Johnny Horton - Battle Of New Orleans

We are fresh off of President's Day, and this is one of the few country songs that name-checks a President. 

Don't buy TP-Link home firewalls

This is pretty skeevy:

TP-Link is facing legal action from the state of Texas for allegedly misleading consumers with "Made in Vietnam" claims despite China-dominated manufacturing and supply chains, and for marketing its devices as secure despite reported firmware vulnerabilities exploited by Chinese state-sponsored actors.

The Lone Star State's Attorney General, Ken Paxton, is filing the lawsuit against California-based TP-Link Systems Inc., which was originally founded in China, accusing it of deceptively marketing its networking devices and alleging that its security practices and China-based affiliations allowed Chinese state-sponsored actors to access devices in the homes of American consumers.

Anyone who has ever ordered something from Amazon that looked like a good deal, only to discover that the photos weren't exactly depicting what you got - you know that the People's Republic of Chine (a.k.s. PRD, a.k.a. Red China a.k.a. West Taiwan) has a very different (dare we say "predatory") concept of truth in advertising than we do on these shores.

Me, I wouldn't buy one of these things on a dare.  FYI, they are something like 60% of the market because they're cheap. 

 

Photo Editing - A Tale in Three Pictures

 In the great digitization of all my family photos I came across this image.

 The story is that the boy in the picture was mad one day and he tore, crumpled, and poked holes in the picture. It was saved anyway because there not many pictures and you could still see the image.

I worked on it in GIMP, because Photoshop costs too much for how often I would use it, and managed, despite my woeful lack of skills, to get it looking like this.

  

 

This is how I put it in the archive I created, alongside the original. 

 

Recently, I read an article on using AI to repair damaged photos and thought of this image, so I gave it a try. The image I uploaded was this second image, the one I had labored over for a couple of hours. What I got back in about 90 seconds was this.

 

 

 

 

There's valid concerns about where all of this is going, and so much of the AI generated stuff on FB and YouTube is terrible, but this is amazing. I have a handful of pictures I scanned and saved because they seemed important to the family story in some way but are damaged, faded, or in need of color balancing. I'm hoping for more results like this.
 

 

Hallucinations come to Mass.gov

Okay, okay - Mass.gov has been hallucinating for years and years.  But now they're automating things:

Today, Governor Maura Healey announced the launch of the ChatGPT-powered Artificial Intelligence (AI) Assistant for the state’s workforce, with the goal of making government work better and faster for people.  

"Open the pod bay doors, HAL." 

Louis Jordan - You Can't Get That No More

Is this plausibly the first rap song?  Probably not because it's actually a fun listen. 

Spotted by The Queen Of The World.

Secure Your Home Network: Why Mint Linux?

I've recommended Mint Linux before, but this is a great overview of why users new to Linux should consider Mint.

Tomorrow we'll talk about how a seasoned IT guy has moved from Windows to Linux.  Spoiler alert: it's less technical work to make Linux work right than it is to make Windows work. 

President's Day - Best and Worst Presidents

I've posted this each President's Day for quite some time but have found no reason to adjust the rankings.

It's not a real President's birthday (Lincoln's was the 12th, Washington's is the 22nd), but everyone wants a day off, so sorry Abe and George, but we're taking it today.  But in the spirit intended for the holiday, let me offer up Borepatch's bestest and worstest lists for Presidents.

Top Five:

#5: Calvin Coolidge

Nothing To Report is a fine epitaph for a President, in this day of unbridled expansion of Leviathan.

#4. Thomas Jefferson.

Jefferson is perhaps the last (and first) President who exercised extra-Constitutional power in a manner that was unambiguously beneficial for the Republic (the Louisiana Purchase).  He repealed Adam's noxious Alien and Sedition Acts and pardoned those convicted under them.

#3. Grover Cleveland. 

He didn't like the pomp and circumstance of the office, and he hated the payoffs so common then and now.  He was so famously incorruptable that he continually vetoed pork spending (including for veterans of the War Between the States), so much so that he was defeated for re-election, but unusually won a second term later.  This quote is priceless (would that Latter Day Presidents rise so high), on vetoing a farm relief bill: "Federal aid in such cases encourages the expectation of paternal care on the part of the Government and weakens the sturdiness of our national character."  I highly recommend his biography Man Of Iron.

