The only question is, who is still using sendmail? Major distros have moved on to postfix and qmail is always an option.
I imagine that at least two `major distros' have moved on to Postfix, and so your statement would be correct, but certainly, not all have. I doubt even most.
Red Hat and now Fedora Core, for example, still ship with sendmail. I don't recall if FC3 had other mailer daemons as an option or not but sendmail was the default mailer.
Also, *nix does not only mean Linux. As far as I know, most other *nixes still come with sendmail rather than something else. Sure, you can replace them with postfix or qmail or whatever you want, but by default, it's sendmail. (Have qmail or postfix been ported to Windows yet? Wouldn't surprise me...)
As far as I know, sendmail is still the most popular mail daemon out there, even more popular than Exchange.
As for `twenty years of buffer overflows', sendmail has a tricky job to do. It's a complicated program, extremely customizable, and a network daemon to boot. And twenty two years old! (That alone says something.)
Certain aspects of it's architecture (especially it's monolithicity) suggested that a rewrite may provide a more secure and faster product, and out of this came smail, qmail, postfix, exim and others. But sendmail is still the standard, and it's still under development. It's been quite some time since I've heard of a buffer overflow for sendmail... (lat se
Sure. Somebody named `Tim Browse' (or somebody who goes by that name if it's not a real name) is not likely to be a Miss Maple.
And somebody named Tim is not likely to be the mother of another slasdot person.
You're right -- speculation. But I'll bet I'm right too.
(Again, not surprised.)
Again, give them (and me) a break. If you'd rather get your `news' from a site that doesn't allow the peanut gallery to comment or speculate, try MSNBC or CNN or Fox. But if you're going to hang out here, quit whining when others comment and speculate.
The guy has just been arrested and charged wrongly - does he really need people pointing the finger at his family too?
After reading the original article (before somebody else came forward) it really sounded like the guy was guilty -- and the Safeway card was just another piece of circumstantial evidence. They'd found motive, the other materials were from the house, etc.
Let me say that again -- the Safeway card was only one of many things that suggested that he did it.
The only thing that really fits those facts are that somebody else in the household did it. I hadn't really considered that until somebody mentioned it here (I wasn't really thinking about it) but it makes sense.
You're not Miss Marple, so STFU and give the guy a break.
You're not Miss Marple either, and you're not their mother. Give them a break.
Well, if intergraph weren't allowed to patent their ideas, they wouldn't have paid anyone to sit around and think them up.
While I see what you're getting at, your statement is hardly irrefutable fact. The promise of a patent (along with the ability to get fat royalty payments and maybe sue some people later) may very well encourage Intergraph to pay somebody to sit around and think things up, but you may find that people are paid to sit around and think stuff up that's not intended for patenting too.
Either way, he's correct -- running programs like grid.org or RC5 or Seti is *not* free. It shouldn't cause your fans to fail (especially if they're the most common variety that always run and always at the same speed), but it does increase power consumption, which does cost additional money.
But methods are. I forget where I read it, but somebody said that then a lawyer was asked if algorithms are not patentable, and methods are, what's the difference between the two? His answer?
Listen carefully: algorithms are not patentable, but methods are...
the u.s. constitution text was only available for viewing in a proprietary file format you needed to buy a license for to just read?
I forget the specifics, but there was a city or state or something recently where all the _laws_ were copyrighted and unavailable without paying a large license fee. Can anybody provide the details? I think it was mentioned on/. at one point, but can't seem to find the right keywords to search for it...
I have no idea how Accuweather can sustain itself much longer
Accuweather is one of the companies pushing for the NWS to stop giving out weather information to the public for free. They'd much prefer that the public buy weather information from Accuweather -- imagine that! (And just so there's no confusion, the weather information mostly already comes from the NWS -- Accuweather just makes it pretty and provides access to it.)
you should have responded to the parent, not the troll, and certainly not used the quote
Thanks dad.
Seriously though, the `troll' was correct, even though he didn't exactly say it in the best possible way. But more detail was warranted, and I provided that.
Nowadays, we also know that having that much EMI around constantly will give you cancer in short order...
Riight. And John Kerry is our rightful President.
To expand on that, we know no such thing. Ionizing radiation (X-rays, gamma rays, etc.) certainly does, but radio and microwaves operate at much lower frequencies and do not cause ionization.
