I read Bruce Schneier’s weblog on a pretty much daily basis, and I truly appreciate what he brings to security punditry, especially things outside of strictly network and computer security.

But the more I read from Bruce, the more I am convinced that stories he points out will be forever and universal. There will never be any type of security that relies on people that cannot be circumvented, even if by accident, one time out of 1,000,000. It fuels people like this because the stories will never go away. People will always make mistakes and someone somewhere will point it out and make everyone else cry that we should have 100% perfect security and spend more money to get that last .01% failure rate removed. That’s just not always realistic. The effort is nice and I do appreciate his efforts to keep people from being blissfully ignorant about what security really is versus the perception, but he is like sugar to me. Take samples of it, not heaping spoonfulls, for best enjoyment.