#2. Ronald Reagan

He at least tried to slow down the growth of Leviathan, the first President to do so in over half a century (see entry #5, above).  He would have reduced it further, except that his opposition to the Soviet fascist state and determination to end it cost boatloads of cash.  It also caused outrage among the home grown fascists in the Media and Universities, but was wildly popular among the general population which was (and hopefully still remains) sane.

#1. George Washington

Could have been King.  Wasn't.  Q.E.D. 

Bottom Five:

#5. John Adams.

There's no way to read the Alien and Sedition Acts as anything other than a blatant violation of the First Amendment.  It's a sad statement that the first violation of a Presidential Oath of Office was with President #2. 

#4. Woodrow Wilson.

Not only did he revive the spirit of Adams' Sedition Acts, he caused a Presidential opponent to be imprisoned under the terms of his grotesque Sedition Act of 1918.  He was Progressivism incarnate: he lied us into war, he jailed the anti-war opposition, he instituted a draft, re-instituted segregation in the Civil Service, and he was entirely soft-headed when it came to foreign policy.  The fact that Progressives love him (and hate George W. Bush) says all you need to know about them.

#3 Lyndon Johnson.

An able legislator who was able to get bills passed without having any real idea what they would do once enacted, he is responsible for more Americans living in poverty and despair than any occupant of the White House, and that says a lot.

#2. Franklin Roosevelt.

America's Mussolini - ruling extra-Constitutionally fixing wages and prices, packing the Supreme Court, and transforming the country into a bunch of takers who would sell their votes for a trifle.  He also rounded up a bunch of Americans and sent them to Concentration Camps.  But they were nice Concentration Camps - well, we're told that by his admirers.  At least Mussolini met an honorable end.


#1. Abraham Lincoln.

There's no doubt that the Constitution never would have been ratified if the States hadn't thought they could leave if they needed to.  Lincoln saw to it that 5% of the military-age male population was killed or wounded preventing that in an extra-Constitutional debacle unequaled in the Republic's history.  Along the way, he suspended Habeas Corpus, instituted the first ever draft on these shores, and jailed political opponents as he saw fit.  Needless to say, Progressives adore him.

So happy President's Day.  Thankfully, the recent occupants of 1600 Pennsylvania Avenue haven't gotten this bad.  Yet. 

A Libertarian Valentine's Day

LOL.

LOLOLOLOL. 

Joe Bonamassa & Beth Hart - I'll Take Care of You

It's been a while since I posted Blues on Thursday.  Mea maxima culpa.

So here's what may be the Platonic Ideal of a Blues Ballad.  If you don't like the Blues but you do like Pink Floyd* then you'll like this.

 

* A band with deep roots in the Blues. 

Secure Your Home Network: Moving to Linux - kicking the tires

OldNFO has an important post about how Microsoft is moving very aggressively to a 100% online subscription licensing model.  This is important enough that I won't excerpt any of this; instead, you should go read the whole thing.  It's not too  long, but if you care about the security of your home network (especially the whole who has access to my data and can I even know thing), go read.  I'll wait.

What this means is that you don't own any Microsoft software.  Sure, you may think that because you paid them money (most often when you bought your computer - some of that purchase price went to Microsoft in the form of a license fee for Windows).  But you actually don't own "your" copy of software.  At all.

Rather, you have the right to run the software on your computer.  That may not seem like a big difference, but it is.  The license agreement (you know, the one you didn't read before you clicked "I Agree") allows Microsoft to change the terms of the agreement at any time, at their pleasure.

Microsoft has just done this in a big, big way.  Key new stuff in Windows 11 is:

• AI integrated with your operating system
• Online presence is critical for lots of Windows now (e.g. AI)
• Windows will nag you until you put all your data online (OneDrive) whether you want to or not. 

The proper technical term for that first bullet point is that your Windows operating system is essentially now an "AI Agent" which if you are a regular reader you know is very, very bad security juju.

Combine this enormous security hole with the requirement to essentially be online 100% of the time (bad security) and the liklihood that OneDrive will slurp all your data to some Internet black hole in a Microsoft data center, Windows is simply unsecurable.

Yes, I know that is inflammatory, but there is simply no way that you can get assurance that your security is sane.  I say that as someone who has spent decades inn Internet Security (and particularly in security assurance).  Not to put too fine a point on it, but I don't think that I could get decent assurance that things aren't going "bump in the Net".  For most of the readers here, it's not even worth trying.

