It sounds like you were able to avoid some of the more common pitfalls. Kudos on that. I was always pretty sure I'd stay on the individual contributor path, climbing the technical ladder and writing code for the rest of my career... until I wasn't. At one point, I got a taste of management and became hooked. It rivaled the feeling I got 20+ years ago when I wrote my first program in AppleSoft BASIC and filled up the screen with random colored boxes... I felt like a master of the universe. As much as I have enjoyed commanding electrons to do my bidding, leading a team of talented individuals and pushing them to exceed their perceived/self-imposed limitations, and accomplish something as a team that you never could have done yourself, has also been very rewarding and pushes me to expand my expertise beyond my comfort zone. Now that I only really write code for fun, I think I enjoy it even more than I did when I was getting paid for it.

The other day, I came across a site, http://www.nand2tetris.org/ that is a free course on computer architecture. In it, you build up a computer system from simple Nand gates, up through an ALU, CPU, Memory, and then the entire software stack, from machine code, assembly (via an assembler), high-level code via a compiler, etc. I took a course like this in college and it was another great "Aha!" moment for me where the connection between software and hardware (and eventually the basic physics of semiconductors) all came together for me. It was great to work through the hardware part of this course again (I got through it in an afternoon, but I was pretty addicted once I started). Give it a look, I think you'll enjoy it.

Touché.

2 out of the 5 Cornell Athletics FAQs attempt to explain it, but I still don't get it myself. No more ambiguous than the Crimson though.

I don't look at it that way. One of the things that drew me to engineering was the never ending abundance of challenges. I love solving problems and learning new things. Whenever I start to get cocky or too comfortable, it's nice to remind myself (now that I've learned it the hard way) that there's always more out there... more to learn, more difficult problems to solve, different types of challenges (physical, mental, etc.) that I can strive for.

I don't regret any part of my experiences detailed above, I'm grateful for having had the opportunities that I've had. I think the truly depressing view is the one in which you think you've reached the summit of the mountain and there's nowhere to go but down.

Go Big Red!

Seriously though, I think almost all engineers go through a similar progression. Spend high school overachieving (probably at the expense of social development), work hard and get into a great college, get knocked down a peg when you realize that you're either somewhere in the meaty part of the curve among other prospective engineers, or that you'll actually need to *try* in order to get that A for the first time in your life... once you do succeed (or maybe just fail to fail) you graduate college thinking you're ready to take on the world... enter the business world and realize that the fancy education you paid so much for is only good enough to get your foot in the door...come to the realization that respect is earned by experience and demonstrated value... spend a few years building up credibility and expertise, then realize that being a manager (or director, or VP, etc.) requires some serious people skills (remember all those parties and extracurricular activities you skipped in high school in favor of hacking and video games?) and either choose to stay on the individual contributor path and hone your skills to guru level or take the plunge and start educating yourself (both formally and informally) in how to effectively manage a bunch of cocky engineers.

That's my story in a nutshell, and I think there are probably quite a few people out there who can relate. The cyclical nature of it is somewhat poetic. Just when you think you've reached the summit, you're finally able to see the next peak.

I don't think that's really a fair analogy. Anti-virus software attempts to detect malicious code and prevent it from doing damage. Yes, some malicious code is executed via zero-day vulnerabilities in operating systems (i.e. security guard left a door unlocked), but a lot of virus infections are caused by unsafe user behavior. Users open/execute unknown email attachments, click malicious links, and willingly install sketchy software that purports to do some useful function for free while doing something malicious in the background. In this case, the owner of the building is telling the security guard to give the men in ski masks free reign of the building.

Microsoft's User Account Control attempts to mitigate this risk by requiring the user to confirm any program that requires elevated privileges to run, even if the user is a local administrator ("Are you sure you want to let XYZ program make changes to your computer?"). Even if the user mistakenly grants such privileges, a competent anti-virus package can raise a second alert - hopefully the user realizes they've made a mistake at this point (i.e. security guard says, "hey boss, those guys look like criminals, are you sure you really want me to let them in?). If they override that and let the program run, then all bets are off.

As far as I know, MS has a pretty good track record of fixing vulnerabilities that it knows about (i.e. mistakenly unlocked doors), and the occasional headline about a zero-day exploit shouldn't undermine your trust in their (free) anti-virus product.

Both analogies (rental car license plates, theater seats) are great and fit the situation very well... 2 of the best I've heard.

My point is that the case should be focused on determining whether or not there is sufficient evidence that the defendant violated the law, and most cases against a John Doe based solely on an IP address should be dismissed immediately based on that criterion. It shouldn't hinge on which side's lesson in network infrastructure resonates better with a technology-ignorant judge. Instead, these suits are allowed to stand and defendants are shaken-down for settlements without a judge ever getting the chance to be enlightened by biased lawyers on the nuances of TCP/IP. I'm not saying they need to be certified Network Engineers, but a basic understanding of the underlying technology (and how the laws apply to it) should be required.

Judges need to have a basic understanding (beyond that of your average grandparent) about how the underlying technology works in order to make a fair legal decision. One example that comes to mind are the lawsuits brought by the RIAA against John Does based on records of an IP address downloading or uploading a file. IP Addresses do not uniquely identify a person or even (most of the time) a single computer yet they allow these companies to harass individuals without sufficient evidence linking a specific person to any crime. I'm willing to bet that at one point in your life, you have probably operated a WiFi router either without security or using easily-broken WEP. If a stranger used your network to commit a crime, wouldn't you prefer a judge with a basic understanding of how networks and IP addresses work so that you could make an adequate defense? Or would you be ok with the prosecution dumbing it down for the judge and convincing them that "IP addresses are like social security numbers for computers"?

RFID is not a challenge/response system. It's a barcode that is read with RF instead of a laser. There is no microchip, no encryption code running on the passport, or any other intelligence. The only (security) value of RFID over a plain old barcode is that they aren't trivially easy to copy/fake with the average home computer/printer. If you were going to try to modify an e-passport (changing a birthdate or photo, for example), you would need the appropriate hardware and know-how to modify or replace the RFID tag so that the printed data matched the digital data. So it makes it more difficult or inconvenient to circumvent the system, but by no means does it provide the level of security that an active challenge/response sytem (think SmartCard) provides.

The RFID tag typically has all of the information that is visually printed on the passport and some countries encode the person's photo as well. Scanning the tag reads the information, providing a double-check against what's printed on the passport and can also be used to look-up additional information from databases like the no-fly list. The same could theoretically be accomplished with a printed 2D DataMatrix barcode, although if you wanted to encode the photo it would probably need to be pretty large (likely larger than the passport itself).

The first guy to hack a car's PC needs to be skilled. Turn that into a black-market android app and all of a sudden the middle-school dropout who had trouble learning how to jimmy or hotwire can steal a car with the swipe of a touchscreen. It's just a matter of time.