On the other hand it won't respond to commands that would FORCE a magnetic drive to completely wipe the file.On the other hand it won't respond to commands that would FORCE a magnetic drive to completely wipe the file.
So why isn't a "wipe everything, including the spares" command part of the SATA standard command set? I can think of many times I'd like to completely erase a drive. Basically, any time I run the equivalent of "fdisk, o" in whatever OS I'm using, I'm explicitly telling the drive, "I value nothing here". That would be a prime time to optionally tell a drive to totally erase itself.
There are even non-security-related reasons for doing this. IIRC, the reiserfs recovery tools would scan a partition to look for data laid out in reiserfs-formatted chunks and undelete them. That's normally exactly what you want. However, suppose you're using reiserfs and running a VM that also uses reiserfs on its virtual disk, which lives inside a file on your main filesystem. The recovery tools would see those structures, too, and merge them back into your directory structure. This is typically disastrous.
When programming in low-level languages, it's nice to know that the only thing in your process's heap is data you've explicitly put there. The same holds true for hard drives. While we're obviously pretty good at keeping the wheat separated from the chaff, it'd be nice if you could guarantee that there was no chaff to start with.
Thermal paste increases thermal conductivity between chip and heat sink.
Overclocked your first gaming rig, huh? No. Thermal paste is a crappy conductor. From Wikipedia:
The metal oxide and nitride particles suspended in silicone thermal compounds have thermal conductivities of up to 220 W/(mK). (In comparison, the thermal conductivity of metals used particle additions, copper is 380 W/(mK), silver 429 and aluminum 237.) The typical thermal conductivities of the silicone compounds are 0.7 to 3 W/(mK). Silver thermal compounds may have a conductivity of 3 to 8 W/(mK) or more.
So, "good" silver compound will be approximately 1% as conductive as aluminum. The only thing near a CPU less conductive than thermal paste is air. You want to use the bare minimum necessary to fill the minor imperfections in the surfaces of the CPU and heatsink. Any more than that and you might as well wrap your processor in a nice cozy wool sweater.
But what you won't see is scenes, plot and dialog specifically created to showcase Apple products, as you do in the GP's example of a "Bing It!" scene in Hawaii Five-0.
I like the show "Bones". Yeah, I have to close my eyes and plug my ears any time they do anything with computers, but it's still a fun show to watch.
But they have the most annoying product placement anywhere. For example, Angela and Tempe are driving down a road. Angela is distracted by their conversation and the car drifts into the oncoming lane. It beeps loudly at her.
Tempe: You should watch the road!
Angela: You're right! It's a good thing my Toyota (tm) comes with a system that detects when I'm not paying attention and alerts me! And it was affordable, with great interest rates!
Because it allows you to bash the product. I don't think that Steve Jobs would be any too happy if the plot involved, for example, a virus that infects the computer, the computer bursting into flames, the computer requiring an expensive upgrade, or any other thing that doesn't portray a Mac in the greatest light.
Why would Nickeloden, iCarly's network, give a fig about Jobs's opinion on the matter?
I think they used a fake computer brand so they could run MovieOS on it and make it do things in ways that would be different (or impossible) on a real computer.
Republicans and businessmen always go for short term gains at the cost of sustainability.
As opposed to Democrats, who give huge pay raises to government unions, then blame the then-incumbent Republicans years down the road when the budget won't balance.
I can go on making examples like this, favoring either major party, for days. Next time you have a complaint about Republicans (or Democrats), replace the party name with "politicians". Whatever your point was, it will still stand.
Let people tag sites they've found as a result of a search. Build a tagging system which will allow people to exclude linkspam for example.
That would replace "PageRank" with "whoever can afford to pay Mechanical Turk to tag their site". At that point, Google might as well drop the middleman and use their AdSense auctions to sell page ranking directly.
It shows Qwest's maximum bandwidth at my house as dialup, but I'm typing this on 3Mbps DSL. I could have (and have had) 8Mbps here, but that would have reduced my outbound bandwidth and I run a light-duty webserver.
Evolution *is* memory. (Some of) what works and what doesn't gets wired in.
