Asymmetric Security Warfare — I found this nugget buried in this photo shoot talking about the differences between Black Hat and DEFCON conferences: [Mudge, Peiter] Zatko found that it takes about 125 lines of code to create the typical piece of malware and it takes about 10 million lines of code to create sophisticated technologies to protect against it.
HTTP Benchmarking Rules — Mark Nottingham lays down some guidelines for meaningful and effective benchmarking of HTTP services. Full of subtleties and wile: [P]retty much every server loses some capacity once you throw more work at it than it can handle. A better way to get an idea of capacity is to test your server at progressively higher loads, until it reaches capacity and then backs off; you should be able to graph it as a curve that peaks and then backs off. How much it backs off will indicate how well your server deals with overload.