Windows Update Breaking?

Let’s say you just decided to reinstall your machine.  You pull out your Windows XP installation disk, install Windows XP, Service Pack 2 from disk.  Then you connect to WIndows update to install updates.

You’re about to break your machine, but only a little.

See, there’s an update to Windows Update that has to be installed before you do anything else.  However, after you apply this update, the next thing Windows Update is going to do is download and install Windows XP Service Pack 3.  If you didn’t perform a reboot in there (and why should you, it didn’t ask you to), installing Windows XP SP3 breaks your ability to automatically update.  The reason:

The latest version of Windows Update includes a file that was not available in the release version of Windows XP. This file is named Wups2.dll. Therefore, after the repair operation (or reinstall) is complete, the following situation exists:

•	The Wups2.dll file remains on the computer.
•	The registry entries that correspond to this file are missing.

Because the registry files that correspond to the Wups2.dll file are missing, update installations are unsuccessful.

Microsoft hasn’t messed up something like this in a while, tisk tisk.

Here’s the fix:

Method 1: Register the Wups2.dll file in Windows

To register the Wups2.dll file in Windows, follow these steps:

1.	Stop the Automatic Updates service. To do this, follow these steps: a. Click Start, click Run, type cmd, and then click OK. b. At the command prompt, type the following command, and then press ENTER: net stop wuauserv
2.	Register the Wups2.dll file. To do this, follow these steps: a. At the command prompt, type the following command, and then press ENTER: regsvr32 %windir%\system32\wups2.dll Note For a computer that is running Windows XP Professional x64 Edition, type the following command, and then press ENTER: regsvr32 %windir%\syswow64\wups2.dll b. Click OK on each verification message that you receive.
3.	Start the Automatic Updates service. To do this, type the following command at the command prompt, and then press ENTER: net start wuauserv
4.	Exit the command prompt. To do this type exit, and then press ENTER.

Back to the top

XKCD on Doing It Wrong

Simple Solutions to Complex Problems

Are usually really, really, REALLY lame.

Charles Murray, W.H. Brady Scholar at the American Enterprise Institute, has an opinion piece that goes something like this:

• The BA acquired its current inflated status by accident.  (I agree)
• The BA does not accurately reflect workforce competency.  (I agree)
• Employers need some way of measuring workforce competency.  (Starting to lose me here, assumes the BA’s job is to measure workforce competency)
• Ergo, we need a workforce competency certification exam.  (“Brrrp!  Sorry, Hans, wrong guess!  Would you like to try for Double Jeopardy, where the scores can really change!!?!?”)

Here’s a paragraph from the piece:

The model is the CPA exam that qualifies certified public accountants. The same test is used nationwide. It is thorough — four sections, timed, totaling 14 hours. A passing score indicates authentic competence (the pass rate is below 50%). Actual scores are reported in addition to pass/fail, so that employers can assess where the applicant falls in the distribution of accounting competence. You may have learned accounting at an anonymous online university, but your CPA score gives you a way to show employers you’re a stronger applicant than someone from an Ivy League school.

No.  No.  Nononono.

For one thing, passing the CPA exam does not necessarily indicate that you’re a great accountant.  It indicates that you have the ability to pass the CPA exam.  Just like the Bar exam does not indicate that you’re going to be a great lawyer, it indicates that you have the ability to pass the Bar.  For another thing, not all work is accounting.

Certification exams are by their very nature procedural-related.  For example, if you take the Cisco Certified CCNE exam, it tells someone looking at your score that you know the procedure for setting up a router.  It shows that you know the basics of the OSI model, and whatever else is contained in the exam.  These are all good things to know.  Someone taking this exam and passing can certainly talk to network folks and understand the lingo.  Passing the exam doesn’t tell you a damn thing about whether or not you’re a quality network engineer.

In fact, in the particular case of IT workers, a great many number of respectable authorities in the field regard certification exams as one (very minor) data point in measuring competency.  Wait, let me rephrase that.  Virtually *all* of the respectable authorities I’ve ever encountered regard certification exams as an incredibly poor baseline with which to measure competency.

You want to know whether or not a certification exam is really worthwhile?  Here’s a quick test -> do they allow you Internet access when you take the exam?  No?

Does your job prohibit you from Internet access while you are performing it?  (Hint -> yes, there are some.  Medical personnel are unlikely to check WebMD while performing surgery.  It’s probably a good idea to make sure that they can retain a giant freaking database of medical knowledge inside their head.)