So what do you do, assuming that you are not a tech nerd like me?

Interestingly, Microsoft has just flipped the technical script on this.  It used to be that it was easier to stay on Windows than to move to alternatives like Linux.  Now that's out the window, at least if you want to protect your data from that OneDrive vacuum cleaner and whatever the AI agent will do to you. 

But this is admittedly a big step for a lot of people.  So as it turns out, you can "kick the tires" on all the different flavors of Linux without installing it.  All you need is a web browser. 

This is really slick.  The Linux equivalent of the Windows Start Menu lets you try all the apps (I use the Office apps which are every bit equivalent to Word and Excel, etc, and will save files in Microsoft format like .DOCX).

Take a few weeks poking around, you will likely see that it's not a big learning curve.  

An interesting perspective on AI

Long time Internet Security guy Fred Cohen has some interesting thoughts on how AI can be less obnoxious [PDF]:

The nature of the problem (I think) is that the attempts at safety reflect the behavior of the people who programmed and trained the AI engines, and they are apparently snarky, obnoxious twits that think its better to argue about meta issues than to serve their customers, like me, with the real capabilities they have developed. 

Their version of safety is the opposite of mine. If you want children to be safe from AI, don’t let them use it. 

If you want adults to be safe from AI, don’t make it available. 

If you want a ship to be safe, don’t put it out to sea… but that’s not what ships are for. We trade the utility for the safety, and while making ships that leak like a sieve is a bad idea in my view, making ships that don’t sail is a fruitless effort.

... 

Solution 

The solution is to put someone in charge of these mechanisms in these companies who is not a snarky, obnoxious twit… and I hope this doesn’t exclude me from the candidate pool. 

There are also some rather direct solutions to the problem of providing information to people where the information is not something that should be provided to anybody as a matter of policy. The most obvious solution is not to incorporate any of that sort of policy-violating information in the learning process. 

Of course the snarkiness is the same problem. If you don’t teach the LLM to be snarky by feeding it snarky crap, it will probably not behave that way. It’s no different than a child brought up by respectful parents vs. disrespectful parents. They learn from their teachers. 

Conclusions 

If you don’t want trouble, stop asking for it. If you teach a dog to bite, you are unlikely to be successful at later telling it not to. If you train an LLM with views of pedophiles, fraudsters, and murderers, you are unlikely to get it to not carry that behavior through later on. 

I think that Fred's entirely correct here (note that we ignore the very serious problem of AI Hallucinations here). AI training is generally crap layered on top of the hallucination engine*.

But I wonder if this is an opportunity for AI companies?  If you did a better job training the AI to be well-behaved (like you'd do with your kids or your dogs) would you have a different - and more attractive AI offer?  How about politeand wellbehavedAI.com?  That's a branding that would stand out from all the others.  You could market it to parents worried about their kids, or to old fuddy-duddies like me who hate everything about AI?

I smell a billion dollars of venture capital here ... 

* It seems very likely that the AI algorithms cannot be prevented from hallucinating. 

Word

Quote of the Day goes to B, who hits center mass:

50 years from now, no one is gonna bother to restore an electric Mustang to collect or drive.

Just sayin’.

Yup. 

Ronnie Dunn - Cost Of Livin'

Farewell to the Washington Post.  Journalists never cared when mills across the land shut down and people and towns were wiped out; now it's wailing like the End Of The World by journalists, for journalists.

I'm having trouble summoning up sympathy.  Welcome to the club, pal.

Elon's city on Mars

This is a fascinating breakdown of the (quite serious) engineering problems facing SpaceX as they attempt to build a Mars city. 

Deap sea video of German Battleship Bismark

Last year a company called Magellan sent a deep sea rover 15,000 feet down to the site of the final resting place of the battleship Bismark, sunk 86 years ago.  The video is simply spectacular.  Here is a shortish excerpt with commentary. 

And since we're talking about the Bismark, this song is obligatory.

The EPA makes everything worse, vol CXVI

In this case, marine diesel engines which used to be famously long lived.  The Detroit Diesel engines of old were famous for running 20,000 or 30,000 hours before a four day rebuild at the dock set them up for another 20,000 or 30,000 hours.  You couldn't kill these engines.  Rather, you would leave them to your kids in your will.

That's over now, and it's because of the EPA.  Over a span of 15 or 20 years, they ratcheted up the emission requirements for these engines to the point that Detroit Diesel would be fined millions and millions of dollars for selling their old (famously reliable) design.

