See comment at Register, named "Net Neutrality bid gone for good" by Andrew. A bunch of Internet giants expressed their discontent to Net Neutrality, for its mistiness and injustice. Andrew is hoping a "more coherent and professional fashion", and even "with better branding". The key point in my brain, for its possible recoming, is the benefit balance between transmission network (typically those tradional telcos) operators and CP/SPs. The latter would not like to let the former "tame" the Internet, but "foster".
See the story by Andrew…. Read the rest of this entry »
Posted by Richard 
Best practice on password management
April 29, 2006This morning I read a good essay named "Security Myths and Passwords" by Prof. Eugene Spafford. Prof. Eugene told us his doubt on those best practices on password management policy, like "monthyly change", based on the interesting origin of this "best practice".
The defects and even failures in most of enterprise security defense systems can be root caused into problems in "security execution", ie. the discrepancy between the policy and the real environment. The security manager just book those best practices into their "policy", while not considering their staff, their skills, the data to protect, the threats to contain/mitigate…