But the general workforce… when does your boss ask you to accomplish something and tell you that you can’t use your computer?  EVER?

If you can answer a question in under three seconds with a web browser, why would you bother to store the information in your brain?  I’ve spent the last thirteen years training myself to use my brain to meld with other data storage mechanisms.  I don’t need to know what the complete specification for the IPv4 header is -> that’s what the Internet is FOR.  I just need to know how to find it if I need it.

For another thing… just what in God’s name goes on the Professional Workforce Competency Exam?  What… are you testing for?  How do you design this test?  Why do you think that a collection of quantifiable measures (say, a typing score of words per minute) should be… or can be… a suitable measure of workforce competency?  Hell, if I’m running my own company, I want my receptionist to be really friendly and have good attention to detail.  How do you test for that?  Why does someone who doesn’t have a degree in education (Murray’s Ph.D. is in Political Science) think that designing such an exam is even possible?  I took a couple of education classes as an undergrad and I’ve read a lot about cognative theory and learning processes, and I’m highly skeptical that you could produce an exam that would actually… you know… work.  Oddly enough, Murray seems to read a lot of educational literature, and gotten mixed ideas about exams.  He doesn’t like the SAT, particularly because it’s regarded as a singular metric, when composite metrics are more effective.  Back to the certification piece:

Certification tests would disadvantage just one set of people: Students who have gotten into well-known traditional schools, but who are coasting through their years in college and would score poorly on a certification test. Disadvantaging them is an outcome devoutly to be wished.

Really?  I don’t know… students who went to well-known traditional schools and joined well-known traditional fraternities and went to big beer parties with 200 other business majors might actually be damn good kids to hire.  They know people, and that can’t be measured with a certification.  Sure, you might not like them, but they might be good for your organization.

No technical barriers stand in the way of evolving toward a system where certification tests would replace the BA. Hundreds of certification tests already exist, for everything from building code inspectors to advanced medical specialties. The problem is a shortage of tests that are nationally accepted, like the CPA exam.

Here’s my main beef with this piece.

I agree wholeheartedly that it is ridiculous on the face of it that anyone requires a college degree as a minimum baseline for hiring.  It has vastly overinflated the importance of a college degree (sure, it makes you a better “all-around” human, in my opinion, but for crying out loud it shouldn’t be a requirement to get a job), which has in turn forced a lot of college kids into a place they don’t want to be, studying stuff they don’t want to learn, and most horribly turning them off from being in that place and learning that stuff later in life when they’d actually enjoy it.

I went to college (I wasn’t an outstanding undergraduate.  Sue me, I was eighteen.  For the record, though, I maintained my academic scholarship as an undergrad, which was a commitment, and I did graduate in four years.  I’m busting my rear in grad school and yes that does mean more than a little more something).  I know lots of people who have been to college and finished and lots of people who didn’t complete it.  It’s not a great predictor of general “success”, if you’re measuring “effective employee” on your success-o-meter.

Here’s what I know about going to college: at the undergraduate level… it rounds you out, somewhat.  You learn some things you might not learn otherwise.  You learn some things about yourself that you might not ever find out; or at the very least will take decades to get around to learning.  “Wow, I dig Psychology!  Who knew!”

It does test that you have the basic ability to haul your butt out of bed on the morning of the big exam which you must pass to retain your academic standing and go to class, and you’ve worked hard enough to pass that exam.

That’s about it, for some kids.  Not all (probably not even most).  Even for a college kids, that alone can be quite a bit.  For those who actually work, it *is* a good predictor of smarts, which can equal success depending on what you’re hiring.  For an employer, though, on the whole that’s not a hell of a lot.  Seeing two people, one of whom completed four years of college and the other of whom went to trade school for two years (and then went to work for some company during which they got promoted twice)… who are you going to pick?

Duh.

How is replacing “getting a BA” with “getting a certification” helping any?  Well, it does help the kids who weren’t going to get $150,000 worth of learning out of going to college (there are some).  It does indicate that for straight procedural-type tasks the certification holder has a minimal competency.

However, the right answer to this problem is, “Hey, corporate America?  STOP using cookie cutter measurements to judge whether or not you ought to hire somebody!” Guess what?  If you want to know who to hire, you are never going to be able to achieve this by performing a search on Monster for “certified professional worker”.  There are lots of measures of competency.  Searching for one is just plain stupid, whether its a BA degree or a certification or membership in Pi Kappa Rho or whatever.  Murray sounds like he already knows this in some of his other writings, how can he think that certification exams are a Silver Bullet?