What the effects of non-ionizing RF raditation on meat (i.e. people) are, beyond heating it up, are not really well known yet. Perhaps it does cause cancer, but it has yet to be proven. Either way, it's not considered smart to expose your self to extremely high RF levels -- and if the levels get high enough, even the thermal effects can become signifigant. People have been known to warm themselves by standing in front of a microwave dish -- but nobody knows what the long term effects of that are. (In the short term, it makes you warm. And looking at it directly can heat your eyes very quickly, sometimes even destroying your eyes if you do it long enough.)
BTW: I wasn't able to replace the battery without destroying the brush. Worthless.
I wouldn't consider yourself worthless just because you couldn't do it.:)
They generally make these things as cheap as possible, which usually means it's impossible to even get it open without damaging or destroying it. Besides, they'd rather you buy a new one than replace the old battery.
BTW, the battery was probably destroyed by constant overcharging. With anything that has a NiCd or NiMH battery and doesn't have a smart peak charger, it's usually best to let it charge, then don't charge it again until the battery is almost dead. Leaving things in the charging cradle 24/7 is a great way to ruin the batteries over time.
(Note that most laptops, PDAs, cell phones, etc. use LiPo or LiIon cells, and these require smarter chargers anyways, or they do bad things like explode or catch fire. So these you can leave plugged in all the time and it's OK. And some things with NiCd or NiMH cells do come with peak chargers (especially high end power tools) and with those it's OK too, because the charger knows when to stop charging.)
You can use the following command to find out if there are any files owned by a specific account:
...
I think this is not a bad starting point.
Yes, it is a bad starting point. Because merely not finding any files does not mean that you can safely remove the account. Most system accounts don't own any files. (root and bin (though I forgot the purpose behind bin long ago) are the big exceptions.)
This is really only useful if you've just removed a user account and want to remove any files he had (because they may not all be in his home directory.)
I figured if the watches and flashlights carry lifetime warrantees, then the kinetic-charging thing was pretty reliable.
This logic is flawed.
Many things have `lifetime warranty', not because they're reliable, but because the company doesn't expect to have many warranty claims even when things break.
The item may become obsolete quickly (I've got a ISA NIC card with a lifetime warranty that broke. Am I going to get it replaced?)
The item may be so cheap that it's not worth getting replaced.
The company may not expect to be around long enough to do many repairs -- it expects to change names shortly, for example.
The company may offer a lifetime warranty, but make it so difficult to actually take advantage of that few people actually do it.
The item may be a novelty that will almost never be used (your kinetic flashlights fall into this category. Unless civilization as we know it fails, or you're on a deserted island, you're not likely to use your kinetic flashlight often. And if you do end up in this situation, they're not likely to be honoring any warranty requests.)
A system account that is used by a daemon is not an 'unused' account.
Well, duh. But when you install a system, it usually comes with a large (and getting larger, as time goes on) list of accounts already installed. How does a newbie (whom the original article was written for) know which are used and which aren't?
NONE of these accounts can be removed without understanding if they're really used. (And assuming that you installed only the packages that you need, they're probably ALL being used.)
Years ago, SGIs installed with a few completely open accounts -- 4DGifts, guest and others. (And nevermind the default `xhost +' !) And they got beat up for it, and now this isn't done anymore.
For example, a FC3 system I recently installed got all these accounts created automatically :
root bin daemon adm lp sync shutdown halt mail news uucp operator games gopher ftp nobody dbus vcsa nscd rpm haldaemon netdump sshd rpc rpcuser nfsnobody mailnull smmsp pcap apache squid webalizer xfs ntp gdm named dovecot
One is obviously used: root.
A few had better be disabled, based on their names: shutdown, halt. (sync is similar, but safe enough.)
A few have been around forever (bin, daemon, adm, others) but it's not obvious if they can be safely removed or not.
A few are obviously used for daemons to switch to to drop priviledges (gopher (ok, maybe I should remove that package), ftp, nfsnobody, apache, squid, webalizer, ntp, named)
In any event, it requires quite a bit of experience and work to determine which of these accounts can be removed without breaking anything important. I have the experience, but haven't put in the time -- because I know that the benefits of doing so are pretty minimal, and long as all of these accounts cannot be logged into remotely.
I'm not sure if there is so much to say about patching servers. You simply have to patch systems.
Well, sure, at the highest level, yeah. And the entire article could be written as `Keep your system secure!' too. In any event, keeping patches up to date is so very important, especially on a system that provides services to the Internet, that it deserves at least a few paragraphs on how to set it up and automate it. (And yes, if possible, it should be automated.)
