Laws of Software Development

Old but… still applies  Laws of Software Development
I ran across an new eponymous law while reading “Understanding
Enterprise SOA” by Eric Pulier and Hugh Taylor.

Pulier’s rule of reuse:

A programmer will look at another programmer’s output, no matter
how brilliant and declare it garbage The best law’s and rules are named
by others who admire the author’s work, but this one seemed pretty
worthy to me. This got me reminiscing about some laws of software
development that perhaps had the same rigour as Newton’s Laws, Boyle’s

Law or Hooke’s Law.

The rules I have admired during my career are:

Brooks’s Law:
adding manpower to a late software project makes it later

Hofstadter’s Law:
It always takes longer than you expect, even when you take
Hofstadter’s Law into account.

Codd’s Rules  <> of
relational database management systems which I won’t quote here because
there are 13 of them.

Moore’s Law:
The number of transistors
<>  that can be inexpensively
placed on an integrated circuit
<>  is increasing
exponentially <> ,
doubling approximately every two years.
This has a number of applications outside of transistors such as
processing speed, memory and disk capacity.

Clarke’s 3rd Law:
Any sufficiently advanced technology is indistinguishable from
The reason I class this as a software development Law is that it points
out the futility of trying to explain the technical details of software
to Business users. If a technical decision does not have any business
impact then it may as well be magic.

I thought I would check what other software development Laws there are
on the net. Here is a good sample from some useful sources listed in the
Bibliography below:

Amdahl’s Law <>
The speedup gained from running a program on a parallel computer
is greatly limited by the fraction of that program that can’t be

Asimov’s laws (Yes its SF but one day a software developer might have to
follow them):
1.      A robot may not injure a human being or, through inaction, allow
a human being to come to harm.
2.      A robot must obey orders given to it by human beings, except
where such orders would conflict with the First Law.
3.      A robot must protect its own existence as long as such
protection does not conflict with the First or Second Law.

Atwood’s Law:
Any application that can be written in JavaScript, will
eventually be written in JavaScript Bye’s First Law of Model Railroading

Anytime you wish to demonstrate something, the number of faults
is proportional to the number of viewers.

Clarke’s 1st Law:
When a distinguished but elderly scientist states that something
is possible, he is almost certainly right. When he states that something
is impossible, he is very probably wrong.

Clarke’s 2nd Law:
The only way of discovering the limits of the possible is to
venture a little way past them into the impossible.

Clarke’s 4th Law (He’s not often credited with this one):
For every expert there is an equal and opposite expert.

Conway’s Law <> :
Any piece of software reflects the organizational structure that
produced it.

Edwards’ law
You cannot apply a technological solution to a sociological
Greenspun’s Tenth Rule of Programming (There actually are no rules 1 to 9) Any sufficiently complicated C

<>  or Fortran
<>  program contains an ad hoc, informally-specified, bug-ridden
<> , slow implementation of half of Common Lisp <>
This can also be worded “Those who do not understand Lisp are doomed to reinvent it.”

Gustafson’s Law <>  (also known as Gustafson-Barsis’ law)
Any sufficiently large problem can be efficiently parallelized <>

Kerckhoffs’ law <>
on secure cryptography.  A cryptosystem should be secure even if everything about the
system, except the key, is public knowledge Lehmann’s Laws
1.      Systems that are used must change or automatically become less
2.      Through changes the structure of a system becomes ever more
complex and more resources are needed to simplify it
Linus’s law <>  – named for
Linus Torvalds <> ,   given enough eyeballs, all bugs
<>  are shallow.

Lubarsky’s law of Cybernetic Entomology:
There is always one more bug.
McLuhan’s Law:
If it works it’s obsolete.
Metcalfe’s law <>
In communications <>
and network <>  theory,
states that the value of a system grows as approximately the square of
the number of users of the system.

Murphy’s Law
If anything can go wrong, it will.

Occam’s Razor: <>
There are many wordings for Occam’s razor and debate about how it is
interpreted but from software development I think the best wording is
“The simplest solution is usually the best”. This is very nearly the
same as the KISS principal “Keep it simple stupid”.

