We've covered Phil's take on complexity and security before, but it's always a good subject to revisit.
This time I wanted to focus on item 9 in his argument about why bad design is the true enemy, not complexity. Number 9 is, "Reduce Error Messages and Guidance."
I like this, of course, because it points out the anti-pattern of ever-increasing configuration and hardening guides. If those guides are getting bigger and bigger, maybe that's a sign the system's design is pushing too much decision-making onto a user. And that can be a sign of poor defaults, poor abstractions, and poor workflows.