Sorry, but merely saying `disable any unused system accounts' is not enough. And unfortunately, another complete paper could be written on just that subject.
Regarding your statement: "they'll just write today's password on their desk", people don't write the passwords of their own individual accounts on their desk. The usually do this with shared account passwords
Oh, yes they do. They also save them in files, or email them to themselves.
And the more password restrictions you put on them -- forcing changes often, not allowing the use of old passwords (or even passwords related to old passwords), requiring funny characters and capitialization (54g$h@Fe), and the more different passwords you make them memorize, the more they'll do it.
Ultimately, the main reason behind strong passwords came from the ease of using programs like `crack' to go through one's entire/etc/passwd file and find passwords quickly.
But with shadow passwords becoming ubiquitous and servers dedicated to one purpose becoming the norm rather than the exception, and computers that can crack _every possible_ 8 character password (via huge banks of ASICs I believe) in mere days (have they done the same with md5sums yet?) things have changed. Now, it's much harder to get the `passwd file', and if you do, it's pretty much game over, even if everybody has totally random passwords.
Yes, some restrictions on passwords are good things (require at least X characters, don't allow single words, things from your gcos field, etc.) but at some point,
I wasn't that impressed. Maybe the list is just too simple, but there's several problems with it. A few samples...
I would remove at least the CTRL-ALT-DELETE trap entry:
# sed -i 's/ca::ctrlaltdel:/#ca::ctrlaltdel:/g'
Um, why? He talks about physical security first, but if the machine is physically secure, why would you care about this entry? Being able to hit CAD is useful... but I guess you could force somebody to login, su to root, then reboot the box, creating a log trail... or they could just hit the power switch instead.
He talks about disabling unused accounts. Which sounds fine, but in modern Linux distributions, those `unused' system accounts are often used for a daemon to switch to after giving up permissions. Removing the account will break things -- something you don't want to do if you don't understand what you're doing. Yes, he does say `if you're sure', but provides little in the way of helping to determine which accounts could be removed.
As for all the password aging stuff, this is mostly needed to comply with poorly thought out corporate policies and the like. But password policies don't do much to increase security unless you educate your users about the reasons behind it -- otherwise, they'll just write today's password on their desk, or do whatever else they have to do to keep track of the password that you keep changing on them.
Restricting User Access Based on Time and Day? Does _anybody_ find this to be useful? Does anybody restrict logins based on the time of day?
Shared Accounts are bad (security-wise), no matter how you look at them. sudo and similar programs are your friends. (But the section about `Restricting su Access to System and Shared Accounts' is good.)
All in all, it's not a bad list, but he seems to spend a lot more time on passwords than they're worth, and less time on things like keeping patches up to date or educating your users.
Hydrogen Monoxide has killed over 100,000 people THIS YEAR ALONE.
Hydrogen monoxide? You mean dihydrogen monoxide, also known as hydrogen hydroxide?
I believe the death toll you're referring to is over 200,000 people now, but it can't be purely blamed on DHMO -- large amounts of monosodium chloride was also found on the deceased, for example.
Also, when you say `this year alone', you should be more specific. You mean in the `previous 365 days', right? Not `2005 so far'...
I'm not confident that cell phones transmit at 5 watts. I think the relatively powerful analog "bag" phones used 0.5 watts and the new digitals are a fraction of that.
Good point. You're right -- the FCC limit for a handheld phone (in the US, anyways) is 0.5 watts. But I'm pretty sure the digital phones can go almost that high if they need to -- but only if they need to. They cut the power back if they can still reach the tower with less power.
GSM phones regularly try to poll their base station even when not in use. When there's no signal, they do this at maximum power.
To reuse a common phrase... mod parent up.
This is pretty obvious when it happens, because your TV or computer speakers or walkman or stereo may very well pick up the signal, and you can hear it. On my computer speakers, it sounds like a sequence of beeps for about 2 seconds -- very clear. (Remarkably clear, now that I think about it.) But it's very obviously your phone, because 1) it doesn't happen if you left the phone at home, and 2) moving the phone nearer the speakers
makes it louder.
If you're inside something like a subway car, not only will the signal not ever make it to a cell phone tower (since you're underground), causing it to transmit at full power, but the signal will also bounce around inside the big metal cage that is the car, and multiply that by every cell phone in there -- meaning that if you're afraid of (relatively) low power RF signals, this isn't a good place to be.
