What I learned in my years in IT Compliance (SOX) is two things:

a) nobody really understands these things (ITIL, SOX, Agile, take any buzzword you want), including the people charging you at high-class escort levels for consulting.
b) there are many ways to skin a cat.

SOX is actually very simple, but consulting companies are not interested in simple, they're interested in selling a lot of expensive consulting hours, so they turned it into this monster. I was the Senior Manager for SOX in a 2500 people company and I was not overworked. Another company in the same corporate structure had a room full of people doing SOX, and I dare say their compliance wasn't better than ours.

ITIL is more formalized, but I don't see why anything in it has a hard requirement for the insanity you describe. I'm fairly sure the issue wasn't with ITIL, but with the particular way it was implemented. I'm almost certain it was implemented by outside consultants, am I right?

Just like nothing in Agile prevents you from making architecture decisions early on. It just tells you to keep an open mind for changing them. And nothing in ITIL tells you that you can't change anything, it just tells you to do it in a way that properly tracks the change.

I'm not saying these things are not often nightmares in the real world. I am saying that they do not have to be. There is no "it has to be horrible" clause in ITIL.

The problem is not with Agile, but with people who believe in magic potions.

Nothing in this world ever solves all problems. Nothing in this world ever fits everyone. Agile is no exception. It might be good or bad, depending on circumstances such as your team, your culture, your project and a dozen more.

The best you can do as a leader (manager, lead dev, CTO, whatever) is to pick and choose and come up with a system that works for your company, your people. It might be Agile, or Agile with something else mixed in or something else with some Agile mixed in, or no Agile at all. It depends.

If you believe you can take something that someone else cooked up without knowing your situation, and just apply it by the book and that's it, then you are not doing your job.

They are traitors and should be jailed. In fact, since they believe they're involved in a "war on terror", maybe we should try them for treason under military law.

Also, I wouldn't trust the statement that the chancellors office didn't know anything.

And people still fall for that argument, which amazes me to no end.

Yes, markets need liquidity.

No, markets do not need 5000% liquidity.

Everything is toxic in overdose, even water.

The real people to throw in jail are the ones who made it possible. The guys who deregulated the markets so much, the ones in oversight of the finance system who didn't see these things approaching and the people who dissolved all the protections of the real economy against the finance market because they were greedy for quick bucks.

Politicians, mostly, but we should also go after the lobbyists and their employers who influenced them.

Of course, that will never happen. Society rarely becomes self-conscious enough to get rid of its parasites.

That is exactly what I mean. I would even go one step further at the end: Without the risk of the computer compromising the user. Because the computer in itself is worth its scrap metal value and that's it. Everything of actual value is in the user - the data, the communication, the access to 3rd party networks and services. Not that one particular user in front of the machine, maybe, but a user.

I've exited the security industry after 15 years, no longer believing that it does any good. And TFA is pretty spot on.

The issue is that security is both wide and deep. You need to cover all your weak spots, and you need to cover them completely. As an industry, we have succeeded in finding technical solutions to almost every challenge, but we've failed in creating a systematic approach to the field. Look at the "best practice" documents - they are outdated and mostly a circle-jerk. I did a quick study some months ago checking the top 100 or so for what the academic or scientific or just substantiated-through-sources basis is, and the result is pretty much: None at all.
Even the different standards, including the ISO documents, are collections of topics, not systematic wholes. It's like high school physics: This month you get taught optics, next month Newton mechanics, the third month electromagnetism. The only thing they have in common is the class room.

Nowhere is it more visible than our treatment of the user. It's clear that most security professionals treat users as disturbances, as elements outside their field of security. I imagine what roads would look like if their planners would look at accidents and say "cars are a threat to our road system. They clog it up and very often they crash into each other and cause serious issues to traffic. We need to protect the road system against cars. Can we automate roads so they work without cars as much as possible?"

We need a much more systematic, holistic view on the whole field than we have right now. In a pre-scientific field, snake oil is the norm. It was the same in medicine (where the term originates), in chemistry (alchemy), in psychology (astrologie, numerology, one hundred other primitive attempts at understanding and predicting human behaviour) and virtually every other field, even many non-scientific areas, such as religion/magic.

So, your average software developer. Which explains a lot about why software quality sucks so much. (and then someone writes six code analysis tools and ten testing tools to at least catch the shit before it hits the fan).

Same reason that fascism and communism are unlikely to win any elections anytime soon - the name has been tainted by a horrible first version, even if you came up with a perfect current version, nobody would believe it.

Whilte it originally was introduced in order to execute painlessly, following basically your logic, it has since turned out that this is not true and the Guillotine is actually a fairly cruel execution method.

It is great for market-square entertainment, though. Maybe that's what you're really after?

Actually much more interesting than I thought at first glance.

The game is designed intentionally with computational complexity in mind. It failed. The rules (WP has them, or a dozen other sites) are mostly designed to increase the search space. For example, instead of the fixed setup in chess, you get basically the same pieces, but you can put them into your 2 rows in any way you want. I'm too lazy to calculate the initial starting positions, but thanks to the Internet, someone else did it and came up with ~10^15. That makes an opening library practically impossible.

However, I'm a hobby game designer, so I look at rules with slightly different eyes. The complexity of the game is largely artificial. Brilliant minds will, like in a badly designed crypto-cipher, find tons of places where the complexity can, for the practical purpose of actually playing and winning a game, be reduced dramatically. Remember that in theory chess has 20 valid opening moves for white. The vast majority of them you will never seen in any real game.

I'm also bothered by the fact that complexity is reached by the addition of rules, instead of the subtraction. Go is a perfect example for how you can reach complexity with very simple rulesets. When building games, especially board games, you generally strive to keep the ruleset as simple as possible and check every rule for whether or not it adds anything worthwhile to the gameplay or not. For a simple, conventional style 2-player board game, the ruleset is overly complex IMHO. Maybe that's why I never heard about this game before - it doesn't actually appeal to many human players, except those interested in not being beaten by a computer.

New at Steam: We replace people who don't give a fuck with people who really don't give a fuck.

No, don't get me wrong, it's a step in the right direction. But the step itself begs questions. In general, the great firewall is the first cent - people who spend nothing at all and people who spend something, no matter how much. If you don't believe me, try charging 10 cents or something ridiculously small for any free web service you offer, and you'll find your user numbers drop through the floor.

I don't think there's a measurable difference between $5 and $4 or $3 -- the number is entirely arbitrary. A psychological barrier would be $10 (the two digits, the reason almost nothing in any shop in the world costs $10, it will always be $9.99 or $9.95).

But the act in question here would be the writing of a dictionary, and even in the most totalitarian states, that is not a crime.

Your argument smells.

Yes, more skilled people in general earn more. But (and in the words of Ben Goldacre: It's a big but) there are exactly two issues with this in our modern hypercapitalism, and they are related:

a) A class of very low skilled workers has moved to the top of the food chain and takes a massive part of the total wages for itself

b) The general level of pay is staggeringly low. If you compare the wealth of your western nations to the wealth of the average individuals within, you should be frightened. Most western countries can spend a few billions here and there without so much as shrugging. As nations, we have more, much much much more money available than ever in history. The most lavish spending of any king in history pales compared to everyday infrastructure, science or military projects of today. As people, we are richer than the average middle ages peasant, but in comparison to our nations wealth, we have less.

Yeah, that sucks.

I use a password manager as well, mostly because I'm lazy typing. It gives me the added benefit that if one of the sites gets hacked, I can check the PW manager to see where else I use the same PW.

You can use different passwords, if you like. I don't do it because it would mean that when I find myself without my PW manager, I'd be fucked. And it happens quite often that I do.