Why does “a college degree” have to have *any* business value, whatsoever?

Heck, if your kid is just going to use college to “find themselves”, isn’t that a worthy goal in and of itself?  Sure, maybe not one you want to spend that much cabbage attaining, but there’s lots of schools where you can “find yourself”, get a few mind-expanding moments, and do it all *before* you’re actually required to be a Responsible Adult for the next 60 years of your life.

Mandatory Skill - Indy, COVER YOUR HEART!

If you’re a walking, talking, cognitively aware adult human being, I’m about to tell you something that is going to scare the crap out of you.  Then, I’m going to make you feel better about it (and then I’m going to pontificate about it, feel free to ignore that part if you want).

Each year, heart attacks kill about 250,000 people, and the total death toll for all coronary failures is a whopping 432,000+.  The U.S. population is somewhere around 300 million right now.  On average just about 685 people right now, today, are going to complain of pain in one side, grab their chest, keel over, and die. That’s about one every two minutes.

Of course, there’s quite a few *more* people who are going to complete steps 1-3, but before they can get to the “die” part, something else happens.  There are roughly 1,200,000 new heart attack incidents per year.  Since there’s 300 million people in the U.S., that means about one in every 250 people is going to have a heart attack this year alone.

How many people do you know?

Statistically, this means that it’s not unlikely that over a 70-ish year lifespan, you’re going to be a direct witness to at least one fatal heart attack.  Without immediate, effective CPR from a bystander, a person’s chance of surviving sudden cardiac arrest decreases 7 percent to 10 percent *per minute*.  Do a little research on emergency response times for your local area, you might be dismayed at the results.  8-10 minutes is a pretty common “official” response, the practical response time between when someone calls 911 and when an EMT touches a patient is often much, much longer.  95% of the people who die from heart attacks die before they reach a hospital.

Not very cheery, is it?

Here’s the good news.  If you know basic CPR, you can essentially double the chance that the person who keels over in front of you survives.  If you have ready access to an AED and use it within three minutes of a cardiac arrest, the odds of survival skyrocket to nearly 70% - 90% if you get it done in the first 60 seconds.

Now, there’s a lot of additional information available.  CCR (CPR with compressions only, no rescue breathing) is more effective for heart attack victims, but the American Heart Association still recommends the rescue breathing technique - probably because basic Adult CPR assumes that the average layperson can’t differentiate between a heart attack and any other medical cause that makes you keel over and your heart stop.  AED use *after* the first 5 minutes may cause damage to the heart, but of course this doesn’t matter so much in the field because the brain starts to die about four to six minutes after the heart stops.  Unless you’re a trained medical doctor in a full medical facility, getting the heart going as quickly as possible is the only thing that is going to keep your brain from dying.

But none of that matters more than knowing the basics.  You want to be a hero?  Take a CPR course.  Odds are damn good that someday you’ll save someone’s life.  If you work in a company that has over 200 employees, get your boss to buy an AED (they’re about $1,200) and train a dozen people how to use it (about $100 per person).  $2,400 is chump change for a life… heck, if your boss is a middle-aged, slightly overweight guy who eats a lot of fast food, it could very well be his own life he’s saving.

Begin the pontification:

Hey, if we spent the TSA’s budget for the next year ($7,100,000,000) just on buying AEDs and training a dozen people how to use them, we could equip 2,958,333 ready response teams, and train 35,500,000 (over 10% of the population) how to use these devices (and give them ready access).  Chicken scratch analysis (assuming standard distribution of heart attacks during a 24 hour period, or about 3/5 of them, would occur during non-sleeping hours when *someone* would witness the event) shows that we’d have about a 70% chance of saving the lives of about 150,000 of those cardiac incidents.  That’s 105,000 people.  We could cut the death rate from heart attacks down to 145,000-ish.

105,000 people.  Thirty-five times the number of people who died on 9/11.  Every year.  Heck, this is a horribly basic analysis, let’s say I’m off by an order of magnitude.  That’s still 10,500 people a year.

Memo To The President

Not mine, but Bruce’s.  It’s a good read; if you’re interested in cybersecurity issues, I recommend you take a peek, especially if you’re wondering what politicians ought to be doing to improve the condition of the Intertubes.