(By relatively low power, I mean much lower than the soldiers in Russia who would stand in front of the microwave dish to warm up a bit.)
it would be silly to insulate the microwave oven against all electromagnetic radation.
Indeed. Especially since you couldn't then see inside and see that your dinner had exploded and made a big mess.
Especially if it has a glass door.
Your microwave does not have a glass door. First of all, it's probably plastic, but beyond that, if you look carefully, you'll see a metal mesh in the door. It's an approximation of a
Faraday Cage and it's designed to keep most of the energy at 2.4 gHz inside. Since most cell phones work at less than 2.4 gHz, it'll shield most of your cell phone signal too.
Note that I said most. Your microwave may use 700 watts of power -- letting a few watts leak out isn't going to hurt anything but your WiFi performance. This may scare you a bit, but consider that your cell phone may transmit at about 5 watts right next to your head at a similar frequency.
In any event, if the microwave only keeps in 99.5% of the signal, that's only 3.5 watts escaping from that 700 watt microwave. That would mean a signal reduction of a factor of 200, but that's probably only one or two bars or so on your cell phone. Which is why it still works in the microwave (or a car, or airplane, etc.) (And I don't suggest turning the microwave on with your phone in it.)
Right now, Disney is coming down off of a high point.
Eh? Disney has been going downhill for quite some time now. Pixar is the one that's on top of the hill.
Did Disney do National Treasure? If so, then that's the only reasonably good movie they've done in quite some time. Winners like The Incredibles were done by Pixar, and Disney just helped distribute it.
Why does everything in the world have to operate at 2.4 Ghz?
Because it's one of the small number of blocks of bandwidth that the FCC has allocated for unlicensed use.
Granted, more unlicensed spectrum would be a good thing, but even that's not the answer, because it would get sucked up too, by people doing thigs like `110 Mbps WiFi' where they use the entire 2.4 gHz block of unlicenced spectrum for maximum speed.
The FCC is saturating that frequency band at an unsustanable rate
It's not the FCC. It's the manufacturers doing this, and they're doing it because it's one of the few blocks available for use without a license.
2.4 gHz is the first block of unlicensed spectrum with a good deal of size (other (small) blocks live around 27, 49, and 900 mHz.) The > 5 gHz blocks could be used too, and are for things like 802.11a and some cordless phones, but it doesn't penetrate walls as well as 2.4 gHz.
Yes. Hams have been doing this sort of thing for a long time now, and you can buy APRS stuff quite easily.
The police are probably using something similar, but they may have added some encryption, and of course they'd have to use a different frequency and maybe a different protocol. Finding the frequency might be a bit tricky -- and now that I think of it, it's even more likely that they're using a cell phone or something similar rather than a standard transmitter anyways, using the existing cell network. That would be harder to track down, as the signal would look like any other cell phone signal, and would only have to go as far as the nearest cell phone tower.
Slashdot Mirror
Red Hat and now Fedora Core, for example, still ship with sendmail. I don't recall if FC3 had other mailer daemons as an option or not but sendmail was the default mailer.
Also, *nix does not only mean Linux. As far as I know, most other *nixes still come with sendmail rather than something else. Sure, you can replace them with postfix or qmail or whatever you want, but by default, it's sendmail. (Have qmail or postfix been ported to Windows yet? Wouldn't surprise me ...)
As far as I know, sendmail is still the most popular mail daemon out there, even more popular than Exchange.
As for `twenty years of buffer overflows', sendmail has a tricky job to do. It's a complicated program, extremely customizable, and a network daemon to boot. And twenty two years old! (That alone says something.)
Certain aspects of it's architecture (especially it's monolithicity) suggested that a rewrite may provide a more secure and faster product, and out of this came smail, qmail, postfix, exim and others. But sendmail is still the standard, and it's still under development. It's been quite some time since I've heard of a buffer overflow for sendmail ... (lat se
And somebody named Tim is not likely to be the mother of another slasdot person.
You're right -- speculation. But I'll bet I'm right too.
Again, give them (and me) a break. If you'd rather get your `news' from a site that doesn't allow the peanut gallery to comment or speculate, try MSNBC or CNN or Fox. But if you're going to hang out here, quit whining when others comment and speculate.Let me say that again -- the Safeway card was only one of many things that suggested that he did it.
The only thing that really fits those facts are that somebody else in the household did it. I hadn't really considered that until somebody mentioned it here (I wasn't really thinking about it) but it makes sense.
