I think you're the one mistaken about a "free market". It means that the market works with NO government intervention into business.
This includes: No OSHA If you contract with a company knowingly putting yourself in danger, well, that's *your* fault, not theirs. You should have worked somewhere safer. Monopolies and Oligopolies are free to exist since no government can step in to take them down. Collusion is free to run rampant since there will be no regulation on it. Insider trading and stock manipulation is all good to go, again, no government to stop them! Privacy? Regulatory Compliance? Who needs that? You got injured from a product, aka lawn darts? Then don't buy them if they're so unsafe!
You could leave. The ultimate reality of this situation is that the BUSINESS thinks that the IT department they have fulfills their needs, not yours. If it doesn't fulfill your needs, go up the proper business channels explaining why they don't. If nobody listens or cares, then find another job. At this point it's the company's loss if you leave, not yours.
It's a good move. Parsing syslog sucks. And I don't care how awesome you think you are as a developer--you need to use the system logging facilities to make it easier on those of us who adminster systems.
At the very least a unified format similar to Microsoft's format would be nice.
Even if attackers can remove relevant logs they have no guaranteed knowledge of what your logging is doing and triggering upon first entry (hopefully). A root login or escalation that triggers an e-mail is something they're very unlikely to catch before you are notified about the intrusion.
From the article it appears it had nothing to do with whether or not root login is turned on.
Remember, OpenSSH runs as the root user even if root logins are not accepted. Exploiting a vulnerability in OpenSSH isn't entirely out of the picture.
A more proper way to do things is to force a VPN scenario to manage your servers. Try to run known proven VPN hardware from major vendors (such as Juniper and Cisco) where the hardware they use is special purpose (and not running a lot of extra fluff), which limits your attack surface. Then you enable management of your machines via the VPN.
FYI: I have seen video proof of a current version of OpenSSH with a remote escalation exploit that has yet to be acknowledged or patched. The exploit code was supposedly purchased by Apple. The demonstration was run on Ubuntu 11.10.
As far as desktop is concerned I don't consider linux to be any different than Windows. While it is true that by default Windows XP and previous permitted Administrative privileges, UAC in Vista and 7 go a step above to prevent "drive by" system-level malware infections.
Local root escalation exploits exist, but they exist in Linux, too. This goes for a very wide range of applications.
Both Windows and Linux have gone through great lengths for local security though, and I'd suggest looking at the Microsoft Enhanced Mitigation Experience Toolkit utility that is available.
You can harden individual processes from common exploit techniques (heap spray, null page, structured exception handling, etc)
Just to respond to you here, and keep in mind I'm an Atheist (whom has also read a good chunk of the Old Testament).
-First and foremost, The simple gist of "Creation" is that around 5,000 years ago God created Earth, the Sun, everything around, and then created Adam, then created Eve from Adam's rib. Then Eve ate the apple from the tree of knowledge and got them both kicked out of the garden of Eden.
Come forward to our time where we have evolutionary theory, and they reject anything that could contradict this idea that "God created man through Adam and Eve".
What they've attempted to do in the education system here in the US to placate this theory is to try and separate "macro" vs "micro" evolution. The idea that mutations occur within a species, but speciation is a different process altogether. What this method of teaching allows religious people to do is separate the idea that "man came from Apes" from the idea that "We can selectively breed certain types of food."
Some aren't satisfied with that separation though and wish to go even further.
This is exactly what we used to do at my old job. People would come to IT asking to buy something, and then we'd say "You have to get your manager to approve it", where it would go on their team's budget, not IT's.
People very quickly learned just how much extra $ that "OMFG AWESOME APP" is that they just want to throw out to their whole team.
There are advantages and disadvantages to this approach though. A disadvantage is sometimes you can pad some numbers in IT to make things happen that otherwise you couldn't get, and plan for unknowns. This may sound like you're trying to shaft the company but you're really not. For example, for a big project, you pad in an extra couple of grand to pick up another server here or there that can be used to help that project along that wasn't originally specced for. You have to tread carefully with this approach, but it is needed sometimes when people don't know what they truly need, and when shit hits the fan and IT's prepared, they look at IT for the respect of making that happen.
You do know that *all* of Google's services are IPv6-enabled, right? As of right now they have it specially configured to only be available to "white-listed" IPv6 DNS servers. Expect that to change over the course of 2012, then, IPv6 Google for everyone!
Facebook has www.v6.facebook.com, xbox.com is IPv6-enabled, World of Warcraft has a few IPv6-enabled game servers (only a few mostly due to datacenter and deployment limitations).
Expect a massive IPv6 push in 2012 due to the Comcast deployment.
-Instead of thinking IT "gets in the way", you should put together what it is you want to do on the network and the systems and propose it to IT. If you're a decently sized company I also hope you have a Security guru within the company as well. Sometimes this is one and the same with IT, depends on the structure.
-Propose your change to IT to see if it's something they are going to have to support. Chances are if it's on the network, IT is going to have to support in some way--whether it be server infrastructure or application support. If it's something IT is going to get called about at 2AM that's down that you stood up, the IT department has every right to control that network.
I actually work in a shop where we in IT keep a very hands off approach and believe me it's a nightmare. It's a nightmare to support and it's a nightmare from a security perspective. I'm actually working a plan in order to bring it back into IT's hands so we can at least handle what's going on. We recently had a security audit done and believe me--it wasn't pretty.
-Trust IT that they know what they're talking about, generally. Not every IT guy is a guru at what they do, but trust that they have to handle not only what you're doing but *everyone else* as well. Every piece of software that every middle manager throws on their systems and think they're someone important because they have "manager" in their title. IT does not report to you; and for the most part the only real answer they need to give you with $special_application is that it's nothing on the network that would prevent it from working.