I'd almost agree, except that I'd say evolution is the memory of a series of local optimizations. It has no memory of what didn't work and will happily keep repeating the same dumb experiments over and over.
If you find yourself making DNS changes so often that this is a problem, take the time to automate it and focus on what you're doing, not going down some shit-happy path towards Kerberos enlightenment. Or figure out why you have to keep changing DNS records so often and come up with a better method.
Perhaps you've heard of IPv6 (DJB hasn't, but maybe you're quicker on the uptake)? Suppose you run a company with 10,000 desktops and servers, all neatly categorized and named in your IPv4 DNS zones. Now you've decided to roll out IPv6 on that same network, and want each host's name to resolve with an A record and an AAAA record. The easiest way to do that is to let each machine update DNS with its own hostname and IP - subject to the proper restrictions. Move a machine to a different subnet? No problem: it's still reachable by name.
If you truly can't imagine a reason why you'd want to update DNS records continually, you have little imagination.
And I think I've already made my point about the relative easy of updating a nameserver that supports IXFR (which is pretty much any server that isn't djbdns) versus the lone stooge. Again, it's a lot easier to come up with one good sync system that everyone uses rather than expect each administrator to come up with his own perfect, efficient, secure replacement.
If you want it to be really secure, you'd just turn the server off. If you want secure and functional, isn't even an option.
I'll say it: djbdns is the least secure popular DNS daemon. Its fatal flaw is that it only implements the easiest parts of DNS. Maybe it's exceedingly secure at handling that stuff. Who knows? Who cares? It leaves all the hard part of DNS administration to be re-implemented at every single site. For example, to the best of my knowledge, djbdns still doesn't implement IXFRs. The security vulnerability:
BIND method for dynamic DNS
Configure a TSIG key and install it on the master and slave servers.
Tell the master server to send notifications to the slaves.
Slap your hands together in "job well done" manner and go drink a beer.
djbdns method for dynamic DNS
Roll out some half-assed rsync-based implementation to send updates from the master to the slaves.
Don't forget to use SSH!
Don't forget to use public key authentication!
Don't forget to use empty passphrases, or implement some passphrase-caching mechanism!
Hey, maybe this would be a good time to spend a week learning about Kerberos!
Don't forget to lock down the 'namedaemon' accounts on the slaves so that they can only run rsync and not get full shell privileges!
Don't forget to lock down rsync so that it can't write outside djbdns's non-standard configuration directories!
Figure out a way to make it interact with your outsourced slave DNS systems, all of which are running BIND or something compatible with it.
Figure out whether to used time-based or delta-size-based algorithms to decide how often to trigger your proprietary sync system.
Explain to your boss why you spent two weeks dicking around with something that didn't have to be dicked around with had you picked something less bizarre.
djbdns pretends to be secure by ignoring all the things that make DNS "interesting". That's like writing a computer language with one instruction - say "subtract, branch negative", making that one instruction very robust, then making fun of people who use "insecure languages" (which happens to be everything but yours, as you loudly explain to everyone who will listen). No thanks.
I've known people who described themselves as programmers. They'd programmed Quicken. They'd programmed Paint Shop Pro. In fact, they were confident that if they could download an app, then they could program it onto their computer.
I suspect those people program Quicken in much the same way the Foreign Office "writes" printer and scanner drivers.
Something we hardly ever type or read? Mmmm-kay. If you say so. Personally, I often type domain names, and even more often read them. Maybe it's just 'cause I'm an old bastard, and I'm set in my ways, but I actually do read that address bar.
I read it every time, and hardly ever. That is, every time I click something, I glance at the URL bar to see where I'm at. Every time I manually go somewhere, I hit CTRL+L and look at the URL bar as I type. And after that? Never. I know I'm on Slashdot and wish my netbook could put that real estate to better use than telling me something I already know. I'd like a compromise: show the URL bar for a few seconds after clicking a link or entering an address, then go away until I hit CTRL+L again to re-open it.
In fact, being a good sysadmin, all my servers are MEANT to be rebooted if something goes sour. One SVN project goes sour? check if it's not the repository itself that got problems, or if the system needs to save something to safely exist... and if not, reboot the server.