Putt’s Law:
Technology is dominated by two types of people: those who
understand what they do not manage, and those who manage what they do
not understand.

Sturgeon’s Revelation (sometimes referred to as his second law):
Ninety percent of everything is crap

Weinberg’s Law:
If builders built buildings the way programmers wrote programs,
then the first woodpecker that came along would destroy civilization.

Wirth’s law <>
Software gets slower faster than hardware gets faster.

Zawinski’s law <>
Every program attempts to expand until it can read mail. Those
programs which cannot so expand are replaced by ones which can.
Here are still more great laws from Joey DeVilla’s Blog posting
<> .

The Law Who Said It     What it Says
Ellison’s Law of Cryptography and Usability

Carl Ellison <>       The user base for strong
cryptography declines by half with every additional keystroke or mouse
click required to make it work.

Ellison’s Law of Data
Larry Ellison <>
Once the business data have been centralized and integrated, the value
of the database is greater than the sum of the preexisting parts.
Flon’s Axiom <>

Lawrence Flon <>
There does not now, nor will there ever, exist a programming language in
which it is the least bit hard to write bad programs.
Gilder’s Law <>
George Gilder <>
Bandwidth grows at least three times faster than computer power.
Grosch’s Law <>

Herb Grosch <>  The cost of
computing systems increases as the square root of the computational
power of the systems.

Hartree’s Law
Douglas Hartree
Whatever the state of a project, the time a project-leader will estimate
for completion is constant.
Heisenbug Uncertainty Principle <>
Jim Gray <>
Most production software bugs are soft: they go away when you look at

Hoare’s Law of Large Programs
C. A. R. Hoare <>
Inside every large problem is a small problem struggling to get out.
Jakob’s Law of the Internet User Experience
Jakob Nielsen
Users spend most of their time on other sites. This means that users
prefer your site to work the same way as all the other sites they
already know.
Joy’s Law <>

Bill Joy <>
smart(employees) = log(employees), or “No matter who you are, most of
the smartest people work for someone else.”
Lister’s Law <>

Timothy Lister
People under time pressure don’t think faster.
Nathan’s First Law <>

Nathan Myhrvold <>  Software
is a gas; it expands to fill its container.
Ninety-ninety Law <>

Tom Cargill <>
The first 90% of the code accounts for the first 90% of the development
time. The remaining 10% of the code accounts for the other 90% of the
development time.
Pesticide Paradox

Bruce Beizer    Every method you use to prevent or find bugs leaves a
residue of subtler bugs against which those methods are ineffectual.

Reed’s Law <>  David P. Reed
<>    The utility of large
networks, particularly social networks, scales exponentially with the
size of the network.
Sixty-sixty Rule
Robert Glass
Sixty percent of software’s dollar is spent on maintenance, and sixty
percent of that maintenance is enhancement.

Spector’s Law
Lincoln Spector <>
The time it takes your favorite application to complete a given task
doubles with each new revision.

Spafford’s Adoption Rule
> George Spafford <>
For just about any technology, be it an operating system, application or
network, when a sufficient level of adoption is reached, that technology
then becomes a threat vector.
Some unattributed “laws” that are worth mentioning:
*       Build a system that even a fool can use, and only a fool would
want to use it.
*       Any program over 100 instructions can be simplified by 3
instructions (without losing any functionality).
*       Any idiot can learn to use computers, and many do
*       There’s never time to do it right in the first place, but
there’s always time to do it over when it doesn’t work.
This posting started with Pulier’s Law: “A programmer will look at
another programmer’s output, no matter how brilliant and declare it
garbage”. At the risk of repeating Pulier’s conceit of naming law about
himself I propose:

Kimber’s Corollary:
No amount of documentation is ever sufficient to completely
understand a system Bibliography

Cohen’s Law:  Magical Shizz Happens, it’s like jazz, just watch and listen to the space between.