My favorite paragraph:

Security is both subtle and complex, and — unfortunately — doesn’t readily lend itself to normal legislative processes. You’re used to finding consensus, but security by consensus rarely works. On the internet, security standards are much worse when they’re developed by a consensus body, and much better when someone just does them. This doesn’t always work — a lot of crap security has come from companies that have “just done it” — but nothing but mediocre standards come from consensus bodies. The point is that you won’t get good security without pissing someone off: The information broker industry, the voting machine industry, the telcos. The normal legislative process makes it hard to get security right, which is why I don’t have much optimism about what you can get done.

Hoo, lord, is he right on that score… and this isn’t just about legislative processes.  Security by committee doesn’t work in your IT organization, either.  If you work for a medium-to-large company, you’ve probably seen the results of just this sort of intra-organizational political dogfight.

Via ResearchBlogging

What do you think about this?

Psychologists at New York University say they’ve found the answer to why people with right wing political views are happier than left-leaning liberals (as previously indicated by survey research). In short, conservatives are less upset by inequality because they believe people generally get what they deserve in life.

As one of the commentators pointed out, “left” vs “right” is probably oversimplifying.  I haven’t looked into the whole study yet, so I don’t know how much I agree with the conclusions.  But… interesting.

Animal Rights Activism Turns Ugly

From the LA Times:

Santa Cruz — Firebombs that struck the home and car of two UC Santa Cruz scientists this weekend were part of an increasingly aggressive campaign by animal rights activists against animal researchers at University of California campuses, officials said Monday.

This attack could very well have easily killed two children (ages 2 and 4), in addition to one of the targeted researchers, David Feldheim. Not that this appears to bother some of the kookier members of the Animal Rights community:

Jerry Vlasak, a Los Angeles physician who runs a website that highlights animal rights activism, blamed the scientists for the violence.

Vlasak, of the North American Animal Liberation Press Office website, said his organization had received no communique from any group claiming responsibility for the Santa Cruz fire bombings. Although he said he had no direct knowledge of the attacks, he also said that “the use of force” is “not unpredictable or untenable.”

“The inconvenience and the suffering of any children or any family members pales in comparison to the suffering and oppression that goes on in these animal laboratories,” Vlasak said in an interview Monday. Feldheim is “putting himself and his family in harm’s way by continuing to abuse animals.”

The problem with people like this is that they fail to recognize that their position is untenable -> if you support this sort of violence, you’re standing in the moral company of anyone who agrees that indiscriminate violence is an acceptable tool against those who believe differently than they do. Even if you assign some sort of moral culpability on the children of animal researchers (a dodgy moral platform if there ever was one), you’re also possibly killing… oh, security guards, cleaning personnel, homeless passerby, or firefighters who have a duty to extinguish the blaze. While a tortured mind may be capable of including the first two in the “morally culpable” category using the same crazy criteria by which they include children, you can’t possibly include the latter two.  Well, unless you really are a terrorist, but more on that later.

By extension, then, it’s perfectly reasonable within Mr. Vlasak’s moral code for someone who disagrees with *him* to go blow up his office. Of course, the same legal system that is trying to catch the animal rights nuts will protect Mr. Vlasak to the best of its ability.

While I respect that it makes sense (from a societal standpoint) to defend free speech, I’ve got to wonder if we’ll ever manage to eliminate the kooks in our society when we encourage them to exercise free speech while defending them from the logical conclusions of their own speech. I suppose not, the nuts are here to stay.

One additional comment on this story: I’m afraid I have to disagree with UC Santa Cruz Chancellor George Blumenthal… this doesn’t qualify as terrorism. I’m certain that the general research community may regard it as such, but that doesn’t make it so. It’s arson, attempted murder, willfull destruction of private property… but it’s not terrorism. As kooky and morally bankrupt as the bombers may be, they’re not bombing random targets in the general populace for political reasons. The Unabomber wasn’t a terrorist, he was a serial killer. While the line dividing the two is very blurry, terrorism deliberately targets general civilians in an attempt to cower an entire populace, which is not what these people are doing.

I say this not to understate the crime, but because the term “terrorism” ought to be restricted to people that deserve the label.

Dr. Free Ride’s take.

Absence of Tradeoff

From UK’s Telegraph:

Stephen House, Chief Constable of Strathclyde, said that storing the genetic profiles of every man, woman and child would help catch more criminals.

