random memes }

Just enough "Security"

This is brilliant.

Munich's Metro Stressful, But It Goes Everywhere | Autopia from Wired.com Riders purchase tickets at self-service kiosk priced by zone -- a ticket covering most of the inner city costs €2.30 ($2.95) -- and before boarding, stamp them with an old-school time clock. It's possible to score a free ride by "forgetting" to stamp your ticket, but at the risk of getting caught by plainclothes agents making random checks. They’ll slap you with a big fine, and the "I'm just a confused tourist" won't get you anywhere.

Bruce Schneier frequently repeats the notion that security should be cost-effective (counting both material and non-material costs). Whomever came up with this approach for the Munich Metro ... the result is brilliant. The investment in infrastructure for fee collection should be less. The Metro can employ fewer folk in less repetitive, more intelligent jobs. (I would bet the plainclothes agents are cross-trained to look for other criminal behaviors.) Peak traffic flows are less likely to be impeded by "security" measures.

Incidentally, I do believe that Schneier is having a large positive effect on application of concepts for security, directly or indirectly. Seems more and more often I am running into fragments of his thoughts in other venues. I know enough about the principles to use security effectively in my working domain (which makes me the "security expert", though I would not claim that title). When folk want or need know more I almost always point them to Schneier's writings. I suspect there are other folk who also point to Schneier as the standard-bearer for security-related issues. Over time it looks as though the cumulative effect is significant.