I'm sorry, but you misspelled "inexperienced". I have nothing against rebooting and will cycle a machine when appropriate, but if you're having to reboot an SVN server, you've done fucked up. There's something misconfigured that's allowing it to enter states it should never be in, and you'd be far better served doing a little root cause analysis to find out what's happening so you can stop it from happening next time.
In general, then: when you have to reboot, find out why you have to reboot and fix it. Your way is easier in the moment, but scales horribly and makes a lot more work for you than it should.
The majority of doctor's offices I've been around aren't connected to the Internet at all. For instance, my wife's practice has a WPA2 secured Wi-Fi network so that her laptop (whole-drive TrueCrypt) can talk to the database server that manages her records, and none of the hosts on the WLAN have any form of Internet connection. As it turns out, they do have AV programs (MS Security Essentials), but without any removable media coming into the office and no net connection, it's pretty much just a formality.
My kid's orthodontist's network has Internet access, but it's a bunch of Macs behind a firewall+NAT and a strict "no personal browsing at the office" policy. (I know this because I bartered net admin chores for dental work:-) ).
I'm certain there are insecure medical offices, but the doctors I've talked to are so terrified HIPAA that they'll take almost any security tips you give them.
I'm not sure how Barnes and Noble's pricing structure works, but it's no better there for the end user. For example, here's most of a message I posted on B&N's Nook forum:
I was playing with the store on my Nook and was really impressed by the magazine prices. For example, I picked "National Review" at random and saw that it cost $3.95 an issue, or $4.95 for a subscription. "Wow," thought I. "These magazines are early adopters, expanding their readership through cheap subscriptions in a digital form that has approximately zero distribution costs. How clever of them!"
Looking at the bn.com page for the magazine, I found the catch: that's $4.95 per month.
Holy cow. First, that's $59.40 a year. I could subscribe to the physical version for $29.50 (and apparently get a free book as a gift). Second, I have never, anywhere, ever seen magazine subscriptions priced monthly. They are universally priced annually. Upon reviewing the Nook screen, sure enough, there it is at the top: "Monthly Subscription: $4.95". I missed that in favor of the large-font, glowing "Subscribe for $4.95" button on the touch screen. Tapping that button gives the prompt, 'Would you like to buy "National Review" for $4.95?", again with no indication that you're buying a monthly subscription.
I love my Nook, but I'd never pay for a small, electronic, black-and-white version of a magazine when I could get the colorful, ergonomic dead-tree version delivered for half the price. Their subscription model is miles away from making sense for me.
Youtube is practically unusable on my iPod Touch because it seems to always grab the HD version of a video and I have to wait 5 minutes while it buffers a 2 minute video. If I browse youtube.com in Safari, I have the option of picking the SD version and can start watching it right away.
99% of the time, I'm not watching a documentary on Costa Rican rainforests. More likely, I'm trying to show my kids a funny video of a cat licking it's own butt or something else that plays perfectly in low-res. The option of picking a suitable resolution for my viewing habits would go a long way toward cutting bandwidth and buffering needs.
The reason that Unix SAs don't like to reboot is deep seated in the history of Unix running decades ago on hardware for which a reboot cycle meant interrupting potentially dozens of people all sharing the same machine for a sequence that might take 10 to 20 minutes if nothing went wrong. Rebooting was correctly viewed as something to avoid whenever possible.
And that led to a tight positive feedback loop. When you're used to working on a reliable system, your workflow changes to optimize for it. I hate to reboot desktop systems because I typically have:
an Emacs with dozens of buffers open (46 at this moment),
several different browsers with multiple tabs open to pages I'm working on,
multiple console windows, each with a few tabs,
a few IM windows in mid-conversation, and
all organized into several virtual desktops
...all the way I left it and ready for me to jump to whatever needs my attention at the moment. Rebooting means throwing all that state out. Consequently, I'd never put up with a desktop that I didn't completely trust to be there when I needed it.