Whoo, lord:

Would it deter people? That’s less certain, but we would detect more crime.

No, you wouldn’t.  You’d detect as much crime as you detect now.  You might have an easier time establishing who was at a crime scene, but that’s not “detecting more crime”.

One tradeoff missing from Constable House’s analysis:

Human rights lawyer John Scott said yesterday that the plan would “disturb the balance between the state and the individual”.

He added: “At a time when people are calling for the English system to be closer to our own, we shouldn’t be going in the opposite direction.

“We could get a situation where outside bodies like insurance firms manage to get hold of DNA from innocent people and use it for their own purposes.”

Aside from the intentional misuse factor, there is a horrible accidental misuse problem.  If you put 300 million records in a single storage medium, the odds of your data being absolutely correctly correlated
are… poor.  Data entry clerks transpose numbers, accidentally swap vials.  Bar code readers can mis-scan entries.  Certainly, a 1 in 10 million error rate sounds pretty good, right?  Until you’re one of the 30 errors, that is.

Can you imagine the injustice of being accidentally mis-identified as a serial rapist and murder by a DNA test?  You could never shake that, some people would always believe that you got out on a technicality.

And yes, this database would be cracked.  How could it not be?  The information in it would be of incalculable value.  You want to know who gave you up for adoption, even though they did it under a court seal?  You’ll find out.  You want to know if your daughter’s boyfriend has a genetic predisposition toward alcoholism?  You can find out.

Whoops

Have you heard of “Clear”?

No, it’s not a drug, it’s a travel program in which you give a company access to lots of personal information about you in return for a “get out of security free” card which enables you to bypass the security screening at the airport.

No, I’m not going to talk about why this program is utterly boneheaded, but if you’re interested in commentary you can read this thread (this provides some random internet commentary).  The money quote from Bruce’s post:

But the stupid idea is the background check. When first conceived, traveler programs focused on prescreening. Pre-approved travelers would pass through security checkpoints with less screening, and resources would be focused on everyone else. Sounds reasonable, but it would leave us all less safe.

Background checks are based on the dangerous myth that we can somehow pick terrorists out of a crowd if we could identify everyone. Unfortunately, there isn’t any terrorist profile that prescreening can uncover. Timothy McVeigh could probably have gotten one of these cards. So could have Eric Rudolph, the pipe bomber at the 1996 Olympic Games in Atlanta. There isn’t even a good list of known terrorists to check people against; the government list used by the airlines has been the butt of jokes for years.

And the hilariously prescient part:

And have we forgotten how prevalent identity theft is these days? If you think having a criminal impersonating you to your bank is bad, wait until they start impersonating you to the Transportation Security Administration.

Reportedly, FlyClear has managed to lose a laptop with 33,000 records containing information on registered members of the program.  Thanks for the story, BreakItDown (although, note a minor criticism, references in your blog stories are a good idea).  As a result, new memberships in the program are currently suspended.  Very well done, Verified Identity Pass, Inc., nothing boosts your credibility more in the security marketplace than losing your customer’s data in an unencrypted format.

From the Tribune link:

“The vulnerabilities came to light after an unencrypted VIP laptop computer was discovered to be missing from San Francisco International Airport (SFO) on July 26,” the TSA said. “The computer contained pre-enrollment records of approximately 33,000 customers.”

The Clear program, which is operated by Verified Identity Pass, Inc., a private company based in New York City, checks credentials and issues “Clear” identity cards to frequent travelers, who pay an initial fee of $128 a year. The cards allow travelers to scan their cards and move quickly through security.

The TSA, in a statement, said it has asked the company to stop enrolling new customers until it stops using unencrypted computers. “VIP will be required to submit an independent audit, verifying that the required security measures are in place. TSA will verify the audits before enrollment procedures can resume,” the TSA said.

[Edited to add] - Bruce’s direct commentary on this story.

Traveling Insecurely

Bruce beat me to the post on this one, but since I just finished a weekend of odd travel arrangements I thought I’d put my commentary on record.

Of course the recent crazy event in Canada would lead to this reaction: TSA-like security for bus lines!

As Bruce linked, there are a couple of obvious reasons why this is impractical. A bus is not a plane, and a bus route is nothing like an airplane’s flight plan.