Just hand me your wallet.. TRUST ME .. Cloud Risk

It doesn’t matter what your name is.. -The Rock

People throw their money in the garbage all the time.   Go to Las Vegas and see for yourself.   It is called gambling right?  What are you willing to risk? I recently went on travel and taught a Cloud Computing Professional course in Las Vegas, I watched a sea of people get caught up in the lights and sounds of the one arm bandits.    At least in Vegas you can see when you lose right away, in business it takes just a little longer.

It doesn’t matter what kind of business you are in, there is always risk.    Banks won’t lend to you if you don’t show them a plan including an understanding of risk.  Now more often than not, business people are looking to save money on “a sure thing” known as cloud computing.   The government is going all in because it seems to make sense and so are commercial organizations all over the globe.

I believe in leveraging technology and technology patterns to create savings and efficiencies for business and government but these should come with an understanding of the Trade off.   Below you will find a document written by (ENISA), they do a very good job of breaking down risks for analysis.  If you are moving to a cloud model, please consider a glance at this document for a pulse check at the least.

The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European Member States and European institutions in network and information security, giving advice and recommendations and acting as a switchboard for information on good practices. Moreover, the agency facilitates contacts between European institutions, the Member States, and private business and industry actors.

This work takes place in the context of ENISA’s Emerging and Future Risk programme.


This report has been edited by:

Daniele Catteddu and Giles Hogben

e-mail: and,

Cloud Computing Security Risk Assessment

“Risk should always be understood in relation to overall business opportunity and appetite for risk- sometimes risk is compensated by opportunity. ”

What about your wallet?

In the book Incognito by David Eagleman, he talks about a Trolly Problem  where people are faced with difficult choices and based on their perspective at the moment and what they PERCEIVE as risk, they are affected and the results may vary from their normal decision-making process.   One example is that if you had to push a button to kill someone to save others vs actually pushing someone physically.   Pushing the button is easier and we are more likely to do that if we are faced with this situation.  It is even easier if we have to push a button and we don’t actually physically see the result of our actions.

Let us apply this to business here.   You are reading my words here, you may or may not actually know me.   If you did, you would take what I am saying in context to your perspective about me.   Cloud Computing and remote business computing are realistically new concepts for people to manage (PEOPLE).   Technology is advancing faster than culture.

Would you hand someone your wallet?  Why would you give them all the information in your wallet?  You are doing this when you put your information in the cloud.   Wouldn’t you want to think about what information you are giving up?

Technology is advancing faster than culture

Technology is moving at speeds that people can barely keep pace with.   Everyone is busy with very little time to think and solving problems (real problems) as opposed to symptoms is a challenge at best.   Cloud is appealing because the cost of upfront engagement is generally lower.   What leaders need to think about is the TOTAL COST, not TCO, not ROI but the TOTAL COST including trade-off and risk to their business.

You have enough to look over with the PDF posted above! Good luck…


In support of our Warfighter Creed


 “Reality is merely an illusion, albeit a very persistent one.” – Albert Einstein

Google “Contractors Creed” and this is what you get from

I am a contractor. I look out for myself, the operators to my left and right, and no one else.

I will always take advantage of the fact that I can finally tell Commissioned Officers to pack sand, and will do so at every possible occasion.

I am my country’s scapegoat, the “plausible deniability” warrior, and I love it.

Less than 700 dollars a day is Unacceptable.

I am trained to eat things that would make a Billy goat puke, but will refuse anything less than 60 dollars Per Diem because I am greedy.

I care not for ribbons, nor awards for valor. I do this job for the opportunity to kill the enemies of my country, and to finally get that boat I’ve always wanted.

I will be in better shape than 99% of the active duty personnel, although this is not hard.

I will equip myself with the latest high-speed gear, and will trick out my M4 until it weighs more than 24 lbs, not because it works better, but because it looks cool in photographs.

I will carry more weapons, ammunition, and implements of death on my person, than an infantry fire team, and when engaged I will lay waste to everything around me.

