The user's going to pick dancing pigs over security every time.

The question to ask when you look at security is not whether this makes us safer, but whether it's worth the trade-off.

Only amateurs attack machines; professionals target people.

A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography

It's certainly easier to implement bad security and make it illegal for anyone to notice than it is to implement good security.

And honestly, if anyone thinks they can get an accurate picture of anyplace on the planet by reading news reports, they're sadly mistaken.

Microsoft made a big deal about Windows NT getting a C2 security rating. They were much less forthcoming with the fact that this rating only applied if the computer was not attached to a network and had no network card, and had its floppy drive epoxied shut, and was running on a Compaq 386. Solaris's C2 rating was just as silly.