And so now you have to rebuild after 10,000 hours, and you have to replace three times as many parts.  Plan on a month, rather than four days.

This is a very interesting video on the subject.  While I'm not an expert on diesel engines, it certainly seems solid from an engineering perspective. 

Here are the main points.

1. Pressures have gone from 10,000 psi to 30,000 PSI for a bunch of EPA-imposed constraints.  This shortens the lifespan of parts used in the engines.

2. The higher pressure means that engines are much more vulnerable to bad diesel fuel: water particles or tiny flakes of rust now essentially sandblast the pistons, valves, and cylinders.  This didn't used to take place at the old lower pressure.  This sandblasting effect shortens part life even more, which makes engine rebuild and cost even higher.

3. Because parts will fail much more often now, manufacturers put all sorts of sensors in place.  The sensors themselves can fail - the high seas is a notoriously unforgiving environment and salt water will get into the engine room.  This causes corrosion, which triggers sensor faults.  The engine's computer (itself a new thing, with software of questionable quality) will detect the fault and sometimes put the engine into "Limp Home Mode" - not allowing it to go above, say, 1000 RPM.  A ship in a storm may find its engine dangerously under powered, putting at risk the lives on board and the safety of the ship itself.  If a ship sinks in a storm under these circumstances, the fuel oil in the tanks will pollute the environment.

4. Not pointed out in the video, ocean-going vessels do not have to worry about emissions.  From a pure regulatory perspective, that is.  However, finding a new engine with all the design "upgrades" discussed here is the challenge.  I don't know what EU regulations are, so maybe a MAN engine doesn't have to deal with this.  But I'm nasty and suspicious and think that EU regulations could be even worse than EPA's.

Thanks a whole lot of nothing, EPA.  You're supposed to protect the environment. Oh, and not get Americans killed.

The only thing I think is unfair about the video is the title.  Engine manufactures design their engines to fail after 10 years because the EPA forces them to. 

You could roll back all the environmental regulations since 1990 and shutter the EPA and this Republic would be a whole lot better off. 

Secure Your Home Network: Which of your devices can you trust?

And more importantly, which should you not trust? 

This post is the fourth in a series on how to make your home network harder to attack.  Here are links to posts one, two, and three.  

Now you might think the question in the post title is a bit strange - after all, these are you devices, so you'd think that they're all trustworthy.  You'd be wrong.  There are at a minimum two different categories of trustworthiness:

Your main computing devices.  These are computers (duh) such as laptops and desktop computers, servers (a future post will talk about why these can be useful to you, and your cell phones (which are nothing but tiny hand held computers).

Now I've been in security for long enough that I get a bit twitchy about mobile phone security (I'll address this in a future post as well).  However, that ship has sailed and even a security nerd like me won't bother making a separate network just for these.  So they're computing devices for this discussion.

Then there's everything else.  It's surprising how any Internet-connected thingies there are these days.  Ring doorbells, Nest thermostats, online appliances (fridges, washing machines, etc).  At this point the Borepatch from four years ago would have told you to just walk away from all this nonsense.  Don't Internet-enable anything in this category.

Today's Borepatch sighs and tells you that this is coming to a home near yours.  It's here in my home.  No, not the thermostat (which was installed by the previous owner and which I have not connected to the WiFi).  However, the TVs all come with streaming apps for Netflix, Prime, and Youtube (among dozens of others).  And The Queen Of The World reminds me that the kids like to stream when they come and visit.  She likes it when they come and visit, as do I.  And so we have to do something for these devices.

Fortunately, you don't need any new kit to do this.  If you remember from the last post on water tight compartments, you don't own the Internet box from your network provider.  Basically, you can't trust it, so you install a new firewall box running DD-WRT.  It's trustworthy because you own it and have your own software and configuration on it.

All of your main computing devices connect to it's WiFi.  All of the other devices (doorbells, thermostats, TVs, appliances) connect to the WiFi from your network provider's box.

What you've done is to put a firewall between your computing devices and your untrusted devices.  It doesn't matter if your TV gets hacked because it can't get through your DD-WRT firewall to your computers.

Likewise, your TV is at least somewhat protected from the outside world because it's behind the firewall in your network provider's box. 

Joe Rogan interviews Elon Musk about Starship

This is a fascinating conversation. 

This is SO not like the NASA interviews when I was a kid.