In any combat zone, I will always locate the swimming pool, beer, and women, because I can.

I will deploy on my terms, and if it ever gets too stupid, I will simply find another company that pays me more.

How complicated…  or Maybe not

While this particular writing is referring to contractors that are serving (yes I said that) in the field alongside our finest.   It is a common theme heard in any situation where defense contractors are present.

According the NY Times “There were 113,491 employees of defense contractors in Afghanistan as of January 2012, compared with about 90,000 American soldiers, according to Defense Department statistics. Of those, 25,287, or about 22 percent of the employees, were American citizens, with 47 percent Afghans and 31 percent from other countries.” (

If that is true, which I believe it was at the time and still is, than contractors are part of our fighting forces and moreover they are part of our planning forces.   What this means is that

  • Contractors are people.
  • Contractors have a stake in war fighting personal and professional.
  • Contractors and Government Civilians are similar in a lot of ways.
  • Contractors and military service members can operate under the same conditions.

Captain Obvious

Good ethics and values are not bound by our uniform or contract.  In other words, whether I took an oath and wrote it down as a human to human kind of activity or I took an oath on my own the result is the same.   In contracting documentation and presentations given to government workers there is a note on the fact that a government worker took an oath.  Here is  an example ethics handout it is public via google.


More on this…/gov.ctr.relationshipaf.doc (Air Force document).

What the documents say is “do the right things” and they tell you what those things are by law.   Interestingly enough,  I have worked for years with contractors and leadership has told us over and over what the right things are.   The point is that WE should be ethical in OUR behavior REGARDLESS of whether we are government or contractor.  More often than not in my experience a lot of contractors are more inclined to do the right things because they really have more to lose.

Let’s think about this for minute..

  • Contractor does something wrong the result is termination of the contract.
  • Government worker does something wrong the result is an inquiry, after years the government worker is either terminated or promoted.

Isn’t this true?  Or do I just have a great imagination?

Point – If you are bored by now

We need a creed on behalf of our war fighter.  We need to be ethical and have integrity because.. JUST BECAUSE folks….  Politics are for politicians and there are a lot of them.  One thing I have learned over the years is that politicians don’t stop bullets from the boardroom.  I don’t really care what they are doing frankly, I care about what I am doing.  Am I doing what is right for my friends in the field?  Whether they are paid for by the government through one color of money or another doesn’t matter, the result is the same.  We are fighting for freedom; our freedom and democracy; our democracy. I am **ANGRY** because I am an American and I love this country and want it to exist and I want my kids to have choices in their lives.

I am tired.. of hearing excuses from individuals that they can’t do the things they need to do because of someone else.  I have mentioned in posts before that I know people that don’t give up but they are few.  So, here it is.. the short of it…

In Support of our Warfighter Creed 

I support our Warfighter. I think about my country and my family and the extension of those around me, I consider operators regardless of uniform and title.  

I will work to have faith in those around me and build trust with those whom I don’t know well in order to protect and preserve our existence as we know it.

I will lead from where I am and seek to be better every day knowing that if I excel those around me excel. 

I will look to practice being selfless and empathetic of others. 

I will be strong and take a stand when I have to. 

I will share information to benefit everyone that shares my cause.

I will reuse and recycle process, methods and tools anywhere and anytime I can.  

I have a code and recognize that others do as well, I will respect them as I expect them to respect me. 

I will collaborate, cooperate and communicate every opportunity I have as I understand together we are stronger. 

I will work to sharpen my body and my mind to be strong and ready. 

I will be concerning with my actions and take responsibility for me. 

I will be honest.

I will be loyal. 

I will deliver results and prove them when possible through measured success. 

I will not always know the mass effects of my work but I will recognize that results are independent of intent and results will vary while intent is consistent.  

I am accountable for my actions and I hold myself responsible and expect others to do the same. 

I know and understand right from wrong and if I am challenged to understanding the difference or I feel as if I am uncertain, I will ask a trusted agent to help provide clarity. 


More ?

