1. Beware the justice of Nature.
2. Understand that there can be no successful human economy apart from Nature or in defiance of Nature.
3. Understand that no amount of education can overcome the innate limits of human intelligence and responsibility. We are not smart enough or conscious enough or alert enough to work responsibly on a gigantic scale.
4. In making things always bigger and more centralized, we make them both more vulnerable in themselves and more dangerous to everything else. Learn, therefore, to prefer small-scale elegance and generosity to large-scale greed, crudity, and glamour.
5. Make a home. Help to make a community. Be loyal to what you have made.
6. Put the interest of the community first.
7. Love your neighbors–not the neighbors you pick out, but the ones you have.
8. Love this miraculous world that we did not make, that is a gift to us.
9. As far as you are able make your lives dependent upon your local place, neighborhood, and household–which thrive by care and generosity–and independent of the industrial economy, which thrives by damage.
10. Find work, if you can, that does no damage. Enjoy your work. Work well.

Discovered via Scott Walters.

This happens:

I tried once or twice to press this point when I was serving my brief stint in the security world. Unfortunately I didn’t have much clout with the big names of SELinux, because I’ve never been a “real” security guy. I was more of a product & usability guy, living as a guest in their world. It’s a smart world, too. Hell, I’m lucky enough to count many good friends there, and these are not low-watt bulbs, let me tell you.

But it always made me sad that the community never felt willing to really, really internalize a respect for the user, or to entertain the crazy concept that maybe, maybe security doesn’t have to be quite this hard. Yes, real security exposes the thorny complexity of operating systems, and yes, it’s reasonable to say you need to know something about security to do it right. But with the right tools—and perhaps more importantly the right attitude—I think we could make some real usability improvements in the world of security.

 
P.S.: For the record, I was trying to figure out how to disable the audio on a Wiimote.

I didn’t link to the essay at the time, but I sure as hell am now. Why now? Maybe it was all those idiotic “Terror Tips? Report Suspicious Activity” highway signs I saw this Thanksgiving. Or maybe it was Schneier’s followup post where he describes a man in the UK who “had gone into a diabetic coma on a bus” and therefore “was shot twice with a Taser gun by police who feared he may have been a security threat.” I have a loved one with type 1 diabetes, and that just makes my blood boil. 

This is just f&!king unacceptable, people. Schneier is right: fear is winning. Refuse to be terrorized.

I’ll end this on a positive note. My sister recently sent me a link to the interview with Barack Obama at Google. After watching it, I went and sent the guy some money. I love this guy. He gets it. He gets that a culture of fear is not acceptable. And he gets a lot of other things too. He’s genuine, he’s wicked smart, and he gets my vote.

Elizabeth: Hello?

Phone Scamming Scumbag: [Spoken smoothly and officially.] Hello, we are conducting market research today. Are you over the age of 18?

E: Yes.

PSS: What is your income level: over 15,000 a year, over—

E: —I’m sorry, I don’t feel comfortable telling you my income level. What is the survey for?

PSS: I’m sorry, I don’t feel comfortable telling you what the survey is for.

[click]

Before sending any more email, please consult the following brief checklist:

• Do the recipients of your email have access to your public PGP key?
• Do the recipients of your email give a damn about who wrote your email?

Hint: if you cannot answer yes to at least one of these questions, you should not be signing your email. The degree to which you should not be signing your email is directly proportional to the number of recipients.

Thus, in the following equation,

Large public discussion list + PGP key unavailable even on your website + generic query for which the author is irrelevant anyway = why are you polluting the signal with a PGP hash?

Technology, indiscriminately applied, is unhelpful at best. So stop with the hashes already.