PS: Quit whining about the electricity usage. First, you can suspend or hibernate an unused desktop, and I see no advantage to daily reboots over daily sleeps. Second, my desktop is my remote admin console. When I need to fix something at 2AM - you can't prevent every problem - it's nice to SSH in and see what's going on, run emacsclient to pull up the SQL console I was using earlier that day, or jump to the shell session I already have open on the server that's no longer accepting new SSH logins. A single otherwise-unneeded midnight drive to the office wipes out several years worth of electricity savings.
Designing a wireless / wired network to support unsecured guests is a LOT different than designing one to support only secured guests.
And the cool thing is that you don't have to pick just one. It's perfectly possible and reasonable to have open and secured networks. That how I - the network admin - built the system at my company. I'm quite well aware of the conflict between security and usability, but at the end of the day, my boss pays me to find a way for him to use the software he wants. I don't have the privilege of saying "that's insecure! You can't use that on my network!" because he can always trump with "get your stuff and leave".
So if I got orders from my boss telling me to open the network for Lumpy's pet app, I'd be pretty pissed off at Lumpy. In my case, that'd be because I'd hope that Lumpy would come to me in person so that I could help him without involving management. In his company's case, it sounds like it'd be because his network admin has a misguided concept of "their network".
I admit: my first reaction is that if I worked security at your company, I'd want to kick your ass. I mean, I like you, but they probably have a very valid point about not wanting untrusted apps popping up all over the place.
But my second reaction was that you're right. There's no valid reason why you can't have unsecured guests on the holy internal wifi. We have an open WLAN here at the office, but it's firewalled away from anything we actually care about, with exceptions on a case-by-case basis. You don't get open access to the database server just because you're connecting to our corporate wifi. If your security guys can't handle that, then, well, sucks to be them. Good for you for finding away to make people actually do their jobs.
Last week I was talking to a customer and he explained how he, his wife, his brother-in-law and his wife, had left their southern baptist church because his brother-in-law's wife had the temerity to suggest that she could teach Sunday school - due to having assisted the male teacher, who had since left. It was "suggested" by the church that the brother-in-law should "control his woman"
The Southern Baptist Convention is more like a coalition of somewhat similarly-believing churches. Each member church is wholly autonomous, hires (and sometimes fires) their own pastor, elects their own Board of Deacons (which actually governs the church), and generally does whatever they want in whatever way they see fit. The whole SBC system is basically a federation of democratic republics with a very weak central government, the main purpose being to band together to support missionaries and some colleges, etc.
The Southern Baptist church I grew up in was the exact opposite of what you're describing. Specifically, my mom taught Sunday School for many years. Although we wore the traditional business-casual to business-formal clothes on Sunday morning, any other meetings or services you might go to were "come as you are", and in hot months you could just about guarantee that 90% of kids would be in shorts and t-shirts. The youth groups had summer camps where girls swam in bikinis if they wanted to, we went on ski trips, and one time we went on a national tour to perform a rock musical.
I don't consider myself a Southern Baptist anymore because of doctrinal differences, but they're certainly not collectively the way you describe that one particular church. Now, that church may very well be exactly like that, but that's because its own members choose to be. Other SBC churches would have very little patience with those artificial restrictions, and would in fact see them as ranking piety more importantly than an honest relationship with God.
Slashdot Mirror
On the other hand it won't respond to commands that would FORCE a magnetic drive to completely wipe the file.On the other hand it won't respond to commands that would FORCE a magnetic drive to completely wipe the file.
So why isn't a "wipe everything, including the spares" command part of the SATA standard command set? I can think of many times I'd like to completely erase a drive. Basically, any time I run the equivalent of "fdisk, o" in whatever OS I'm using, I'm explicitly telling the drive, "I value nothing here". That would be a prime time to optionally tell a drive to totally erase itself.
There are even non-security-related reasons for doing this. IIRC, the reiserfs recovery tools would scan a partition to look for data laid out in reiserfs-formatted chunks and undelete them. That's normally exactly what you want. However, suppose you're using reiserfs and running a VM that also uses reiserfs on its virtual disk, which lives inside a file on your main filesystem. The recovery tools would see those structures, too, and merge them back into your directory structure. This is typically disastrous.
When programming in low-level languages, it's nice to know that the only thing in your process's heap is data you've explicitly put there. The same holds true for hard drives. While we're obviously pretty good at keeping the wheat separated from the chaff, it'd be nice if you could guarantee that there was no chaff to start with.
Thermal paste increases thermal conductivity between chip and heat sink.
Overclocked your first gaming rig, huh? No. Thermal paste is a crappy conductor. From Wikipedia:
So, "good" silver compound will be approximately 1% as conductive as aluminum. The only thing near a CPU less conductive than thermal paste is air. You want to use the bare minimum necessary to fill the minor imperfections in the surfaces of the CPU and heatsink. Any more than that and you might as well wrap your processor in a nice cozy wool sweater.
But what you won't see is scenes, plot and dialog specifically created to showcase Apple products, as you do in the GP's example of a "Bing It!" scene in Hawaii Five-0.
I like the show "Bones". Yeah, I have to close my eyes and plug my ears any time they do anything with computers, but it's still a fun show to watch.
But they have the most annoying product placement anywhere. For example, Angela and Tempe are driving down a road. Angela is distracted by their conversation and the car drifts into the oncoming lane. It beeps loudly at her.
Thanks for un-suspending my disbelief.
Because it allows you to bash the product. I don't think that Steve Jobs would be any too happy if the plot involved, for example, a virus that infects the computer, the computer bursting into flames, the computer requiring an expensive upgrade, or any other thing that doesn't portray a Mac in the greatest light.
Why would Nickeloden, iCarly's network, give a fig about Jobs's opinion on the matter?
I think they used a fake computer brand so they could run MovieOS on it and make it do things in ways that would be different (or impossible) on a real computer.
Republicans and businessmen always go for short term gains at the cost of sustainability.
As opposed to Democrats, who give huge pay raises to government unions, then blame the then-incumbent Republicans years down the road when the budget won't balance.
I can go on making examples like this, favoring either major party, for days. Next time you have a complaint about Republicans (or Democrats), replace the party name with "politicians". Whatever your point was, it will still stand.
Let people tag sites they've found as a result of a search. Build a tagging system which will allow people to exclude linkspam for example.
That would replace "PageRank" with "whoever can afford to pay Mechanical Turk to tag their site". At that point, Google might as well drop the middleman and use their AdSense auctions to sell page ranking directly.
Fortunately, kill doesn't seem to be setuid, and I think they're about to revoke his sudo rights.
They could be going with SIGKILL. Of course, SIGQUIT would be a nice improvement.
It shows Qwest's maximum bandwidth at my house as dialup, but I'm typing this on 3Mbps DSL. I could have (and have had) 8Mbps here, but that would have reduced my outbound bandwidth and I run a light-duty webserver.
Evolution *is* memory. (Some of) what works and what doesn't gets wired in.
I'd almost agree, except that I'd say evolution is the memory of a series of local optimizations. It has no memory of what didn't work and will happily keep repeating the same dumb experiments over and over.
If you find yourself making DNS changes so often that this is a problem, take the time to automate it and focus on what you're doing, not going down some shit-happy path towards Kerberos enlightenment. Or figure out why you have to keep changing DNS records so often and come up with a better method.
Perhaps you've heard of IPv6 (DJB hasn't, but maybe you're quicker on the uptake)? Suppose you run a company with 10,000 desktops and servers, all neatly categorized and named in your IPv4 DNS zones. Now you've decided to roll out IPv6 on that same network, and want each host's name to resolve with an A record and an AAAA record. The easiest way to do that is to let each machine update DNS with its own hostname and IP - subject to the proper restrictions. Move a machine to a different subnet? No problem: it's still reachable by name.
If you truly can't imagine a reason why you'd want to update DNS records continually, you have little imagination.
And I think I've already made my point about the relative easy of updating a nameserver that supports IXFR (which is pretty much any server that isn't djbdns) versus the lone stooge. Again, it's a lot easier to come up with one good sync system that everyone uses rather than expect each administrator to come up with his own perfect, efficient, secure replacement.
if you want a secure one.
If you want it to be really secure, you'd just turn the server off. If you want secure and functional, isn't even an option.