You're not Miss Marple either, and you're not their mother. Give them a break.But methods are. I forget where I read it, but somebody said that then a lawyer was asked if algorithms are not patentable, and methods are, what's the difference between the two? His answer?
I guess it's all a matter of what you call it.Yup, that's it. Thanks!
Seriously though, the `troll' was correct, even though he didn't exactly say it in the best possible way. But more detail was warranted, and I provided that.
What the effects of non-ionizing RF raditation on meat (i.e. people) are, beyond heating it up, are not really well known yet. Perhaps it does cause cancer, but it has yet to be proven. Either way, it's not considered smart to expose your self to extremely high RF levels -- and if the levels get high enough, even the thermal effects can become signifigant. People have been known to warm themselves by standing in front of a microwave dish -- but nobody knows what the long term effects of that are. (In the short term, it makes you warm. And looking at it directly can heat your eyes very quickly, sometimes even destroying your eyes if you do it long enough.)
They generally make these things as cheap as possible, which usually means it's impossible to even get it open without damaging or destroying it. Besides, they'd rather you buy a new one than replace the old battery.
BTW, the battery was probably destroyed by constant overcharging. With anything that has a NiCd or NiMH battery and doesn't have a smart peak charger, it's usually best to let it charge, then don't charge it again until the battery is almost dead. Leaving things in the charging cradle 24/7 is a great way to ruin the batteries over time.
(Note that most laptops, PDAs, cell phones, etc. use LiPo or LiIon cells, and these require smarter chargers anyways, or they do bad things like explode or catch fire. So these you can leave plugged in all the time and it's OK. And some things with NiCd or NiMH cells do come with peak chargers (especially high end power tools) and with those it's OK too, because the charger knows when to stop charging.)
This is really only useful if you've just removed a user account and want to remove any files he had (because they may not all be in his home directory.)
Many things have `lifetime warranty', not because they're reliable, but because the company doesn't expect to have many warranty claims even when things break.
The item may become obsolete quickly (I've got a ISA NIC card with a lifetime warranty that broke. Am I going to get it replaced?)
The item may be so cheap that it's not worth getting replaced.
The company may not expect to be around long enough to do many repairs -- it expects to change names shortly, for example.
The company may offer a lifetime warranty, but make it so difficult to actually take advantage of that few people actually do it.
The item may be a novelty that will almost never be used (your kinetic flashlights fall into this category. Unless civilization as we know it fails, or you're on a deserted island, you're not likely to use your kinetic flashlight often. And if you do end up in this situation, they're not likely to be honoring any warranty requests.)
Well, duh. But when you install a system, it usually comes with a large (and getting larger, as time goes on) list of accounts already installed. How does a newbie (whom the original article was written for) know which are used and which aren't?
NONE of these accounts can be removed without understanding if they're really used. (And assuming that you installed only the packages that you need, they're probably ALL being used.)
Years ago, SGIs installed with a few completely open accounts -- 4DGifts, guest and others. (And nevermind the default `xhost +' !) And they got beat up for it, and now this isn't done anymore.
For example, a FC3 system I recently installed got all these accounts created automatically :
One is obviously used: root.
A few had better be disabled, based on their names: shutdown, halt. (sync is similar, but safe enough.)
A few have been around forever (bin, daemon, adm, others) but it's not obvious if they can be safely removed or not.
A few are obviously used for daemons to switch to to drop priviledges (gopher (ok, maybe I should remove that package), ftp, nfsnobody, apache, squid, webalizer, ntp, named)
In any event, it requires quite a bit of experience and work to determine which of these accounts can be removed without breaking anything important. I have the experience, but haven't put in the time -- because I know that the benefits of doing so are pretty minimal, and long as all of these accounts cannot be logged into remotely.
Well, sure, at the highest level, yeah. And the entire article could be written as `Keep your system secure!' too. In any event, keeping patches up to date is so very important, especially on a system that provides services to the Internet, that it deserves at least a few paragraphs on how to set it up and automate it. (And yes, if possible, it should be automated.)
Sorry, but merely saying `disable any unused system accounts' is not enough. And unfortunately, another complete paper could be written on just that subject.
Oh, yes they do. They also save them in files, or email them to themselves.
And the more password restrictions you put on them -- forcing changes often, not allowing the use of old passwords (or even passwords related to old passwords), requiring funny characters and capitialization (54g$h@Fe), and the more different passwords you make them memorize, the more they'll do it.
Ultimately, the main reason behind strong passwords came from the ease of using programs like `crack' to go through one's entire /etc/passwd file and find passwords quickly.
