From the Mechanix blog comes the tale of the blocking CREATE INDEX call under PostgreSQL - I consider myself lucky that the databases I run are of internal use and I can permit myself to take them offline for a couple of minutes.
Via the Financial Cryptography blog: What makes a Security Project?. Interesting conclusions. In my opinion Microsoft had made great strides in the last years to focus on security and their current code quality is lightyears ahead of many of its competitors (Oracle anyone? :-))
Via the 1 Raindrop blog: security isn't a big topic at developer conferences. Really sad.
Via the Google Security blog: they will start to offer more information about malicious sites. This is great since IMHO information sharing is the weakest point of the current security industry.
Via the /dev/random blog: security@work (embedded below for your viewing pleasure)
Two humorous takes on the Debian radom number generator problem: