Where the real money from the movie is made. We've got Spaceballs the lunchbox, Spaceballs the flamethrower (the kids love this one), and Spaceballs the doll, me. [zip] "May the schwartz be with you." Adorable.
Yep, been that way for much more than ten years. According to IMDb, Mel Brooks wrote those lines 16 years ago, and it was already plenty true then. I think it's only gotten worse since.
Hey, I've got one of those, too! Still feels great to type on; hasn't lost a whit in all this time. What's it attached to? My low-traffic DNS server, a 486 VLB mobo with an 83MHz Pentium overdrive CPU. Storage? DTC-2278 VLB IDE running a WD Caviar 340MB. Network? WD8013 card, 10base-2 only. I have an old 10base-2 capable hub just to get the thing onto the switched 100Mb network. All of it still runs like a champ. Uptimes measured in months.
As Gray Davis demonstrated, politicians never mismanage finances. When a company gets it wrong, the damage is limited to its shareholders
You haven't been watching the California power fiasco. I think if anything, we learned from that that when an energy company gets it wrong, it whines to the Public Utilities Commission that it needs to raise rates to remain profitable, lines politicians reelection coffers, gets its way, and everyone except the shareholders and executives pays the penalty.
If the choice is between a for-profit corporation, whose stated goal is making money for its shareholders, is beholden only to its shareholders, and I have no recourse against, getting it wrong, and the government, whose stated goal is providing for its citizens, and where my vote helps determine who's in charge and what policies they should pursue, gets it wrong, I'll happily choose the latter, thank you very much.
In addition to the previous two posters, I'd like to add that speeding is not one-size-fits-all as the law would like you to believe. What's the 100-0 stopping distance of your average sports car? Family sedan? SUV? Semi? Semi carrying 10 tons of cargo? How about the agility of each -- ability to dodge obstacles? Not the same, are they? So why are they all held to the same speed limit? What about driver training and attentiveness? Given the same vehicle, who's more dangerous, someone who is alert and has significant experience in emergency driving situations, or someone who is distracted and has little driving experience?
Speed is only stated as a single number because it's impractical for the law to take all of those factors into account. But they *should* be taken into account. How do we do that? Subjective human judgment. This is my biggest beef with automated speed enforcement -- "too fast" is subjective, and depends on dozens of factors. I can accept a police officer who is reasonable and isn't out to fulfill a quota telling me I'm going too fast because he can factor in traffic, weather, road condition, my demeanor and apparent level of sophistication as a driver, the capabilities and condition of my vehicle, and a whole lot more, and roll all that into a fair judgment. A machine cannot.
Just because this NHL coach was going whatever speed he was going means little by itself. Throw in that he was doing so in not the most capable vehicle, and it means a little more. With presumably less than stellar driving skills (feel free to correct me if you know that presumption to be wrong), and it means a little more. Distractions? Road conditions? Weather? How about that, as the previous reply mentioned, he *FELL ASLEEP* at the wheel? At best, speed becomes a small slice of the overall picture and array of causes. What would have done more to prevent this crash, more speed limit enforcement, or a reminder to people that, "hey, if you're getting tired, pull over, stop, and take a nap."?
But then you've got to stop mid-air and take a three-minute commercial break, leaving the engine running of course, which hurts both your fuel economy AND your average speed. We'd probably start to see congestion over the fences on the banks of the Thames with all those amphibious cars hanging in mid-air waiting for their commercials to finish. Not to mention the voice-over actor you'd have to bring with you on every jump to give the "Now how you suppose they're gonna get out of this one, folks?" line just before the commercial break begins. I'm afraid it's just more hassle than it's worth.
If you were to examine 2^127 different files, then you would have a 50% chance of one of them giving you the desired MD5 hash. Do you know how large 2^127 is?
Actually, due to the birthday paradox, the odds of finding two files with the same 128-bit MD5 hash increase to 50% at somewhere closer to 2^64 files examined. Or at least, so argues Bruce Schneier in Practical Cryptography. And the argument seems to have some good sound mathematical basis.
Of course, 2^64 is still pretty darn big. In the general case where there isn't a potential common source for the two files, certainly still big enough to prove the link between the two files beyond a reasonable doubt.
But I'm still going to counter your argument in this case -- if two people buy the same CD, and each rips that CD cleanly, then the inputs to their respective MP3 encoders are identical. There are but a small number of MP3 encoders out there (what, a dozen, maybe three dozen? certainly no more than a dozen that are in common use by average people). Most people don't change their encoder options from the defaults, and most rip at 128kb. Most of those who don't rip at 128kb rip at 192kb. Encoders are deterministic. Same inputs and same settings mean same outputs. Now all that's left is the id3 tags. We've got CDDB / FreeDB homogenizing them. So I actually find it significantly likely that two people could each rip a song from their own store-bought copy of the same CD, and end up with identical MP3 files. In this case, the MD5 hash match means nothing -- sure it proves that the files are identical, but with such a high probability of arriving at legitimately identical files independently, it does nothing to prove that one file was copied from the other.
I regularly approach what would appear to a radar system to be an obstacle directly in my path at speeds that are clearly too high to allow braking to a stop before colliding. Why? I'm going to turn. Turning or dodging are often much better collision avoidance strategies than straight-line braking. Until the system can understand the whole environment and read the driver's mind to determine their intended strategy, then the statement "Chances are that if your approach speed is to high for your breaking distance then you going to crash." is pure bullshit. If a good human driver has determined that turning is better than braking in this situation, then no overly simple system should interfere with the driver's execution of that strategy.
And yes, a little tap on the brakes can indeed interfere with turning. That's how you kick the tail out and start a spinout.
Otherwise, you have to assume that you have a better understanding of customer preferences and this radar technology than does Honda.
I unfortunately know one thing about the average driver, especially the average American driver. They're lazy. They want everything done for them. They don't want to learn and hone driving skills. They don't want to develop quick reflexes and intelligent reactions, even if their life depends on it.
Until and unless this technology becomes provably as good as a well-trained, well-practiced, alert human driver, I'm going to be in favor of more training and practice for drivers, and against this technology. The more technology like this makes it into the mainstream, the lazier and stupider drivers get, and the more socially acceptable that laziness and stupidity gets. That is a danger to us all.
CHP (California Highway Patrol) uses Ka-band RADAR almost exclusively. In fact, in the last five years of driving around southern California, the vast majority of the detector hits I've gotten that I could pinpoint to a particular law enforcement source have been Ka-band RADAR. I've only been hit with LIDAR once. That was a Newport Beach city police motorcycle unit. How do I know this? I've got a Valentine-1 and a Lidatek Laser Echo, and I keep them both on nearly all the time.
Yes, LIDAR has greater range and greater selectivity (can pick out a single vehicle) than RADAR. But it also requires a stable platform and sighting equipment to be used properly. It cannot be used from a moving vehicle. RADAR can. It cannot be used in a shoot-from-the-hip quick reaction scenario. RADAR can. It cannot be used without a sight attached to a stable semi-fixed platform. RADAR can. For these reasons, the demise of RADAR is vastly exaggerated.
SCO just announced that they'll show the alleged offenses in the Linux kernel to "industry analysts, respected press people, and other industry leaders" under NDA. I want to know *who* (names) will be invited. Will anybody from the open source movement be invited? If so, who? Might I suggest Bruce Perens or Eric Raymond? No offense to the generic classes of parties mentioned in the invitation intended, but "press people" don't have the technical background to understand such an evaluation, and will be easily fooled. "Other industry leaders" is such a vague term that those chosen might be even less technically knowledgable than the press. And peronally, I don't trust "industry analysts" for anything farther than I can throw them. So we've got no guarantee that anyone invited is knowledgable enough in the art of software development and the workings of the Linux and System V kernels to be able to evaluate the evidence properly. If this little revelation of SCO's is to have any meaning, it must include that guarantee. The open source community must be allowed to send a representative (still bound by SCO's NDA) with the proper technical skill to fully understand and evaluate the evidence. Bruce Perens and Eric Raymond come to my mind as likely candidates. If one of them went to SCO's little evidence exhibition and came back saying, "you know, maybe it's not all complete bull; maybe they do have something of a case", then the whole landscape changes. Not so if those same words come from other less trusted or less knowledgable sources.
So how about it, SCO? If you're so sure of your evidence, how about inviting Bruce or Eric to be one of those "other industry leaders"? It's your chance to convince the open source community of the validity of your claims, shut up some of your loudest critics, and bring a huge fresh breath of legitimacy to this whole fiasco... Or were you just hoping to snow the uninitiated with more bull?
Security features in a language?
on
P2P Meets Push
·
· Score: 4, Insightful
Security features in a language attempt (poorly in most cases) to substitute for the programmer having an adequate security mindset. If you rely on the security features of a language, then you're screwed if they're broken. You're relying on the security auditing that has been performed on that language's features, and committing yourself to live or die by it. Have you personally verified that that language's seecurity features are designed well, and strong enough to meet your security requirements? Has someone you trust done so and published the results? If not, why are you relying on it?
My advice is go the opposite direction. Learn about security from a programmer perspective. Accept only libraries and components that have been extensively audited by knowledgeable, trusted sources. Then build your server on top of them in a lower level language that affords you the ability to take direct charge of everything else. Make your server secure by thinking about security in every line you code.
I use C, but the exact choice of language isn't important; the mindset and approach is. This advice applies equally to any other language: Check the return value from EVERY system call, EVERY resource allocation, and EVERY library call. Verify ALL inputs before using them, both for length and for sanity of contents. Before EACH time you write something to any kind of buffer, check that you won't write past the end FIRST. Do all of these things in every function of every module of every application. And if you rely on a language or library feature instead of doing it yourself, you'd better be damn sure that the language or library feature is doing it correctly and completely -- VERIFY this before you deploy your program.
Some may call writing in C a security risk. Inherently, it isn't. C just gives the programmer more rope to either make a better knot or make a better noose, as they see fit. The first ten to twenty lines of nearly every C function I write go like this: return failure if this parameter isn't sane; return failure if that parameter isn't sane; return failure if any persistent context isn't consistent with how we were called; try to allocate all resources required for the function and return failure if any of those allocations failed. Some other languages may automate some of that. But as a security auditor, I'm going to want to see all that. If I can't see it, I'm going to want to examine in detail the implementation of the language features that do it implicitly. If I can't do that, then I can't consider the program secure. Using C helps me audit my code because it forces all security measures to be explicit and spelled out in detail. Yes, that's more work for the programmer. But it's less work and more certainty for the security auditor. That's a tradeoff I'm willing to make.
I like your suggestion. It's heading in the right direction. The only part about it that's off-base is abandoning SMTP. SMTP is a well-designed and extensible protocol that's weathered the test of time. And it's already got authentication and transport layer security extensions defined and implemented. All that we're missing is widespread *deployment* of these features, and rejection of mail from servers that don't employ them.
Don't go redesigning the wheel. We've got a perfectly good wheel. It's just currently sitting in the spare tire well in the trunk (boot for you Brits). We just need to give mail administrators adequate incentive to bolt it onto the hub and start rolling with it.
"Yes, but are you running it single-ended or LVD?" "Oh, I got some antibiotics for the LVD, so I'm back to single-ended now."
"Flat ribbon or twisted-pair ribbon?" "I pulled a muscle last time Bruno tried twisted-pair on me, so now I only do flat ribbon."
"I've never tried this before, so start me off with those nice svelte VHDCIs, OK?"
"You could get the regular terminator for $15.95, or a vibrating terminator for $29.95. Then there's the extra special triple-ripple illuminating terminator for $49.95..."
Hmmm, given the price of all this SCSI stuff, maybe all this joking around isn't so off the mark...
or call IBM and try and get a quote for 500 pcs PowerPC if you doubt me.
That's what distribution companies are for. We're using a PPC in a low-volume embedded design (500 pcs/year is a good guess), so we buy like 200 at a time. Just call up Arrow, or Jericho, or any of their competitors. If you're a real outfit, and you've got some kind of relationship buying parts from them (even in low quantities), they'll get you PPCs in hundreds at a time. That's what they're there for.
Please ignore previous version of this post, my copy-and-paste apparently didn't get everything....
But like, c'mon, speeding on public highways is rampant.
If the majority of a society breaks a law with regularity, then how good of a law is it? Has society not voted with their actions, saying they don't want that law? Perhaps rather than jackboot-enforcing such a law, it would be more productive to ask what problems that law is trying to solve, how effective it is in solving those problems, what harmful side-effects it has, and how the underlying goals of the law might be better served in a different manner with fewer harmful side-effects.
nobody is entitled ot break the law.
Bull. Everybody is entitled to break the law. You just have to be prepared to deal with the consequences. In fact, there are few things more American than breaking an unjust law in an effort to get it changed. Am I saying that all speeders speed purely in an effort to raise speed limits? No. But you made a broad blanket statement that needed to be rebutted in such a form.
There are plenty of freeways available that have reasonably high speed limits.
In your opinion. Don't presume to claim that as fact, because it isn't. Others have opinions that differ from yours in this matter. Ask just about anyone from Montana, for example. In deciding public policy, the opinions of ALL citizens must be weighed.
If you're truly upset about speed limits, then use private roads.
And where, exactly, are these private roads that lead from the town where I live to the town where I'm visiting someone?
The fact that you speed (in addition to being morally repugnant)
Ah, now I'm immoral! I hate to rain on your religious parade, but morals are a matter of opinion as well. You may get near 100% agreement that killing an innocent person is immoral, but I doubt you'll get anywhere near that consensus that speeding (in general) is. I'll give due consideration to your opinion if you'll give due consideration to mine.
it just tells the legislators that you are a criminal
Boy, we sure do have a lot of criminals in this country. Are people really so evil, or are we just outlawing too much?
and the fact that you won't pay attention to the limit forces them to clamp down on it.
Sounds like a facist dictatorship, not a democracy. See my first paragraph, above.
Furthermore, why won't any of the scofflaws that are reading this (and I know some of you are) go out in your car and run some red lights and hit some pedestrians?
Maybe because "some of us scofflaws" do not consider speeding to be in the same category as running red lights and hitting pedestrians. Just because most current laws have similar penalties for the average red light infraction and the average speed infraction does not mean the offenses themselves come from the same mindset, have the same impact on society, or should be treated in the same way.
I've listened to your opinion, now perhaps you'll be so good as to listen to mine...
Speed is a scapegoat. The law enforcement and insurance establishments try to pin everything on speed that they can because speed is "easy" to enforce. Officers writing up accident reports routinely get pressured from above to list speed as a cause of the accident even if they don't really think it applies. Because the more accidents speed "causes", the weightier the statistics the establishment has to justify regulating speed instead of trying to regulate what really matters.
What really matters? Attention, skill, and equipment condition.
Surveys that don't come from the law enforcement and insurance establishments regularly conclude that inattention is much more dangerous on the road than speed. Safe driving requires attention and focus. Talking on a cellphone, eating, doing makeup, shaving, reading, and just about any other significant activity compete for a driver's attention and detract from focus. These are much more dangerous than speeding. So why aren't we outlawing all these activities while driving? Simple. It's an enforcement nightmare. Enforcing speed is easier. A radar gun can prove how fast you were going, but it can't prove how attentive to the road and traffic you were. Analysis of wreckage can give a pretty good idea of the speed at which a crash occurred, but it can't give a pretty good idea of how easily the crash could have been avoided if the drivers had been paying attention. Speed is enforced because it's easy to enforce, and the things we actually should be enforcing are to difficult to do so. As I said, speed is a scapegoat.
Pop quiz Americans: who has the least driving skill, the average American, the average Englishman, or the average German? It's the average American, BY FAR. Put the three of them in a situation requiring a difficult emergency maneuver to avoid a crash, and odds are the German and the Englishman will pull it off, and the American will wreck miserably. Why? Cost, training, and culture. It's orders of magnitude cheaper and easier to get a driver's license in America than it is in most of Western Europe, so European drivers take their license much more seriously than do Americans. We expect a license practically as birthright; to them, it's an enormous priviledge. European drivers get much more training than do American drivers in the licensing process, and are forced to pass a much more difficult driving test. Go to a racing school in America and they'll spend the entire first day teaching you things that a European driver had to learn IN ORDER TO GET their license. Finally, Europeans just take driving much more seriously than Americans do as a pervasive cultural bias. Cars sold in Germany don't have cup holders. Think about that for a moment. Germans don't WANT the ability to sip on a soda while driving. They want to focus on the road. If Americans had the same mindset, our roads would be a lot safer.
Ever try to bring an older car into California and get slammed by the smog laws, having to do all kinds of work to get it to meet emissions regulations? Try bringing an older American car into Europe. You'll get the same thing, only with suspension, brakes, and tires. The cheap bottom-barrel tires and shocks you get in an American auto parts store aren't even LEGAL to drive on German roads. The Germans don't consider them safe enough. AAA ran a free clinic teaching people about car maintenance, and found that over HALF of the people that showed up had dangerously underinflated tires. That statistic is much lower in Europe. Europeans maintain their cars better than Americans (and I'm not talking about washes and oil changes; I'm talking about worn out brake pads, shocks, and tires, underinflated tires, cut springs, and the like), and as a result, their cars are safer and more able to avoid crashes.
Now this is just personal observation, and admittedly is an unfair generalization, but I'm going to make it anyway. I find that many of the Americans shouting the loudest about enforcing speed limits rigidly are the same ones who don't take driving seriously, don't focus their attention on the road, try to do other distracting tasks while driving, haven't taken any kind of "advanced" driving instruction since being licensed (and don't want to), and drive around in an unsafe car (worn out components, etc.). If you're going to yell at me to slow down, what's to say I shouldn't yell at you to hang up the phone, pay attention to the road, put some air in those sorry excuses for tires, replace those worn shocks that have you bouncing down the road, use your turn signals, and for God's sake look in your mirrors before changing lanes?
Indignant that I should have the gall to say all that to you? Now you know how I feel when you tell me I'm an immoral criminal for speeding. Who's right? Well, that's a matter of opinion, and having the current law on your side doesn't automatically make you right. It just means that I have to accept consequences for my behavior on the road while you don't. But laws can be changed...
But like, c'mon, speeding on public highways is rampant.
If the majority of a society breaks a law with regularity, then how good of a law is it? Has society not voted with their actions, saying they don't want that law? Perhaps rather than jackboot-enforcing such a law, it would be more productive to ask what problems that law is trying to solve, how effective it is in solving those problems, what harmful side-effects it has, and how the underlying goals of the law might be better served in a different manner with fewer harmful side-effects.
nobody is entitled ot break the law.
Bull. Everybody is entitled to break the law. You just have to be prepared to deal with the consequences. In fact, there are few things more American than breaking an unjust law in an effort to get it changed. Am I saying that all speeders speed purely in an effort to raise speed limits? No. But you made a broad blanket statement that needed to be rebutted in such a form.
There are plenty of freeways available that have reasonably high speed limits.
In your opinion. Don't presume to claim that as fact, because it isn't. Others have opinions that differ from yours in this matter. Ask just about anyone from Montana, for example. In deciding public policy, the opinions of ALL citizens must be weighed.
If you're truly upset about speed limits, then use private roads.
And where, exactly, are these private roads that lead from the town where I live to the town where I'm visiting someone?
The fact that you speed (in addition to being morally repugnant)
Ah, now I'm immoral! I hate to rain on your religious parade, but morals are a matter of opinion as well. You may get near 100% agreement that killing an innocent person is immoral, but I doubt you'll get anywhere near that consensus that speeding (in general) is. I'll give due consideration to your opinion if you'll give due consideration to mine.
it just tells the legislators that you are a criminal
Boy, we sure do have a lot of criminals in this country. Are people really so evil, or are we just outlawing too much?
and the fact that you won't pay attention to the limit forces them to clamp down on it.
Sounds like a facist dictatorship, not a democracy. See my first paragraph, above.
Furthermore, why won't any of the scofflaws that are reading this (and I know some of you are) go out in your car and run some red lights and hit some pedestrians?
Maybe because "some of us scofflaws" do not consider speeding to be in the same category as running red lights and hitting pedestrians. Just because most current laws have similar penalties for the average red light infraction and the average speed infraction does not mean the offenses themselves come from the same mindset, have the same impact on society, or should be treated in the same way.
I've listened to your opinion, now perhaps you'll be so good as to listen to mine...
Speed is a scapegoat. The law enforcement and insurance establishments try to pin everything on speed that they can because speed is "easy" to enforce. Officers writing up accident reports routinely get pressured from above to list speed as a cause of the accident even if they don't really think it applies. Because the more accidents speed "causes", the weightier the statistics the establishment has to justify regulating speed instead of trying to regulate what really matters.
What really matters? Attention, skill, and equipment condition.
Surveys that don't come from the law enforcement and insurance establishments regularly conclude that inattention is much more dangerous on the road than speed. Safe driving requires attention and focus. Talking on a cellphone, eating, doing makeup, shaving, reading, and just about any other significant activity compete for a driver's attention and detract from focus. These are much more dangerous than speeding. So why aren't we outlawing all these activities wnd the American will wreck miserably. Why? Cost, training, and culture. It's orders of magnitude cheaper and easier to get a driver's license in America than it is in most of Western Europe, so European drivers take their license much more seriously than do Americans. We expect a license practically as birthright; to them, it's an enormous priviledge. European drivers get much more training than do American drivers in the licensing process, and are forced to pass a much more difficult driving test. Go to a racing school in America and they'll spend the entire first day teaching you things that a European driver had to learn IN ORDER TO GET their license. Finally, Europeans just take driving much more seriously than Americans do as a pervasive cultural bias. Cars sold in Germany don't have cup holders. Think about that for a moment. Germans don't WANT the ability to sip on a soda while driving. They want to focus on the road. If Americans had the same mindset, our roads would be a lot safer.
Ever try to bring an older car into California and get slammed by the smog laws, having to do all kinds of work to get it to meet emissions regulations? Try bringing an older American car into Europe. You'll get the same thing, only with suspension, brakes, and tires. The cheap bottom-barrel tires and shocks you get in an American auto parts store aren't even LEGAL to drive on German roads. The Germans don't consider them safe enough. AAA ran a free clinic teaching people about car maintenance, and found that over HALF of the people that showed up had dangerously underinflated tires. That statistic is much lower in Europe. Europeans maintain their cars better than Americans (and I'm not talking about washes and oil changes; I'm talking about worn out brake pads, shocks, and tires, underinflated tires, cut springs, and the like), and as a result, their cars are safer and more able to avoid crashes.
Now this is just personal observation, and admittedly is an unfair generalization, but I'm going to make it anyway. I find that many of the Americans shouting the loudest about enforcing speed limits rigidly are the same ones who don't take driving seriously, don't focus their attention on the road, try to do other distracting tasks while driving, haven't taken any kind of "advanced" driving instruction since being licensed (and don't want to), and drive around in an unsafe car (worn out components, etc.). If you're going to yell at me to slow down, what's to say I shouldn't yell at you to hang up the phone, pay attention to the road, put some air in those sorry excuses for tires, replace those worn shocks that have you bouncing down the road, use your turn signals, and for God's sake look in your mirrors before changing lanes?
Indignant that I should have the gall to say all that to you? Now you know how I feel when you tell me I'm an immoral criminal for speeding. Who's right? Well, that's a matter of opinion, and having the current law on your side doesn't automatically make you right. It just means that I have to accept consequences for my behavior on the road while you don't. But laws can be changed...
No one in this world is guaranteed a successful business model, a successful product, or profit in any form. We have a free market economy. That means you have to provide something people want, at a price that they're willing to pay, and deal with constant competition. If the market changes, you have to change with it or die.
Your problem is not open source. Your problem is you're denying the nature of the market, and refusing to change with it. If it wansn't open source, sooner or later some other market entity would come along and do the same thing to you for the same reason. Guess what? That's business. Deal with it. Adapt to the constantly changing market or die. It's obvious which of those options you have chosen.
Gone are the days when you could get some four-letter-acronym certification and get a job in the industry. You won't get hired anymore if your main source of knowledge is books like "X for dummies", "Y unleashed", or "Teach yourself Z in 21 days". Those are the people who, for the most part, are being shaken out of this industry now, and frankly, I consider that a good thing. However, in that same category I'd lump the people who went to a decent college CS program and didn't really work in it, barely passing, just to get to the job market. That's scarcely better. Don't become one of those people. Dig deep into the field and learn everything you can. Lift the hood and find out what goes on underneath. Remove the engine cover and learn what makes an engine tick. You wouldn't go to a mechanic who had never rebuilt an engine or swapped a radiator, would you? So why should I hire a programmer who doesn't know how a CPU works, or has never scrutinized the output of a compiler?
Learn computer architecture. Learn how a CPU, cache, and RAM work. Learn data structures. Learn why you'd want a tree in some situations and a hash table in others, and the consequences of each choice. Build a compiler from scratch. Learn parsing and grammar recognition. If you want to work on networks, learn queueing theory. Learn how an operating system works, what a virtual memory manager needs to do, how copy-on-write works, what a semaphore is. Et cetera.
If you know the entire foundation of the profession, you can pick up anything new that comes along with ease. You won't be so quickly cast aside when times get tough. And you'll have one-up on all the opportunists who learned from silly books or certification classes. They'll only know how the latest fad works. You'll know *why* it works, and you'll be much more able to set things right when it doesn't perform as advertised.
Say what? Typical FHSS radio dwell times (that's the period at which the frequency changes) are in the tens to low hundreds of milliseconds. Radio waves travel at 3.0e+10 meters/second. Let's say you were running a ridiculously low dwell time of 2ms (which I don't think 802.11 equipment even supports, BTW), and you wanted to hop fast enough to avoid receiving a second path on half the incoming packets. That means there would have to be a 1ms time differential between the two paths. And THAT means there would have to be a 3.0e+07 meter length differential between the two paths, which is greater than the diameter of the earth. You show me a 2.4GHz wireless transmitter powerful enough that the receiver has to worry about multipath on the scale of 30,000km, and I'll show you a stiff fine and a jail sentence from the FCC.
In short, you're full of it. FHSS does not hop fast enough to avoid multipath. Multipath interference comes in typically less than one symbol time after the main signal. If you hopped fast enough to avoid it, you'd never receive a single bit correctly.
1) Authentication can't be purely MAC address based. Most cards can transmit packets with any arbitrary MAC address. To steal service from such a system, all you'd have to do is sniff a legitimate user's MAC address and use it when or where they're not. Trivial. If you really want this to work, I think the best way is to accept only IPSec traffic over the air. Your legitimate users will have the authentication tokens necessary to negotiate an IPSec connection to some set of server/router/VPNboxen behind the access points, and the access points themselves will drop anything that isn't either IPSec-encapsulated or an authentication attempt. Solves the problem with WEP being weak, and solves the problem of stealing service by sniffing a few packets. The only problem it doesn't solve is the wireless medium being DoSed, but that's nearly impossible to solve without accurate triangulation equipment and a large brute named Guido wielding a baseball bat.
2) I disagree that something should be put in place that isn't secure yet. Having to work around and be backward compatible with a poor rushed first implementation is exactly how nasty ugly hacks develop and linger on for years.
3) If the government has use for a wireless network, then they can pay for it like everyone else. Being a very large customer, you could offer them a volume discount, or even cut some special deal for a deep discount in return for helping you deploy speedily. But advocating giving away access to the government on a permanent basis shows that you've got no business sense whatsoever. Ain't gonna happen; any company that tries it will founder.
But other than those points, nice idea. I support you.
Slashdot Mirror
Where the real money from the movie is made. We've got Spaceballs the lunchbox, Spaceballs the flamethrower (the kids love this one), and Spaceballs the doll, me. [zip] "May the schwartz be with you." Adorable.
Yep, been that way for much more than ten years. According to IMDb, Mel Brooks wrote those lines 16 years ago, and it was already plenty true then. I think it's only gotten worse since.
Hey, I've got one of those, too! Still feels great to type on; hasn't lost a whit in all this time. What's it attached to? My low-traffic DNS server, a 486 VLB mobo with an 83MHz Pentium overdrive CPU. Storage? DTC-2278 VLB IDE running a WD Caviar 340MB. Network? WD8013 card, 10base-2 only. I have an old 10base-2 capable hub just to get the thing onto the switched 100Mb network. All of it still runs like a champ. Uptimes measured in months.
You haven't been watching the California power fiasco. I think if anything, we learned from that that when an energy company gets it wrong, it whines to the Public Utilities Commission that it needs to raise rates to remain profitable, lines politicians reelection coffers, gets its way, and everyone except the shareholders and executives pays the penalty. If the choice is between a for-profit corporation, whose stated goal is making money for its shareholders, is beholden only to its shareholders, and I have no recourse against, getting it wrong, and the government, whose stated goal is providing for its citizens, and where my vote helps determine who's in charge and what policies they should pursue, gets it wrong, I'll happily choose the latter, thank you very much.
In addition to the previous two posters, I'd like to add that speeding is not one-size-fits-all as the law would like you to believe. What's the 100-0 stopping distance of your average sports car? Family sedan? SUV? Semi? Semi carrying 10 tons of cargo? How about the agility of each -- ability to dodge obstacles? Not the same, are they? So why are they all held to the same speed limit? What about driver training and attentiveness? Given the same vehicle, who's more dangerous, someone who is alert and has significant experience in emergency driving situations, or someone who is distracted and has little driving experience?
Speed is only stated as a single number because it's impractical for the law to take all of those factors into account. But they *should* be taken into account. How do we do that? Subjective human judgment. This is my biggest beef with automated speed enforcement -- "too fast" is subjective, and depends on dozens of factors. I can accept a police officer who is reasonable and isn't out to fulfill a quota telling me I'm going too fast because he can factor in traffic, weather, road condition, my demeanor and apparent level of sophistication as a driver, the capabilities and condition of my vehicle, and a whole lot more, and roll all that into a fair judgment. A machine cannot.
Just because this NHL coach was going whatever speed he was going means little by itself. Throw in that he was doing so in not the most capable vehicle, and it means a little more. With presumably less than stellar driving skills (feel free to correct me if you know that presumption to be wrong), and it means a little more. Distractions? Road conditions? Weather? How about that, as the previous reply mentioned, he *FELL ASLEEP* at the wheel? At best, speed becomes a small slice of the overall picture and array of causes. What would have done more to prevent this crash, more speed limit enforcement, or a reminder to people that, "hey, if you're getting tired, pull over, stop, and take a nap."?
They keep using that word. I do not think it means what they think it means.
But then you've got to stop mid-air and take a three-minute commercial break, leaving the engine running of course, which hurts both your fuel economy AND your average speed. We'd probably start to see congestion over the fences on the banks of the Thames with all those amphibious cars hanging in mid-air waiting for their commercials to finish. Not to mention the voice-over actor you'd have to bring with you on every jump to give the "Now how you suppose they're gonna get out of this one, folks?" line just before the commercial break begins. I'm afraid it's just more hassle than it's worth.
Actually, due to the birthday paradox, the odds of finding two files with the same 128-bit MD5 hash increase to 50% at somewhere closer to 2^64 files examined. Or at least, so argues Bruce Schneier in Practical Cryptography. And the argument seems to have some good sound mathematical basis.
Of course, 2^64 is still pretty darn big. In the general case where there isn't a potential common source for the two files, certainly still big enough to prove the link between the two files beyond a reasonable doubt.
But I'm still going to counter your argument in this case -- if two people buy the same CD, and each rips that CD cleanly, then the inputs to their respective MP3 encoders are identical. There are but a small number of MP3 encoders out there (what, a dozen, maybe three dozen? certainly no more than a dozen that are in common use by average people). Most people don't change their encoder options from the defaults, and most rip at 128kb. Most of those who don't rip at 128kb rip at 192kb. Encoders are deterministic. Same inputs and same settings mean same outputs. Now all that's left is the id3 tags. We've got CDDB / FreeDB homogenizing them. So I actually find it significantly likely that two people could each rip a song from their own store-bought copy of the same CD, and end up with identical MP3 files. In this case, the MD5 hash match means nothing -- sure it proves that the files are identical, but with such a high probability of arriving at legitimately identical files independently, it does nothing to prove that one file was copied from the other.
And yes, a little tap on the brakes can indeed interfere with turning. That's how you kick the tail out and start a spinout.
I unfortunately know one thing about the average driver, especially the average American driver. They're lazy. They want everything done for them. They don't want to learn and hone driving skills. They don't want to develop quick reflexes and intelligent reactions, even if their life depends on it.
Until and unless this technology becomes provably as good as a well-trained, well-practiced, alert human driver, I'm going to be in favor of more training and practice for drivers, and against this technology. The more technology like this makes it into the mainstream, the lazier and stupider drivers get, and the more socially acceptable that laziness and stupidity gets. That is a danger to us all.
CHP (California Highway Patrol) uses Ka-band RADAR almost exclusively. In fact, in the last five years of driving around southern California, the vast majority of the detector hits I've gotten that I could pinpoint to a particular law enforcement source have been Ka-band RADAR. I've only been hit with LIDAR once. That was a Newport Beach city police motorcycle unit. How do I know this? I've got a Valentine-1 and a Lidatek Laser Echo, and I keep them both on nearly all the time.
Yes, LIDAR has greater range and greater selectivity (can pick out a single vehicle) than RADAR. But it also requires a stable platform and sighting equipment to be used properly. It cannot be used from a moving vehicle. RADAR can. It cannot be used in a shoot-from-the-hip quick reaction scenario. RADAR can. It cannot be used without a sight attached to a stable semi-fixed platform. RADAR can. For these reasons, the demise of RADAR is vastly exaggerated.
SCO just announced that they'll show the alleged offenses in the Linux kernel to "industry analysts, respected press people, and other industry leaders" under NDA. I want to know *who* (names) will be invited. Will anybody from the open source movement be invited? If so, who? Might I suggest Bruce Perens or Eric Raymond? No offense to the generic classes of parties mentioned in the invitation intended, but "press people" don't have the technical background to understand such an evaluation, and will be easily fooled. "Other industry leaders" is such a vague term that those chosen might be even less technically knowledgable than the press. And peronally, I don't trust "industry analysts" for anything farther than I can throw them. So we've got no guarantee that anyone invited is knowledgable enough in the art of software development and the workings of the Linux and System V kernels to be able to evaluate the evidence properly. If this little revelation of SCO's is to have any meaning, it must include that guarantee. The open source community must be allowed to send a representative (still bound by SCO's NDA) with the proper technical skill to fully understand and evaluate the evidence. Bruce Perens and Eric Raymond come to my mind as likely candidates. If one of them went to SCO's little evidence exhibition and came back saying, "you know, maybe it's not all complete bull; maybe they do have something of a case", then the whole landscape changes. Not so if those same words come from other less trusted or less knowledgable sources.
So how about it, SCO? If you're so sure of your evidence, how about inviting Bruce or Eric to be one of those "other industry leaders"? It's your chance to convince the open source community of the validity of your claims, shut up some of your loudest critics, and bring a huge fresh breath of legitimacy to this whole fiasco... Or were you just hoping to snow the uninitiated with more bull?
Security features in a language attempt (poorly in most cases) to substitute for the programmer having an adequate security mindset. If you rely on the security features of a language, then you're screwed if they're broken. You're relying on the security auditing that has been performed on that language's features, and committing yourself to live or die by it. Have you personally verified that that language's seecurity features are designed well, and strong enough to meet your security requirements? Has someone you trust done so and published the results? If not, why are you relying on it?
My advice is go the opposite direction. Learn about security from a programmer perspective. Accept only libraries and components that have been extensively audited by knowledgeable, trusted sources. Then build your server on top of them in a lower level language that affords you the ability to take direct charge of everything else. Make your server secure by thinking about security in every line you code.
I use C, but the exact choice of language isn't important; the mindset and approach is. This advice applies equally to any other language: Check the return value from EVERY system call, EVERY resource allocation, and EVERY library call. Verify ALL inputs before using them, both for length and for sanity of contents. Before EACH time you write something to any kind of buffer, check that you won't write past the end FIRST. Do all of these things in every function of every module of every application. And if you rely on a language or library feature instead of doing it yourself, you'd better be damn sure that the language or library feature is doing it correctly and completely -- VERIFY this before you deploy your program.
Some may call writing in C a security risk. Inherently, it isn't. C just gives the programmer more rope to either make a better knot or make a better noose, as they see fit. The first ten to twenty lines of nearly every C function I write go like this: return failure if this parameter isn't sane; return failure if that parameter isn't sane; return failure if any persistent context isn't consistent with how we were called; try to allocate all resources required for the function and return failure if any of those allocations failed. Some other languages may automate some of that. But as a security auditor, I'm going to want to see all that. If I can't see it, I'm going to want to examine in detail the implementation of the language features that do it implicitly. If I can't do that, then I can't consider the program secure. Using C helps me audit my code because it forces all security measures to be explicit and spelled out in detail. Yes, that's more work for the programmer. But it's less work and more certainty for the security auditor. That's a tradeoff I'm willing to make.
I like your suggestion. It's heading in the right direction. The only part about it that's off-base is abandoning SMTP. SMTP is a well-designed and extensible protocol that's weathered the test of time. And it's already got authentication and transport layer security extensions defined and implemented. All that we're missing is widespread *deployment* of these features, and rejection of mail from servers that don't employ them.
Don't go redesigning the wheel. We've got a perfectly good wheel. It's just currently sitting in the spare tire well in the trunk (boot for you Brits). We just need to give mail administrators adequate incentive to bolt it onto the hub and start rolling with it.
"Yes, but are you running it single-ended or LVD?"
"Oh, I got some antibiotics for the LVD, so I'm back to single-ended now."
"Flat ribbon or twisted-pair ribbon?"
"I pulled a muscle last time Bruno tried twisted-pair on me, so now I only do flat ribbon."
"I've never tried this before, so start me off with those nice svelte VHDCIs, OK?"
"You could get the regular terminator for $15.95, or a vibrating terminator for $29.95. Then there's the extra special triple-ripple illuminating terminator for $49.95..."
Hmmm, given the price of all this SCSI stuff, maybe all this joking around isn't so off the mark...
Unless you break it and try to return it as "defective". Then it becomes their product again.
... a sheep's bladder. Duh.
Double-plus good in California due to the earthquake protection side-effect.
I want to watch him burn his hand on the heat sink and get his fingers caught up in the fan while trying to use his slick new P4-based PDA....
or call IBM and try and get a quote for 500 pcs PowerPC if you doubt me. That's what distribution companies are for. We're using a PPC in a low-volume embedded design (500 pcs/year is a good guess), so we buy like 200 at a time. Just call up Arrow, or Jericho, or any of their competitors. If you're a real outfit, and you've got some kind of relationship buying parts from them (even in low quantities), they'll get you PPCs in hundreds at a time. That's what they're there for.
But like, c'mon, speeding on public highways is rampant.
If the majority of a society breaks a law with regularity, then how good of a law is it? Has society not voted with their actions, saying they don't want that law? Perhaps rather than jackboot-enforcing such a law, it would be more productive to ask what problems that law is trying to solve, how effective it is in solving those problems, what harmful side-effects it has, and how the underlying goals of the law might be better served in a different manner with fewer harmful side-effects.
nobody is entitled ot break the law.
Bull. Everybody is entitled to break the law. You just have to be prepared to deal with the consequences. In fact, there are few things more American than breaking an unjust law in an effort to get it changed. Am I saying that all speeders speed purely in an effort to raise speed limits? No. But you made a broad blanket statement that needed to be rebutted in such a form.
There are plenty of freeways available that have reasonably high speed limits.
In your opinion. Don't presume to claim that as fact, because it isn't. Others have opinions that differ from yours in this matter. Ask just about anyone from Montana, for example. In deciding public policy, the opinions of ALL citizens must be weighed.
If you're truly upset about speed limits, then use private roads.
And where, exactly, are these private roads that lead from the town where I live to the town where I'm visiting someone?
The fact that you speed (in addition to being morally repugnant)
Ah, now I'm immoral! I hate to rain on your religious parade, but morals are a matter of opinion as well. You may get near 100% agreement that killing an innocent person is immoral, but I doubt you'll get anywhere near that consensus that speeding (in general) is. I'll give due consideration to your opinion if you'll give due consideration to mine.
it just tells the legislators that you are a criminal
Boy, we sure do have a lot of criminals in this country. Are people really so evil, or are we just outlawing too much?
and the fact that you won't pay attention to the limit forces them to clamp down on it.
Sounds like a facist dictatorship, not a democracy. See my first paragraph, above.
Furthermore, why won't any of the scofflaws that are reading this (and I know some of you are) go out in your car and run some red lights and hit some pedestrians?
Maybe because "some of us scofflaws" do not consider speeding to be in the same category as running red lights and hitting pedestrians. Just because most current laws have similar penalties for the average red light infraction and the average speed infraction does not mean the offenses themselves come from the same mindset, have the same impact on society, or should be treated in the same way.
I've listened to your opinion, now perhaps you'll be so good as to listen to mine...
Speed is a scapegoat. The law enforcement and insurance establishments try to pin everything on speed that they can because speed is "easy" to enforce. Officers writing up accident reports routinely get pressured from above to list speed as a cause of the accident even if they don't really think it applies. Because the more accidents speed "causes", the weightier the statistics the establishment has to justify regulating speed instead of trying to regulate what really matters.
What really matters? Attention, skill, and equipment condition.
Surveys that don't come from the law enforcement and insurance establishments regularly conclude that inattention is much more dangerous on the road than speed. Safe driving requires attention and focus. Talking on a cellphone, eating, doing makeup, shaving, reading, and just about any other significant activity compete for a driver's attention and detract from focus. These are much more dangerous than speeding. So why aren't we outlawing all these activities while driving? Simple. It's an enforcement nightmare. Enforcing speed is easier. A radar gun can prove how fast you were going, but it can't prove how attentive to the road and traffic you were. Analysis of wreckage can give a pretty good idea of the speed at which a crash occurred, but it can't give a pretty good idea of how easily the crash could have been avoided if the drivers had been paying attention. Speed is enforced because it's easy to enforce, and the things we actually should be enforcing are to difficult to do so. As I said, speed is a scapegoat.
Pop quiz Americans: who has the least driving skill, the average American, the average Englishman, or the average German? It's the average American, BY FAR. Put the three of them in a situation requiring a difficult emergency maneuver to avoid a crash, and odds are the German and the Englishman will pull it off, and the American will wreck miserably. Why? Cost, training, and culture. It's orders of magnitude cheaper and easier to get a driver's license in America than it is in most of Western Europe, so European drivers take their license much more seriously than do Americans. We expect a license practically as birthright; to them, it's an enormous priviledge. European drivers get much more training than do American drivers in the licensing process, and are forced to pass a much more difficult driving test. Go to a racing school in America and they'll spend the entire first day teaching you things that a European driver had to learn IN ORDER TO GET their license. Finally, Europeans just take driving much more seriously than Americans do as a pervasive cultural bias. Cars sold in Germany don't have cup holders. Think about that for a moment. Germans don't WANT the ability to sip on a soda while driving. They want to focus on the road. If Americans had the same mindset, our roads would be a lot safer.
Ever try to bring an older car into California and get slammed by the smog laws, having to do all kinds of work to get it to meet emissions regulations? Try bringing an older American car into Europe. You'll get the same thing, only with suspension, brakes, and tires. The cheap bottom-barrel tires and shocks you get in an American auto parts store aren't even LEGAL to drive on German roads. The Germans don't consider them safe enough. AAA ran a free clinic teaching people about car maintenance, and found that over HALF of the people that showed up had dangerously underinflated tires. That statistic is much lower in Europe. Europeans maintain their cars better than Americans (and I'm not talking about washes and oil changes; I'm talking about worn out brake pads, shocks, and tires, underinflated tires, cut springs, and the like), and as a result, their cars are safer and more able to avoid crashes.
Now this is just personal observation, and admittedly is an unfair generalization, but I'm going to make it anyway. I find that many of the Americans shouting the loudest about enforcing speed limits rigidly are the same ones who don't take driving seriously, don't focus their attention on the road, try to do other distracting tasks while driving, haven't taken any kind of "advanced" driving instruction since being licensed (and don't want to), and drive around in an unsafe car (worn out components, etc.). If you're going to yell at me to slow down, what's to say I shouldn't yell at you to hang up the phone, pay attention to the road, put some air in those sorry excuses for tires, replace those worn shocks that have you bouncing down the road, use your turn signals, and for God's sake look in your mirrors before changing lanes?
Indignant that I should have the gall to say all that to you? Now you know how I feel when you tell me I'm an immoral criminal for speeding. Who's right? Well, that's a matter of opinion, and having the current law on your side doesn't automatically make you right. It just means that I have to accept consequences for my behavior on the road while you don't. But laws can be changed...
If the majority of a society breaks a law with regularity, then how good of a law is it? Has society not voted with their actions, saying they don't want that law? Perhaps rather than jackboot-enforcing such a law, it would be more productive to ask what problems that law is trying to solve, how effective it is in solving those problems, what harmful side-effects it has, and how the underlying goals of the law might be better served in a different manner with fewer harmful side-effects.
nobody is entitled ot break the law.
Bull. Everybody is entitled to break the law. You just have to be prepared to deal with the consequences. In fact, there are few things more American than breaking an unjust law in an effort to get it changed. Am I saying that all speeders speed purely in an effort to raise speed limits? No. But you made a broad blanket statement that needed to be rebutted in such a form.
There are plenty of freeways available that have reasonably high speed limits.
In your opinion. Don't presume to claim that as fact, because it isn't. Others have opinions that differ from yours in this matter. Ask just about anyone from Montana, for example. In deciding public policy, the opinions of ALL citizens must be weighed.
If you're truly upset about speed limits, then use private roads.
And where, exactly, are these private roads that lead from the town where I live to the town where I'm visiting someone?
The fact that you speed (in addition to being morally repugnant)
Ah, now I'm immoral! I hate to rain on your religious parade, but morals are a matter of opinion as well. You may get near 100% agreement that killing an innocent person is immoral, but I doubt you'll get anywhere near that consensus that speeding (in general) is. I'll give due consideration to your opinion if you'll give due consideration to mine.
it just tells the legislators that you are a criminal
Boy, we sure do have a lot of criminals in this country. Are people really so evil, or are we just outlawing too much?
and the fact that you won't pay attention to the limit forces them to clamp down on it.
Sounds like a facist dictatorship, not a democracy. See my first paragraph, above.
Furthermore, why won't any of the scofflaws that are reading this (and I know some of you are) go out in your car and run some red lights and hit some pedestrians?
Maybe because "some of us scofflaws" do not consider speeding to be in the same category as running red lights and hitting pedestrians. Just because most current laws have similar penalties for the average red light infraction and the average speed infraction does not mean the offenses themselves come from the same mindset, have the same impact on society, or should be treated in the same way.
I've listened to your opinion, now perhaps you'll be so good as to listen to mine...
Speed is a scapegoat. The law enforcement and insurance establishments try to pin everything on speed that they can because speed is "easy" to enforce. Officers writing up accident reports routinely get pressured from above to list speed as a cause of the accident even if they don't really think it applies. Because the more accidents speed "causes", the weightier the statistics the establishment has to justify regulating speed instead of trying to regulate what really matters.
What really matters? Attention, skill, and equipment condition.