I'll say it: djbdns is the least secure popular DNS daemon. Its fatal flaw is that it only implements the easiest parts of DNS. Maybe it's exceedingly secure at handling that stuff. Who knows? Who cares? It leaves all the hard part of DNS administration to be re-implemented at every single site. For example, to the best of my knowledge, djbdns still doesn't implement IXFRs. The security vulnerability:
BIND method for dynamic DNS
djbdns method for dynamic DNS
djbdns pretends to be secure by ignoring all the things that make DNS "interesting". That's like writing a computer language with one instruction - say "subtract, branch negative", making that one instruction very robust, then making fun of people who use "insecure languages" (which happens to be everything but yours, as you loudly explain to everyone who will listen). No thanks.
Why are they writing their own drivers?
I've known people who described themselves as programmers. They'd programmed Quicken. They'd programmed Paint Shop Pro. In fact, they were confident that if they could download an app, then they could program it onto their computer.
I suspect those people program Quicken in much the same way the Foreign Office "writes" printer and scanner drivers.
Something we hardly ever type or read? Mmmm-kay. If you say so. Personally, I often type domain names, and even more often read them. Maybe it's just 'cause I'm an old bastard, and I'm set in my ways, but I actually do read that address bar.
I read it every time, and hardly ever. That is, every time I click something, I glance at the URL bar to see where I'm at. Every time I manually go somewhere, I hit CTRL+L and look at the URL bar as I type. And after that? Never. I know I'm on Slashdot and wish my netbook could put that real estate to better use than telling me something I already know. I'd like a compromise: show the URL bar for a few seconds after clicking a link or entering an address, then go away until I hit CTRL+L again to re-open it.
In fact, being a good sysadmin, all my servers are MEANT to be rebooted if something goes sour. One SVN project goes sour? check if it's not the repository itself that got problems, or if the system needs to save something to safely exist ... and if not, reboot the server.
I'm sorry, but you misspelled "inexperienced". I have nothing against rebooting and will cycle a machine when appropriate, but if you're having to reboot an SVN server, you've done fucked up. There's something misconfigured that's allowing it to enter states it should never be in, and you'd be far better served doing a little root cause analysis to find out what's happening so you can stop it from happening next time.
In general, then: when you have to reboot, find out why you have to reboot and fix it. Your way is easier in the moment, but scales horribly and makes a lot more work for you than it should.
On the other end of what? Her records never leave her office network, which is the most common arrangement I've seen.
The majority of doctor's offices I've been around aren't connected to the Internet at all. For instance, my wife's practice has a WPA2 secured Wi-Fi network so that her laptop (whole-drive TrueCrypt) can talk to the database server that manages her records, and none of the hosts on the WLAN have any form of Internet connection. As it turns out, they do have AV programs (MS Security Essentials), but without any removable media coming into the office and no net connection, it's pretty much just a formality.
My kid's orthodontist's network has Internet access, but it's a bunch of Macs behind a firewall+NAT and a strict "no personal browsing at the office" policy. (I know this because I bartered net admin chores for dental work :-) ).
I'm certain there are insecure medical offices, but the doctors I've talked to are so terrified HIPAA that they'll take almost any security tips you give them.
I'm not sure how Barnes and Noble's pricing structure works, but it's no better there for the end user. For example, here's most of a message I posted on B&N's Nook forum:
I love my Nook, but I'd never pay for a small, electronic, black-and-white version of a magazine when I could get the colorful, ergonomic dead-tree version delivered for half the price. Their subscription model is miles away from making sense for me.
Do you work for Sony or SanDisk?
If he worked for Sony, you wouldn't have been allowed to read it.
Youtube is practically unusable on my iPod Touch because it seems to always grab the HD version of a video and I have to wait 5 minutes while it buffers a 2 minute video. If I browse youtube.com in Safari, I have the option of picking the SD version and can start watching it right away.
99% of the time, I'm not watching a documentary on Costa Rican rainforests. More likely, I'm trying to show my kids a funny video of a cat licking it's own butt or something else that plays perfectly in low-res. The option of picking a suitable resolution for my viewing habits would go a long way toward cutting bandwidth and buffering needs.
