Several of the more business-oriented programming/software development courses on my (Swedish) campus is being taught in project groups using agile.

The antivirus market is, as everyone knows, the most FUD-filled part of the security industry. The effectiveness of different antivirus products is largely anecdotal, and shifts rapidly because of the arms race between virus writers and antivirus manufacturers. As it stands now, even "expert" end user cannot ascertain the relative effectiveness of the suites, and because antivirus products are still heuristics-based with a few "depacker" routines built in, they only catch the really obvious fish. (One funny thing with this is, if you pack an executable with a common yet relatively complicated packer, say "redeye", it'l get caught, but if you just jump in and jumble up the instructions with a debugger you can make it "invisible" easily). Because of this reliance on FUD to sell, and because there *is* already fierce competition in the antivirus market, maybe this won't change much, unless MS locks other vendors out somehow. Or will it be a different form of competition, because of the now-asymmetrical playing field? MS has an advantage in that they have access to the code and people who wrote the code, and designed the OS architecture.

Yes, but couldn't you just have two layers of C&C? Using socks proxies on bots running on home computers spread out over tier-3 ISP IP pools that doesn't blacklist "bullet proof" countries, combined with a few cheap colocated hosts inside US borders for data storage, communicating back to hosts on safe territory is the method i would use if i wanted to use the simplest, cheapest and most reliable method, and wasn't the sharpest knife in the drawer. The really sharp solution would be to have a storm-like P2P botnet architecture with irregularly steganographed and encrypted connections back to C&C servers on safe ground (Eg, even if the "mothership connections" where discovered, they would look like they where coming from disparate botnets.) I think such a system could be maintained for the foreseeable future, as long as you keep adding new steganographic methods to the pool.

As i understand it, that is exactly what the security researchers did. What happened (by analogy) was that the person that the landlord in turn rented from kicked him out. I don't think you can really place the blame on the security researchers in this case.

Terry Pratchett once said that he was surprised people who program computers don't spend more time programming people.

Doesn't everyone do this subconsciously, when they feel they would benefit from it? I know i have to stop myself sometimes, when i put myself in "vulnerable mode" to make people trust me more. I don't try to con people, i just do it because it... works? On the other hand, I'm into computer security. Maybe stuff like that is just part of the "security mindset" Bruce Schneier et. al. espouses? 2% sounds like a surprisingly small figure though.

No, of course not. But an open-source sponsor company still chooses to associate with an obviously oppressive government. And that's not good at all.

Yeah, but a country isn't a house. For example, you do not, as the owner of the house, have exclusive right to regulate lethal force within it. Allowing closed communities to form with their own laws and moralities about such basic things as the freedom of speech isn't generally good for society, or the people in the communities. Look at North Korea or Saudi Arabia for example.

No matter of the people protesting Novell are a vocal minority subgroup that annoys most people. Having police roughing them up and removing evidence about doing so is bad PR for all free software, and it's completely immoral to rationalize this sort of reprehensible behavior just because you don't agree with with what they're protesting about. So they still live. So what, it still shows that this specific police force consists of thugs. Do you people feel relieved over not getting shot every time you pass customs at the US border?