Usable Security

Usable Security is a new blog about—you guessed it—the intersection of usability and security. This comes up every few weeks since I improved the error messages on the WordPress login (and bbPress) to specify which part of the login was mistaken, the username or the password. Security folks see this as a problem because you’re revealing more information but I see making the error message more generic as premature security optimization. Plenty of systems where login names are public or easily discoverable, such as Yahoo, Gmail, Hotmail, most email systems, and so forth, seem to be doing just fine.

Panels Finished

My last panel was yesterday at 5 PM so now I’m taking as much time as I can to catch the panels that are left and learn a few things. Speaking was more stressful than I expected but most of the feedback was good. I still need to check out the web feedback though, as people are probably more candid online than when they’re shaking your hand.

Panels Tomorrow

Just a reminder, I have two panels tomorrow, one at 10 AM in room 17AB (Blog Software Showdown) and one at 5 PM in room 15 (Open Source Infrastructure). I’ll try to record them for blogging later, but the quality will be about the same as the keynote recording.