The only problem with the analysis linked above is that it’s starting from a false baseline: TSA-like security already makes no sense for airplane travel. I went through security three times this weekend, and I saw a number of staggering stupidities. I’ll relate a few:

The TSA checkpoint in Albuquerque was comparatively overstaffed (in relation to LAX’s). This meant that the same number of screeners had far less time pressure than their compatriots in Los Angeles. Side effect? While putting on my shoes, I saw a total of four women (one being my wife, which is why I was hanging around the checkpoint long enough to notice) have their bags unpacked, their toiletries unbagged from the gallon-sized clear plastic bag they were packed in, and *repacked in a quart-sized bag*, then marched back through the security queue. Why? Because the toiletries need to be in a quart-sized bag. Now, in one sense I can understand the idea that the TSA is trying to keep the amount of total toiletries down to a “reasonable” amount for the security staff to screen, hence the requirement for the smaller baggie (if one assumes that it is reasonable to block some amount of toiletries to begin with - which is ridiculous, by the way - this otherwise makes sense). But the bag size limit has no other practical reason; one cannot argue that a gallon bag represents in and of itself a bigger security threat than a quart sized bag (you couldn’t even suffocate someone with it easier than a quart bag). So the purpose of the bag size limit (to make the security screening process faster) actually has the reverse effect -> when the airport is busy (like LAX), the screeners really don’t pay any attention to the size of your clear plastic bag, but when the airport is less busy, the screeners *create additional work* for themselves and the passengers by requiring travelers to follow rules that don’t have anything to do with security. This is a classic example of something designed to increase process efficiencies becoming an impediment to itself.

My penknife was confiscated (again, in Albuquerque, sailed through LAX). Now, this is my own stupid fault, as I’m usually pretty thorough when it comes to prepping for security screening, and I just missed slipping this off my keyring and leaving it at home before travelling. However, this is a fingernail grooming knife. The longest blade was less than 2 1/4″. Honestly, if I’m going to try and kill someone on a plane, this would be on the list of improvised weapons somewhere far south of a roll of nickels.

For the record, I don’t blame the TSA employees for any of this (even the one that pocketed my penknife instead of throwing it in the bin). They’re following rules, and they’re for the most part about as courteous as one could ask given that they’re asking you to do patently ridiculous things for idiotic reasons.

All of this process involved in getting on a plane… then when we landed at OAK and jumped on the BART to go to San Francisco, we weren’t screened getting on the shuttlebus, or getting into the BART terminal, or getting on the train. Together, we were carrying two large bags and two small ones. For those of you unfamiliar with BART, it includes a fairly long jaunt under San Francisco Bay. I’m not an explosives expert by any means, but if the tunnel is undergoing an earthquake retrofit to prevent it from flooding, it seems pretty likely that you could pack enough explosives in a couple of decent sized bags to blow the tunnel and flood the line.

So why isn’t BART subjected to the same security screening that airplanes are? Because nobody has tried to bomb it yet? Doesn’t this represent a failure of imagination on behalf of the security folks?

Actually, it doesn’t… although you might not guess that if you see how the Department of Homeland Security distributes grant money. None of this security is effective. It won’t stop a determined attacker, but even if it could it represents a huge waste of money for very little return. Heck, if we ran people through scanners and screenings at bus terminals and BART terminals, they could still pack enough kablooie on a bus to do some severe damage to the Golden Gate Bridge. What’s next? Security screening before you’re allowed to drive your own car?

The TSA’s budget was $0.00 in 2001. $1,345,000,000 in 2003. The TSA requested $4,810,000,000 in 2004. In 2008, they’re spending $6,814,000,000 and they’re requesting $7,100,000,000 for 2009 (last link is a PDF). Without doing complete research on total expenditures and whatever other functions the TSA has grown to provide, it’s still obvious that we’ve spent over $10,000,000,000 since 2001 *just enforcing airline rules*.

Ten. Billion. Dollars.

How many lives could that have saved if we spent the money on medical research? How much safer would we be, as a nation, if we had spent ten billion dollars on upgrading our air traffic control system? Or upgrading the nation’s highways? The Federal Motor Carrier Safety Administration’s 2007 budget was $455 million dollars, or about 1/15th of the TSA’s 2008 budget. And yet the FMCSA is responsible for reducing crashes, injuries, and fatalities involving large trucks and buses -which average about 1,300 deaths per year just on the employee side (ie, the drivers of the large trucks and buses), to say nothing of their passengers or other cars that might be involved in the accident(s) - quantifiably a problem bigger than airline terrorism by an order of magnitude.

How does any of this make any sense?