The reason that Unix SAs don't like to reboot is deep seated in the history of Unix running decades ago on hardware for which a reboot cycle meant interrupting potentially dozens of people all sharing the same machine for a sequence that might take 10 to 20 minutes if nothing went wrong. Rebooting was correctly viewed as something to avoid whenever possible.
And that led to a tight positive feedback loop. When you're used to working on a reliable system, your workflow changes to optimize for it. I hate to reboot desktop systems because I typically have:
...all the way I left it and ready for me to jump to whatever needs my attention at the moment. Rebooting means throwing all that state out. Consequently, I'd never put up with a desktop that I didn't completely trust to be there when I needed it.
PS: Quit whining about the electricity usage. First, you can suspend or hibernate an unused desktop, and I see no advantage to daily reboots over daily sleeps. Second, my desktop is my remote admin console. When I need to fix something at 2AM - you can't prevent every problem - it's nice to SSH in and see what's going on, run emacsclient to pull up the SQL console I was using earlier that day, or jump to the shell session I already have open on the server that's no longer accepting new SSH logins. A single otherwise-unneeded midnight drive to the office wipes out several years worth of electricity savings.
Designing a wireless / wired network to support unsecured guests is a LOT different than designing one to support only secured guests.
And the cool thing is that you don't have to pick just one. It's perfectly possible and reasonable to have open and secured networks. That how I - the network admin - built the system at my company. I'm quite well aware of the conflict between security and usability, but at the end of the day, my boss pays me to find a way for him to use the software he wants. I don't have the privilege of saying "that's insecure! You can't use that on my network!" because he can always trump with "get your stuff and leave".
So if I got orders from my boss telling me to open the network for Lumpy's pet app, I'd be pretty pissed off at Lumpy. In my case, that'd be because I'd hope that Lumpy would come to me in person so that I could help him without involving management. In his company's case, it sounds like it'd be because his network admin has a misguided concept of "their network".
I admit: my first reaction is that if I worked security at your company, I'd want to kick your ass. I mean, I like you, but they probably have a very valid point about not wanting untrusted apps popping up all over the place.
But my second reaction was that you're right. There's no valid reason why you can't have unsecured guests on the holy internal wifi. We have an open WLAN here at the office, but it's firewalled away from anything we actually care about, with exceptions on a case-by-case basis. You don't get open access to the database server just because you're connecting to our corporate wifi. If your security guys can't handle that, then, well, sucks to be them. Good for you for finding away to make people actually do their jobs.
Last week I was talking to a customer and he explained how he, his wife, his brother-in-law and his wife, had left their southern baptist church because his brother-in-law's wife had the temerity to suggest that she could teach Sunday school - due to having assisted the male teacher, who had since left. It was "suggested" by the church that the brother-in-law should "control his woman"
The Southern Baptist Convention is more like a coalition of somewhat similarly-believing churches. Each member church is wholly autonomous, hires (and sometimes fires) their own pastor, elects their own Board of Deacons (which actually governs the church), and generally does whatever they want in whatever way they see fit. The whole SBC system is basically a federation of democratic republics with a very weak central government, the main purpose being to band together to support missionaries and some colleges, etc.
The Southern Baptist church I grew up in was the exact opposite of what you're describing. Specifically, my mom taught Sunday School for many years. Although we wore the traditional business-casual to business-formal clothes on Sunday morning, any other meetings or services you might go to were "come as you are", and in hot months you could just about guarantee that 90% of kids would be in shorts and t-shirts. The youth groups had summer camps where girls swam in bikinis if they wanted to, we went on ski trips, and one time we went on a national tour to perform a rock musical.
I don't consider myself a Southern Baptist anymore because of doctrinal differences, but they're certainly not collectively the way you describe that one particular church. Now, that church may very well be exactly like that, but that's because its own members choose to be. Other SBC churches would have very little patience with those artificial restrictions, and would in fact see them as ranking piety more importantly than an honest relationship with God.
These shows contain some of the most violent, disturbing themes and imagery I've ever seen:
The British ad against texting while driving is the only thing I've seen on TV in years that gave me nightmares.