Surveys that don't come from the law enforcement and insurance establishments regularly conclude that inattention is much more dangerous on the road than speed. Safe driving requires attention and focus. Talking on a cellphone, eating, doing makeup, shaving, reading, and just about any other significant activity compete for a driver's attention and detract from focus. These are much more dangerous than speeding. So why aren't we outlawing all these activities wnd the American will wreck miserably. Why? Cost, training, and culture. It's orders of magnitude cheaper and easier to get a driver's license in America than it is in most of Western Europe, so European drivers take their license much more seriously than do Americans. We expect a license practically as birthright; to them, it's an enormous priviledge. European drivers get much more training than do American drivers in the licensing process, and are forced to pass a much more difficult driving test. Go to a racing school in America and they'll spend the entire first day teaching you things that a European driver had to learn IN ORDER TO GET their license. Finally, Europeans just take driving much more seriously than Americans do as a pervasive cultural bias. Cars sold in Germany don't have cup holders. Think about that for a moment. Germans don't WANT the ability to sip on a soda while driving. They want to focus on the road. If Americans had the same mindset, our roads would be a lot safer.
Ever try to bring an older car into California and get slammed by the smog laws, having to do all kinds of work to get it to meet emissions regulations? Try bringing an older American car into Europe. You'll get the same thing, only with suspension, brakes, and tires. The cheap bottom-barrel tires and shocks you get in an American auto parts store aren't even LEGAL to drive on German roads. The Germans don't consider them safe enough. AAA ran a free clinic teaching people about car maintenance, and found that over HALF of the people that showed up had dangerously underinflated tires. That statistic is much lower in Europe. Europeans maintain their cars better than Americans (and I'm not talking about washes and oil changes; I'm talking about worn out brake pads, shocks, and tires, underinflated tires, cut springs, and the like), and as a result, their cars are safer and more able to avoid crashes.
Now this is just personal observation, and admittedly is an unfair generalization, but I'm going to make it anyway. I find that many of the Americans shouting the loudest about enforcing speed limits rigidly are the same ones who don't take driving seriously, don't focus their attention on the road, try to do other distracting tasks while driving, haven't taken any kind of "advanced" driving instruction since being licensed (and don't want to), and drive around in an unsafe car (worn out components, etc.). If you're going to yell at me to slow down, what's to say I shouldn't yell at you to hang up the phone, pay attention to the road, put some air in those sorry excuses for tires, replace those worn shocks that have you bouncing down the road, use your turn signals, and for God's sake look in your mirrors before changing lanes?
Indignant that I should have the gall to say all that to you? Now you know how I feel when you tell me I'm an immoral criminal for speeding. Who's right? Well, that's a matter of opinion, and having the current law on your side doesn't automatically make you right. It just means that I have to accept consequences for my behavior on the road while you don't. But laws can be changed...
No one in this world is guaranteed a successful business model, a successful product, or profit in any form. We have a free market economy. That means you have to provide something people want, at a price that they're willing to pay, and deal with constant competition. If the market changes, you have to change with it or die.
Your problem is not open source. Your problem is you're denying the nature of the market, and refusing to change with it. If it wansn't open source, sooner or later some other market entity would come along and do the same thing to you for the same reason. Guess what? That's business. Deal with it. Adapt to the constantly changing market or die. It's obvious which of those options you have chosen.
Gone are the days when you could get some four-letter-acronym certification and get a job in the industry. You won't get hired anymore if your main source of knowledge is books like "X for dummies", "Y unleashed", or "Teach yourself Z in 21 days". Those are the people who, for the most part, are being shaken out of this industry now, and frankly, I consider that a good thing. However, in that same category I'd lump the people who went to a decent college CS program and didn't really work in it, barely passing, just to get to the job market. That's scarcely better. Don't become one of those people. Dig deep into the field and learn everything you can. Lift the hood and find out what goes on underneath. Remove the engine cover and learn what makes an engine tick. You wouldn't go to a mechanic who had never rebuilt an engine or swapped a radiator, would you? So why should I hire a programmer who doesn't know how a CPU works, or has never scrutinized the output of a compiler?
Learn computer architecture. Learn how a CPU, cache, and RAM work. Learn data structures. Learn why you'd want a tree in some situations and a hash table in others, and the consequences of each choice. Build a compiler from scratch. Learn parsing and grammar recognition. If you want to work on networks, learn queueing theory. Learn how an operating system works, what a virtual memory manager needs to do, how copy-on-write works, what a semaphore is. Et cetera.
If you know the entire foundation of the profession, you can pick up anything new that comes along with ease. You won't be so quickly cast aside when times get tough. And you'll have one-up on all the opportunists who learned from silly books or certification classes. They'll only know how the latest fad works. You'll know *why* it works, and you'll be much more able to set things right when it doesn't perform as advertised.
Say what? Typical FHSS radio dwell times (that's the period at which the frequency changes) are in the tens to low hundreds of milliseconds. Radio waves travel at 3.0e+10 meters/second. Let's say you were running a ridiculously low dwell time of 2ms (which I don't think 802.11 equipment even supports, BTW), and you wanted to hop fast enough to avoid receiving a second path on half the incoming packets. That means there would have to be a 1ms time differential between the two paths. And THAT means there would have to be a 3.0e+07 meter length differential between the two paths, which is greater than the diameter of the earth. You show me a 2.4GHz wireless transmitter powerful enough that the receiver has to worry about multipath on the scale of 30,000km, and I'll show you a stiff fine and a jail sentence from the FCC.
In short, you're full of it. FHSS does not hop fast enough to avoid multipath. Multipath interference comes in typically less than one symbol time after the main signal. If you hopped fast enough to avoid it, you'd never receive a single bit correctly.
1) Authentication can't be purely MAC address based. Most cards can transmit packets with any arbitrary MAC address. To steal service from such a system, all you'd have to do is sniff a legitimate user's MAC address and use it when or where they're not. Trivial. If you really want this to work, I think the best way is to accept only IPSec traffic over the air. Your legitimate users will have the authentication tokens necessary to negotiate an IPSec connection to some set of server/router/VPNboxen behind the access points, and the access points themselves will drop anything that isn't either IPSec-encapsulated or an authentication attempt. Solves the problem with WEP being weak, and solves the problem of stealing service by sniffing a few packets. The only problem it doesn't solve is the wireless medium being DoSed, but that's nearly impossible to solve without accurate triangulation equipment and a large brute named Guido wielding a baseball bat.
2) I disagree that something should be put in place that isn't secure yet. Having to work around and be backward compatible with a poor rushed first implementation is exactly how nasty ugly hacks develop and linger on for years.
3) If the government has use for a wireless network, then they can pay for it like everyone else. Being a very large customer, you could offer them a volume discount, or even cut some special deal for a deep discount in return for helping you deploy speedily. But advocating giving away access to the government on a permanent basis shows that you've got no business sense whatsoever. Ain't gonna happen; any company that tries it will founder.
But other than those points, nice idea. I support you.