Some people can easily tie this to religion.. it can’t be about religion because we will differ.  This has to be for the purpose of our shared values.  Religion is divisive, that being said… if your faith is aligned with these concepts.. this shouldn’t be a problem for you.

I don’t expect people to take this idea and run with it or change their behavior overnight but I do want people to think about and recognize that our failings are our enemies strength.

The reason why American’s are so good is because we have shared values sewn together as a diverse tapestry with drastically dynamic and different roots.  In other words, we are all very different but when we come together these differences melt into something very powerful, common and known.  Ask anyone who grew up in a place like Coop City in the Bronx, we were all different but we were so tied together that we have been bound in friendship for almost 40 years.

Take a stand and share this creed..  letting people know that you care is a step towards building trust. 

Dispatches from the Front: 11 September 2012

From Kenny

Today, September 11, 2012, eleven years to the day, each of our worlds changed forever.  How will you celebrate such an epoch in world history?

Here on a Forward Operating Base, Bagram Air Field, Afghanistan, we will be mourning the loss of 3 men on duty and 8 wounded from enemy rockets and mortars that took their lives and broke their bodies early this morning.  The mortars fell short of the intended target.  My hut is within 100 yards of that target.  Had the rounds fallen equally long, it is only for the Grace of God go I. 

I have attended 26 Fallen Hero ceremonies since arriving on 17 June 2012 and thankfully survived 22 rocket and mortar attacks on our compound that come in the night.  This “Who Cares” war rages on.  We who witness its horror and who know what terrible things are yet to come do care.

The families who have loved ones sent into harm’s way care.  You who are reading these words care for you would not be receiving this Dispatch if you did not.   Tell me if I am wrong, it appears the rest of our magnificent country just wishes this war would go away.  Even that response has to be pried out when forced to think about Afghanistan at all.  When did our society become complacent?  When did the attitude, “I’ll just write a check and my moral conscience cleared” become acceptable?  I remember in Africa watching two buffalo being chased by a lioness. One was taken.  The other carried on.  That is the cycle of life.  What of humans in the same situation?  Does the one, who makes it, simply say, Damn, I’m glad it was not me, and it sucks being the one that did not?  Questions I seek answers to, but today, have none.

I truly believe, even those who do not support this war, in their hearts support the individuals sent to fight it.   That has to be good enough.

Semper Fidelis,


GS-15, CJTF-1, 1D, CJ Assessments

Task Force Defender

Bagram Air Field

NIPR: 303-552-8026

CENTRIXS: 611-263-8665

SIPRNET: 718-552-7515

Ten Ways to Use LinkedIn to Find a Job

I get people asking me all the time about LinkedIn and how to use it.   I decided to pull out the old How to Change the World!!! Read on friends. **Reblog**

Ten Ways to Use LinkedIn to Find a Job

Picture 7.jpgSearching for a job can suck if you constrain yourself to the typical tools such as online jobs boards, trade publications, CraigsList, and networking with only your close friends. In these kinds of times, you need to use all the weapons that you can, and one that many people don’t—or at least don’t use to the fullest extent, is LinkedIn.

LinkedIn has over thirty-five million members in over 140 industries. Most of them are adults, employed, and not looking to post something on your Wall or date you. Executives from all the Fortune 500 companies are on LinkedIn. Most have disclosed what they do, where they work now, and where they’ve worked in the past. Talk about a target-rich environment, and the service is free.

Here are ten tips to help use LinkedIn to find a job. If you know someone who’s looking for a job, forward them these tips along with an invitation to connect on LinkedIn. Before trying these tips, make sure you’ve filled out your profile and added at least twenty connections

