness and the pent-up fury. He felt as if he had stared into the throat of a tornado and just barely escaped.

1.Build a Brand That Stands for Solving Problems 
2.Allow Your prices to Fluctuate Freely with Supply and Demand 
3.Let Affiliate Partners Do Your Marketing for You 
4.Create Valuable Bundles of Information and Services 
5.Sell Custom-Made Products Online, Then Manufacture Them 
6.Add New Value to Transactions Between Buyers and Sellers 
7.Integrate Digital Commerce with Absolute Everything 

Roy looks at me, he says, "I'm getting out of here before I catch that new kind of AIDS." Boylan says, "What kind is that?" Roy says, "Hearing AIDS. You get it from listening to assholes."

You sure that's what you want to say? `If I was fucking with you, man, you'd know it?´ The `If I was fucking with you´ part is okay, if that's the way you want to go. But then,`you'd know it´- come on, you can do better than that.

The incident handling team needs to have a senior executive in the organization as its sponsor or champion. The handler must be able to look that very young, very successful program manager droid, who has axed many a promising technical person on a whim, in the eye and say, "Yes, I know how important this system is . We will save as much of data as your people have properly backed up, but the operating system is toast."

Yritykset, jotka hallitsevat asiakkuuksia verkossa, voivat ottaa vahvan roolin verkkokaupassa ilman, että niiden tarvitsee rakentaa toimitusketjua ja asiakaspalveluun liittyviä järjestelmiä. Nämä toiminnot voidaan ulkoistaa näille alueille erikoistuneille yrityksille.

Software is always whining at me with confirmation dialog boxes and bragging to me with unnecessary little status bars. I don't want or need to know how hard the computer is working. I am not interested in program's crisis of confidence about whether or not to purge its recycle bin. I don't want to hear its whining about not being sure where to put a file on disk. I don't need to hear the modem whistling or see information about computer's data transfer rates and it's loading sequence, any more than I need information about the bartender's divorce, the hairdresser's broken down car, or the doctor's alimony payments.

A system needed to be developed that has all the benefits of X.500, but which is easy to implement and runs on the widespread TCP/IP protocols. This is where LDAP comes in.

Information security is mostly an inarticulate, incomplete, incorrect folk art disguised as an engineering and business discipline.

"Victor," JD shouts from behind me. "Can you tell the difference between a platitude and a platypus?"
"One's a ... beaver?"
"Which one?"
"Oh god, this is hard," I moan. "Where's my publicist?"

Hyvän salausjärjestelmän tulee toteuttaa Kerckhoffin periaate (Auguste Kerckhoff, 1835-1903), minkä mukaan järjestelmä on varma, vaikka kaikki sen salaus- ja purkuprosessien yksityiskohdat julkistetaan lukuunottamatta salaista avainta.

Wow, look at all the places someone can screw up security!

LDAP directories have risen from a relatively obscure offshoot of an equally obscure field to become oneof the linchpins of modern computing on the Internet. Increasingly, LDAP directories are becoming the nerve center of an organization's computing infrastructure, providing naming, location, management, security and other services that have traditionally been provided by network operating systems.

Rottakuningas tarkoittaa sitä, että liian monta rottaa elää liian pienessä tilassa liian kovan paineen alaisena. Niiden hännät kietoutuvat yhteen ja mitä enemmän ne yrittävät ponnistella päästäkseen vapaiksi, sitä tiukemmaksi kiristyy solmu, joka sitoo ne yhteen, kunnes tuloksena on tiukasti yhteen kasvanutta kudosta,

I don't care who gets the money. But I do care very much who doesn't get it.

It is clear that over the next 10 to 20 years, the role and function of government will change more than it has over the previous 200 years.

Lähivuosina television, tietokoneiden, pelikoneiden ja pelihallien viihdetuotantoon on tulossa useita uusia muotoja (kyberelämät, pelimaailmat, virtuaaliseikkailut, oppimismaailmat, verkkoviihteen uudet muodot jne.). Oleellista on, että suuri osa niiden tuotannosta edellyttää isoja investointeja. Koska ihmisten elmästä todennäköisesti yhä suurempi osa kuluu viihteen parissa, viihteen tuotantotavoilla on huomattava merkitys. Tämä vaikuttaa mm. ihmisten asenteisiin ja arvoihin, maailmankuvaan, viihdetuottamisen muotoihin ja rakenteisiin, taloudellisiin rakenteisiin sekä jopa politiikan tekemisen muotoihin.

Noihin aikoihin hän löysi laboratorion roskakorista palkkashekin kannan. Se kuului eräälle teknikolle, joka oli tullut paikalle Portsmouhtista. He olivat ensiluokkaisia teknikkoja, ja koska he olivat teknikkoja, he saivat maksun ylitöistä. Insinöörit olivat ammattilaisia, heille ei niistä maksettu. 

"Savolainen yritti kaapata lentokoneen - Finnair ei ostanut!"

"Kun alkaa vittuilla, pitää kanssa osata."

"Miten mehiläispuusta saa hunajaa", sanoi Puh kiireesti, koska hän ei halunnut jäädä keskustelusta syrjään
ja sitä paitsi halusi todella kuulla ratkaisun. "Se on pohdittava kysymys ja myös vaikeasti ratkaistava asia
jota koetetaan selvittää, jos mehiläiset ovat vastahakoisia."

If a civil liberties group can build a DES Cracker for $200,000, it's pretty likely that governments can do the same thing for under a million dollars. (That's a joke.) Given the budget and mission of the US National Security Agency, they must have started building DES Crackers many years ago. We would guess that they are now on their fourth or fifth generation of such devices. They are probably using chips that are much faster than the ones we used; modern processor chips can run at more than 300 MHz, eight times as fast as our 40 MHz chips. They probably have small "field" units that fit into a suitcase and crack DES in well under a day; as well as massive central units buried under Ft. Meade, that find the average DES key in seconds, or find thousands of DES keys in parallel, examining thousands of independent intercepted messages.

XML doesn't go nearly as far as SGML in requiring conformance to standards, but it may still come as a shock to HTML developers. XML standards refer to processors (parsers), not to browsers, because much XML development will be intended for machine-readable data applications rather than graphically exciting web pages.

- "All I can do is to quote Confucius's greatest line."
- "What's that?"
- "It beats the shit out of me, baby."

The most effective way to improve the performance of PC hardware running Windows is to erase Windows and install a version of Unix for Intel, such as Linux, Solaris x86, FreeBSD, BSDI, or SCO Unix.

It is a very humbling experience to make a multimillion-dollar mistake, but it is also very memorable.

The man-month is a fallacious and dangerous myth, for it implies that men and months are interchangeable.

How does a project get to be a year late?
...One day at a time.

Three axioms of insecurity:
1. Insecurity exists
2. Insecurity cannot be destroyed
3. Insecurity can be moved around

If you have to add a sign that says push or pull then this indicates that the door is not as simple as is possible; it's design is faulty. 

I perform keiko in order to strike just one perfect men.

Anything that make employees unhappy makes the stock price go up.

Search engines become bandages for sites with poorly designed browsing system.

How in hell can anyone disguise an entire star system?

Most projects are 10% ideas, 20% implementing them, and 70% communication.

Few false ideas have more firmly gripped the minds of so many intelligent men than the one that, if they just tried, they could invent a cipher that no one could break.