But with shadow passwords becoming ubiquitous and servers dedicated to one purpose becoming the norm rather than the exception, and computers that can crack _every possible_ 8 character password (via huge banks of ASICs I believe) in mere days (have they done the same with md5sums yet?) things have changed. Now, it's much harder to get the `passwd file', and if you do, it's pretty much game over, even if everybody has totally random passwords.
Yes, some restrictions on passwords are good things (require at least X characters, don't allow single words, things from your gcos field, etc.) but at some point,
He talks about disabling unused accounts. Which sounds fine, but in modern Linux distributions, those `unused' system accounts are often used for a daemon to switch to after giving up permissions. Removing the account will break things -- something you don't want to do if you don't understand what you're doing. Yes, he does say `if you're sure', but provides little in the way of helping to determine which accounts could be removed.
As for all the password aging stuff, this is mostly needed to comply with poorly thought out corporate policies and the like. But password policies don't do much to increase security unless you educate your users about the reasons behind it -- otherwise, they'll just write today's password on their desk, or do whatever else they have to do to keep track of the password that you keep changing on them.
Restricting User Access Based on Time and Day? Does _anybody_ find this to be useful? Does anybody restrict logins based on the time of day?
Shared Accounts are bad (security-wise), no matter how you look at them. sudo and similar programs are your friends. (But the section about `Restricting su Access to System and Shared Accounts' is good.)
All in all, it's not a bad list, but he seems to spend a lot more time on passwords than they're worth, and less time on things like keeping patches up to date or educating your users.
I believe the death toll you're referring to is over 200,000 people now, but it can't be purely blamed on DHMO -- large amounts of monosodium chloride was also found on the deceased, for example.
Also, when you say `this year alone', you should be more specific. You mean in the `previous 365 days', right? Not `2005 so far' ...
What's a CV? Sounds like a resume, but context suggests it's somewhat different ...
This is pretty obvious when it happens, because your TV or computer speakers or walkman or stereo may very well pick up the signal, and you can hear it. On my computer speakers, it sounds like a sequence of beeps for about 2 seconds -- very clear. (Remarkably clear, now that I think about it.) But it's very obviously your phone, because 1) it doesn't happen if you left the phone at home, and 2) moving the phone nearer the speakers makes it louder.
If you're inside something like a subway car, not only will the signal not ever make it to a cell phone tower (since you're underground), causing it to transmit at full power, but the signal will also bounce around inside the big metal cage that is the car, and multiply that by every cell phone in there -- meaning that if you're afraid of (relatively) low power RF signals, this isn't a good place to be.
(By relatively low power, I mean much lower than the soldiers in Russia who would stand in front of the microwave dish to warm up a bit.)
Note that I said most. Your microwave may use 700 watts of power -- letting a few watts leak out isn't going to hurt anything but your WiFi performance. This may scare you a bit, but consider that your cell phone may transmit at about 5 watts right next to your head at a similar frequency.
In any event, if the microwave only keeps in 99.5% of the signal, that's only 3.5 watts escaping from that 700 watt microwave. That would mean a signal reduction of a factor of 200, but that's probably only one or two bars or so on your cell phone. Which is why it still works in the microwave (or a car, or airplane, etc.) (And I don't suggest turning the microwave on with your phone in it.)
Did Disney do National Treasure? If so, then that's the only reasonably good movie they've done in quite some time. Winners like The Incredibles were done by Pixar, and Disney just helped distribute it.
Granted, more unlicensed spectrum would be a good thing, but even that's not the answer, because it would get sucked up too, by people doing thigs like `110 Mbps WiFi' where they use the entire 2.4 gHz block of unlicenced spectrum for maximum speed.
It's not the FCC. It's the manufacturers doing this, and they're doing it because it's one of the few blocks available for use without a license.2.4 gHz is the first block of unlicensed spectrum with a good deal of size (other (small) blocks live around 27, 49, and 900 mHz.) The > 5 gHz blocks could be used too, and are for things like 802.11a and some cordless phones, but it doesn't penetrate walls as well as 2.4 gHz.
The police are probably using something similar, but they may have added some encryption, and of course they'd have to use a different frequency and maybe a different protocol. Finding the frequency might be a bit tricky -- and now that I think of it, it's even more likely that they're using a cell phone or something similar rather than a standard transmitter anyways, using the existing cell network. That would be harder to track down, as the signal would look like any other cell phone signal, and would only have to go as far as the nearest cell phone tower.