  1. Get the word out. Tell your network that you’re looking for a new position because a job search these days requires the “law of big numbers” There is no stigma that you’re looking right now, so the more people who know you’re looking, the more likely you’ll find a job. Recently, LinkedIn added “status updates” which you can use to let your network know about your newly emancipated status.
  2. Get LinkedIn recommendations from your colleagues. A strong recommendation from your manager highlights your strengths and shows that you were a valued employee. This is especially helpful if you were recently laid off, and there is no better time to ask for this than when your manager is feeling bad because she laid you off. If you were a manager yourself, recommendations from your employees can also highlight leadership qualities.
  3. Find out where people with your backgrounds are working. Find companies that employ people like you by doing an advanced search for people in your area who have your skills. For example, if you’re a web developer in Seattle, search profiles in your zip code using keywords with your skills (for example, JavaScript, XHTML, Ruby on Rails) to see which companies employ people like you.
  4. Find out where people at a company came from. LinkedIn “Company Profiles” show the career path of people before they began work there. This is very useful data to figure out what a company is looking for in new hires. For example, Microsoft employees worked at Hewlett-Packard and Oracle.
  5. Find out where people from a company go next. LinkedIn’s “Company Profiles” also tell you where people go after leaving the company. You can use this to track where people go after leaving your company as well as employees of other companies in your sector. (You could make the case that this feature also enables to figure out which companies to avoid, but I digress.)
  6. Check if a company is still hiring. Company pages on LinkedIn include a section called “New Hires” that lists people who have recently joined the company. If you have real chutzpah, you can ask these new hires how they got their new job. At the very least you can examine their backgrounds to surmise what made them attractive to the new employer.
  7. Get to the hiring manager. LinkedIn’s job search engine allows you to search for any kind of job you want. However, when you view the results, pay close attention to the ones that you’re no more than two degrees away from. This means that you know someone who knows the person that posted the job—it can’t get much better than that. (Power tip: two degrees is about the limit for getting to hiring managers. I never help friends of friends of friends.) Another way to find companies that you have ties to is by looking at the “Companies in Your Network” section on LinkedIn’s Job Search page.
  8. Get to the right HR person. The best case is getting to the hiring manager via someone who knows him, but if that isn’t possible you can still use LinkedIn to find someone inside the company to walk your resume to the hiring manager or HR department. When someone receives a resume from a coworker even if she doesn’t know the coworker, she almost always pays attention to it.
  9. Find out the secret job requirements. Job listings rarely spell out entirely or exactly what a hiring manager is seeking. Find a connection at the company who can get the inside scoop on what really matters for the job. You can do this by searching for the company name; the results will show you who in your network connects you to the company. If you don’t have an inside connection, look at profiles of the people who work at the company to get an idea of their backgrounds and important skills.
  10. Find startups to join. Maybe this recession is God telling you it’s time to try a startup. But great startups are hard to find. Play around with LinkedIn’s advanced search engine using “startup” or “stealth” in the keyword or company field. You can also narrow by industry (for example, startups in the Web 2.0, wireless, or biotech sectors). If large companies can’t offer “job security,” open up your search to include startups.
  11. Build your network before you need it. As a last tip, no matter how the economy or your career is doing, having a strong network is a good form of job security. Don’t wait until times are tough to nurture your network. The key to networking (or “schmozing”), however, is filled with counter-intuitiveness. First, it’s not who you know—it’s who knows of you. Second, Great schmoozers are not thinking “What can this person do for me?” To the contrary, they are thinking, “What can I do for this person?” For more on schmoozing, read “The Art of Schmoozing.”


Read more:

Cloud Computing Risk ~ Some Notes..

Cloud computing is good for business but it comes with risk.  You know those commercials for medicine that pop up on your television?  The ones that tell you how beneficial the medication is until the last 15 seconds of the 20 second commercial.  At least it feels that way.   After they get through the one benefit they list a bunch of things that will harm you

How about when you buy a new car?  Or you need financing for something?  You hear all this benefit then someone speaks in fast ways that you can’t even understand but if you slow it down you hear that they will take your house, your car, your wife and kids and the family pooch!

Still reading?..  Cloud Computing = Trust (not trusted computing) but TRUST.

What are the risks associated with trusting a company that in some cases you aren’t paying?

