We think we found a bad regex, and you should be able to post again.

As far as I can tell, the single biggest mistake in the London shooting was that the guys with a license to kill didn't wear police uniforms, so for the victim they just looked like bad guys out to get him.
Moscow had its own series of underground blasts (the first one detonated in 1977 by Armenian separatists) some of them carried out by suicide bombers (the first one in August 1999 by Chechen separatists), so they have installed armed guards with a license to kill long time ago. But these are visibly armed with Kalashnikovs (welded stuck to semi-auto mode) and wear a distinct metro-police uniform with body armor. They are easily recognizable, and noone in their right mind would run from them, if ordered to halt.
They appeared in St. Petersburg in 2003 to protect the large number of visitors that came for the tricentennial anniversary celebrations and did a remarkably good job. Basayev repeatedly threatened to carry out attacks in St. Petersburg that year, but nothing materialized. Proabably, the security measures were extremely expensive and not sustainable in the long run (St. Petersburg being the home-town of the president, I'd imagine that there was a lot of external funding for that year's security), but they apparently worked at that time of (real or perceived) danger.

"The third observation is that everything written about looks easy to defeat. Expect the next wave of suicide bombers to have addressed it. Which feeds into the complexity argument in both of the above directions."

I would expect the *current* wave of bombers to have addressed it - the obvious is a (in this case literal) dead man's switch, which the bomber need only release without first disarming the bomb. To put 7 bullets into the head of a suspected terrorist without any obvious means to conceal a bomb, AFTER you have him physically restrained, is a procedure that seems so wrong for so many reasons I have trouble finding what is *right* with it....

Ian, before designing countermeasures for phishing, have a look at the PWSteal/Bancos/ASH malware. I'm not sure how much of the U.S. phishing loss is actually due to trojanized end user machines, but once you've got rather strong protection against MITM attacks (microbrands, one-time passwords), I'm sure you'll see them in the U.S. as well. The attack technology is already there, so better deploy something which defeats it.

Dave, yes, that's a possibility, although I'm not so sure. The complexities of using it while approaching the target zone will likely result in a lot of premature detonations. Another alternative is the booby trap. Personally, I'd attempt to work the team in pairs, and have an override with the other guy, using a low powered 802 device.

Is the procedure wrong? It looks wrong, and bone-headed but we have to be careful that the press writeup isn't going to be fair. From a military perspective, it looks like a very tough problem, and that looks like "one way" to address it. Also, if it came from the Israelis, then that gives it some pedigree.

That's as a procedure. What my concern is even if it does result in some sort of success rate, the shift in balance of society's rights and expectations is so severe that the result will do more harm than good. That is, people walking down the street will know that they are now potentially in a "friendly fire" zone as well as a terrorism zone. Londoners are used to bombs, but this is something new.

Florian, yes, this is the vulnerable underbelly of the whole game. Even if MITM was sorted out, it will in the short term shift straight to attacking the microsoft platform.

How to deal with this? I don't think it is fair to let Microsoft blaim phishing on browser problems and I don't think it fair to let browser people blame it on the Microsoft OS weakness. They should both be fixed, and they should both be held accountable.

Daniel, troops on the streets would be to paramilitarise, and I agree that's something of a cost which only works if there is a high value target. It's easy to find some place where the troops aren't patrolling.

Also, paramilitaries alert the enemy, and this was meant to be an undercover operation. If the bomber knows a heavy dude with weaponry is ordering him to freeze, he can generally get the trigger pulled.