"One more war in the West and the civilization of the ages will fall with as great a shock as that of Rome"

Who would have guessed a hundred years ago that Stanley Baldwin was right? 

 

I dunno - he looks a little Woodrow Wilsonish to me.  But if you're right, you're right.

And Nota Bene: it seems that DuckDuckGo can't find the link to that last post.  Strangely, Google can.  Search sting site:borepatch.blogspot.com best worst presidents on each site. So long, DuckDuckGo, it's been fun.  But I can't trust you, and neither should my readers.

Secure Your Home Network: Watertight Compartments

This post is the third in a series on how to make your home network harder to attack.  Here are links to posts one and two. 

Post two introduces the concept of a Firewall which is a device that lets you connect to the Internet without letting the Internet connect to you.  Firewall technology comes embedded in your Internet provider's device like a Cable TV modem.  A recent article does a comparison on a number of these devices.

If you look at the device it will look a lot like this:

The red colored connection goes out to the Internet, the yellow ones go to your devices (as does the Wifi).  This one has a connection for a landline telephone as well (ask your parents, kids).

Installing the device is really simple - red (labeled "WAN") goes to the outside which is untrusted, and yellow/WiFi go to your own devices which are trusted. 

Except nothing is as simple as that.  Your Internet provider actually owns the firewall device, it's not really yours.  Some providers run their own WiFi network for other subscribers who happen to be passing by - Verizon is notorious for this, and you will often find all sorts of WiFi networks called "VerizonXYZ" or some such.

So who is outside the firewall, and who is inside?  The question may sound pedantic but it's terribly important.  Fortunately there is something you can do about this.  

Ships used to sink all the time but this is pretty rare these days.  One major reason for this is that they are divided into compartments which are watertight - if the ship hits a rock (or, like the Andrea Doria gets rammed by another ship) only one compartment will flood and the ship can likely make it to port. 

USS South Dakota under construction

The network security analog of this idea is to use more than one firewall.  Don't trust your provider's firewall? (and you really shouldn't)  Buy your own and hook it up to your provider's firewall. The red (WAN) port on your firewall gets connected to the internal (yellow) connector on the provider firewall.  Now anyone that the firewall lets in can't get past your firewall.

And it really is your firewall, although you'll have to buy it with cash money.  But your devices connect to your firewall's yellow network connections, or to your firewall's (NOT your provider's firewall) WiFi.

Now you don't have to trust your provider because their device doesn't have access to your internal "watertight compartment".

Linksys, Netgear, and TP-Link are low cost options, running $30 - $70 or so.

The first thing you should do is replace your firewall's operating system with dd-wrt:

DD-WRT is a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. The main emphasis lies on providing the easiest possible handling while at the same time supporting a great number of functionalities within the framework of the respective hardware platform used. 

Here's a step by step tutorial on how to install dd-wrt on a Netgear device:

 

[UPDATE: Rick T in the comments says to check the dd-wrt website before buying a device, to make sure that the software supports that particular hardware.] 

Why go to this hassle?  Product longevity.  Consider a $60 Netgear device.  The profit margin on this to Netgear is probably $5.  You can't pay for a lot of enhancements or security bug fixes with that.  DD-wrt is an open source project with a bunch of passionate contributors.  I like my chances on having a viable, supported software five years down the road with them.  Not so much the device manufacturers.

So now you have a device you can trust for the long term.   We're not done yet, because there's all sorts of new tech evil that people want to use - Ring doorbells, Alexa, etc.  That's tomorrow.

Secure Your Home Network: What is a Firewall and why do you care?

Forget about the Internet and security for a moment - you already own something with a firewall.  Your car has one between the engine and the passenger compartment, even if your car isn't a sweet 1969 Dodge Charger.

 

The firewall in your car is designed to contain engine fires to the engine compartment, not letting the flames spread to the passengers.  Firewalls have been around cars for a long, long time - certainly since the 1930s, and probably a lot longer.

Now back to the Internet and security.  Internet firewalls are designed to keep bad things (and Bad Guys) out of your network, so they don't burn down all your devices.  Yes, I stretched that metaphor, but that's exactly where the name came from.

An old Internet wag once described a firewall as a device that "keeps the bad guys out while letting the good guys out".  That's a really good description.  Internet firewalls have been around for basically as long as there has been an Internet, say from around 1990.  The technology is very well understood, and very mature.  That's the good news.

The bad news is that there are a million ways to set up your firewall so it's more full of holes than Swiss cheese. This post will try to help you avoid this.

More good news: your Internet Provider almost certainly has a firewall capability in hte box that gives you Internet access.  For example, if you get Internet via cable TV, you have not only a cable box that changes channels, you have a separate box that gives Internet.  That thing has a firewall built in, so yay.

You an check this yourself via a web site that I've linked to a number of times over the years, Steve Gibson's Gibson Research.  You should see something that looks like this:

Green is good. 

So what went on when you ran that?  There are a bunch of Internet services like web, email, and so on.  Each uses a "port" - email is 25, web is 80, there are a bunch of others.  What Gibson's app did was to try to connect to all of these posts on your IP address.  Ideally, your firewall (like mine) dropped these connections in the trash can.

So from a first cut, your firewall is letting you out onto the Internet (so you can read this, hello!) but keeping the Bad Guys out. 

But the devil is in the details of how we (and our devices) use the Internet.  The next post in this series will explore this: Secure Your Home Network: Can (and should) you trust your devices?

Secure Your Home Network: Introduction

This is the beginning of a new series about what (mostly) non-technical readers can do to lock down their home networks to a decent level of security.  I need to start with some caveats here:

1. It's pretty easy to protect yourself from "script kiddies" (Bad Guys who just use canned exploits without knowing much (or anything) about you or your home network.  Hopefully the posts in this series will make you, if not impervious to, at least unreasonably difficult for these attackers.
2. It's harder to protect yourself from a knowledgeable and determined attacker.  Someone with skill, time, and motivation to attack you is a dangerous opponent.  Hopefully the posts in this series will increase the required time, skill, and motivation needed for these Bad Guys to succeed.  Basically, it raises the cost for them to attack you which is A Good Thing.
3. At the end of the day, you can't protect yourself from NSA or FSB (the KGB successor organization).  Or the Chinese, who are quite active and skilled.  Even keeping them from sniffing out your traffic is really, really hard.  If you think that any of these organizations are likely to want to access your computers, then you should unplug from the 'Net right now.  Not kidding.  

So if you're interested in this kind of thing, and are willing to spend a nominal amount of time and money to raise the bar on your home network security, follow along on this series of posts.

Tomorrow's post: What is a Firewall and why do you care? 

 

The 2025 most dangerous software exploits list

 Dad (who was a history professor) liked to say that History repeats itself because nobody listens the first time.  I get an incredible sense of deja vu all over again looking at Mitre's list of top 25 exploits for 2025.

The top 4 are all very, very old.  I myself demonstrated #4 when I taught a computer security class (with corporate IT Security present) back in 1994.  That's three decades ago.

And what's with numbers 11 and 14?  One of the classic papers on software security is Smashing The Stack For Fun And Profit - from 1996.

Numbers 3, 6, and 22 are web server vulnerabilities that are over 20 years old, and I've posted about them before. 

17, 19, and 21 have been known since before I was in this industry.  Call it the 1980s, although it's likely older.

I guess it's nice to see a shout-out to DoS (number 25) although geez, this is depressing.

So that's half the list having been known for literally multiple decades. So what gives?

I blame Agile Software Development.   I guess I'm the cranky old guy yelling at the sky here, because this is how all software is developed these days.  Product Managers (my old field) are to blame here, having spent the last 20 or 30 years pushing Go Ugly Early - get working product shipping as soon as possible and let customers tell you how to improve it.  Essentially, a lot of what you would have the developers spend their time fixing are things that customers just don't care about.

This has led to a pushback of sorts from software professionals, particularly the Software Craftsmanship movement.  Their manifesto is interesting:

As aspiring Software Craftsmen we are raising the bar of professional software development by practicing it and helping others learn the craft. Through this work we have come to value:

• Not only working software, but also well-crafted software
• Not only responding to change, but also steadily adding value
• Not only individuals and interactions, but also a community of professionals
• Not only customer collaboration, but also productive partnerships

So what's missing from this?  How about don't keep making the same dumb security mistakes that people have been making for decades?

And what do Product Managers miss in their rush to go ugly early? How about don't keep making the same dumb security mistakes that people have been making for decades?

And so here we are.  The IT infrastructure of the 21st Century has been constructed out of moonbeams and cotton candy.

I don't see anything changing here, as the incentive structures are all stacked against good security.