I mentioned Occam's razor in a previous post and it's a philosophy I'm a huge fan of. Especially in information secuirty.

Often it's summed up as

"the simplest explanation is usually the correct one"

I think it's easy to get carried away with theories that could be posible rather than …

There is a concept in IT called 'failing loudly' as opposed to 'failing silently'. The idea is when something goes wrong it should be obvious and generally everything should come to a halt instead of trying to carry on with errors.

An example of this is running a REST API …

If you have worked in IT Security for a while you will probably have heard the old saying;

"You don't have to outrun the bear you only have to outrun the other bloke"¹

I've heard it several times and it annoys me because it's almost always used to defend …

One of the security tenants that I live by is Kerckhoffs's principle.

A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

-- Auguste Kerckhoffs, 1883

It's beautiful in it's simplicity and yet counter intuitive.

It's a beguiling myth that if you want to …

"The perfect is the enemy of the good"

A phrase that was popularized by Voltaire according to Wikipedia.

It's one I've always liked, I've seen products like Duke Nukem Forever spend years in development trying to achieve perfection when they could have been released earlier and been good.

Linus Torvalds …