Below are (SOME) minor examples, skip by this if you just want to keep reading.

    by Dan Graziano – in 97 Google+ circles – More by Dan Graziano

    Aug 1, 2012 – A couple of weeks ago, Dropbox users began to complain about receiving spam in email accounts created exclusively for the service.


    Aug 1, 2012 – Dropbox Confirms Security Breach, Facebook Gets a Surge of Mobile Users.


    Aug 1, 2012 – Dropbox has admitted that spam reported by its users over the last few weeks was the direct result of a security breach. Both login names and 

  4. Aug 1, 2012 – Online storage service Dropbox has given details of a security breachthat led to many of its members receiving unsolicited emails. A stolen 

    by Wayne Rash – in 417 Google+ circles – More by Wayne Rash

    Aug 3, 2012 – NEWS ANALYSIS: While cloud service providers try to ensure their offerings are reasonably secure, they usually fail in this basic requirement…/dropbox-password-breach-leak_… Aug 1, 2012 – Dropbox has become the latest web service to suffer a huge security breach. Thousands of users had their usernames and passwords stolen 
More Problems for Amazon EC2 Cloud » Data Center Knowledge › Downtime Share Jun 29, 2012 – Amazon Web Services is reporting more service problems this morning for some customers of its EC2 cloud computing service. Amazon has Security Issues For Personal Accounts » TechLogon…/box-com-securityissues-for-personal-accou…Share
Mar 9, 2012 – Two issues about the level and type of security Box offer to free Personal (formerly are a major online backup service, ..

What does this mean to you?

Since I am talking about cloud computing in general it can mean a whole lot of things but for the sake of keeping this blog fairly reasonable,  I will just address some basics here.

When YOU put YOUR information on the internet and you hand it over to a “trusted provider” realize what that means.  For most of us, it means that you are willing to lose that information or share it.  The provider **CANNOT** guarantee the safety of that information.    I  am not picking on Dropbox by the way but here is their language ”

Dropbox is Available “AS-IS”

Though we want to provide a great service, there are certain things about the service we can’t promise. For example, THE SERVICES AND SOFTWARE ARE PROVIDED “AS IS”, AT YOUR OWN RISK, WITHOUT EXPRESS OR IMPLIED WARRANTY OR CONDITION OF ANY KIND. WE ALSO DISCLAIM ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. (We are not shouting- it’s just that these disclaimers are really important, so we want to highlight them). Dropbox will have no responsibility for any harm to your computer system, loss or corruption of data, or other harm that results from your access to or use of the Services or Software. Some states do not allow the types of disclaimers in this paragraph, so they may not apply to you.”


Oh Google my Google.. same type of thing or Amazon.. or ANY OF THEM.

Bottom line is that even if you PAY for services you are at risk.   From a business perspective you must consider how to manage and lower your risk by taking measures legal and technical.

For the government or government workers I think there are a lot of other considerations that have to take place.

Oh Howie!!!! You worry too much… 

  1. UK data breach reports rocket 1000% in just five years Computer Business Review‎ – 3 days ago Figures reveal a huge increase in self-reported data breaches, with local government bodies being the worst culprits.
  2.  Imation shines light on scale of NHS data breaches IT PRO‎ – 1 day ago
  3.  Data breaches 10 times worse, say ICO figures BBC News‎ – 2 days ago
  4.  UK data breaches up 1000% in five years 3 days ago – According to the data, local government data breaches have increased by 1609%, with the next largest increases coming from other public 
  5.  Dark Clouds Over Technology: Pondering  – Government Technology…/Dark-Clouds-Over-Technology-042212….Dark Clouds Over Technology: Pondering Action After Recent State Government Data Breaches. April 22, 2012 By Dan Lohrmann. Over the past few weeks, 
  6.  Breaches Affecting 500 or More Individuals › … › Breach Notification Rule As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list ofbreaches of unsecured protected health information affecting 500 or more 

Is it worth the RISK?

If your answer is ” I don’t know” then you have a problem.

If your answer is “yes” then you should have some analysis to back that up.
If your answer is “no” then you should have some analysis to back that up.