IT is also not usually consulted on projects but typically asked to stand servers up. As another example, we've got 10 year old Sun server hardware (long since EOL) that's supporting some developer applications. IT had pretty much no say in the matter at the time as far as this hardware is concerned, but guess who gets e-mails and phone calls when the hardware goes down? I've now had to replace multiple fans by gutting un-used systems. They're going to really go to shit when something more serious dies, such as a disk controller--and they lose everything.
The above situation is exactly the situation that happens when IT doesn't have control over the environment. This is why we try ot push for it.
As an FYI, the solution to the aforementioned Sun server problem is IT pulling in some new hardware with RHEL6 and configuring it for the developers to replace the aging Sun boxes (so they can install Oracle) and go from there. We're also pulling it under IT's banner as an essential service for 8x5 support. We're procuring licensing, books, training, and support contracts.
It's not that it's not easy to support, it's not that it's not easy to configure--the problem comes in with who actually owns the data and where that data goes. With your iPhone, you have access to resources even after you're fired that you should no longer have access to. There's data and information on your phone that does not belong to you that belongs to the company.
But since it's your phone you surely aren't going to let the company wipe your phone and wipe your iPhone backups, are you? Of course not.
And this is where the problem comes in.
For more secure configurations (and if you do anything with user financial data or medical records, as well as anything government) you tend to have to follow a strict policy for encryption and security of that data. Every single one of the laptops and desktops on the government network that we support is encrypted. It's a bitch for us in IT to have to handle at times, but it works.
Throw in some FIPS requirements and there again goes your iPhone.
That depends on what you would consider valid under the Constitution.
First and foremost, the TSA is a government institution, for the time being.
Airports, however, are private entities (some are state run, but very few). A private entity is not governed by the Constitution. So technically speaking, a private airport is a Constitution-free property. You can argue all you want against this but most of the arguments for the Constitution argue exactly for these very rights.
Airplanes are also private objects, they are not public goods. So an airline could say that you cannot fly without being searched, and an airport is freely able to install as many searching mechanisms as they want. If they really wanted to they could also insist you pray to Allah and the Quran and there's nothing you can do about it except not fly.
The only real sticking point here is *who* is conducting the searches. But once the TSA goes private, which they have been trying to do for years now, any semblance of a Constitutional argument you have completely goes out the window. Why? Because the entire process is a private entity process at that point.
In fact, if they really wanted to they could FORCE us to go through the cancer scanners if we wanted to fly at all, period. The fact that they provide an opt-out is rather generous, IMO, and an option I take advantage of every time.
Keep in mind that most people that argue in favor of the "keep right" laws aren't actually trying to follow the law. As stated above, I understand the roads and the point of the keep-right laws very much.
One other point that I kept out that is the primary thing that most people use to validate their viewpoints: Most keep right laws do not define anything related to the speed limit. In some states it's implied, in others you are required by law to allow anyone to pass you if they're going faster. The primary purpose of that is revenue generation. For example, the guy going 90mph, if caught, is going to get a higher fine than the guy going 10mph over. So the laws will silently encourage this behavior to allow more money to come in.
In Maryland we do not have a "keep right" law, so I never grew up with it and never learned it. For the most part I have rarely encountered a situation where someone "slow" is in the left lane, that is, slower than the speed of traffic--unless there's a lot of traffic. Typically you'll see it on 3 or 4 lane highways (say, I-695) where there's a disabled vehicle on the left-hand side, or construction.
More importantly, the people arguing in favor of this are not using the lane for "passing" either. They are very well speeding in that lane.
In an ideal situation the following is true (and so is the design of the passing lane)
-Speed limit on the road of 65 mph. -Trucks generally are required to go a bit slower, generally 55mph. -Sometimes people tend to go slower for whatever reason--either hauling items or just scared of the road. -You, going 65mph, would then merge into the passing lane to go around the trucks, people going slow, and people hauling items, then merge back into the right lane.
This is the ideal scenario and if you pay attention to road signs and how driving works that is exactly what you're describing.
Unfortunately the reality is more along the lines of this:
-In states where right-lane laws exist, MOST people generally stay to the right. You almost never see a "slow" person in the fast lane unless there's a significant amount of traffic on the road.
-The people you see in the left lane are "passing everybody", generally cruising, around 80mph or above. The speeds can vary, but I've found that no matter how fast I go there's usually at least a couple of people who insist on going faster.
States/Provinces I've driven in: California, Texas, Arkansas, Tennessee, Alabama, Virginia (both I-81 and I-95, and I-64), North Carolina (primarily I-95), Florida (Route 1, I-95, and the Florida Turnpike), South Carolina (I-95 and the road that goes to Charleston), New York (Manhattan Island, the highway that goes to Quebec, I-95, and I-86), Pennsylvania (I-95, I-76, and various areas around Pittsburgh), New Jersey (Garden State Parkway and I-95), Quebec (A-40, all around Montreal Island, Quebec City, various other highways), Maryland (I live here)
I opt out of these things every time I fly. My buddies insist "you get more exposure to radiation flying in the aircraft than you do going through the scanner." They proceed to go right through them.
Amusingly enough I've had an easier time voluntarily subjecting myself to the search than I have ever had when involuntarily being forced into being searched. I travel a lot, single white guy, long hair--most people assume drugs, search accordingly.
At the end of the day though; someone touching my crotch very briefly (trust me, they don't want to be touching me any more than I want to be touched) isn't going to give me cancer.
Incorrect. Speeding is born out of the desire to speed. It has never mattered how fast I go, how smoothly I am operating--the fact is you always get those people that will speed faster than you. I've seen upwards of 90mph on I-95 in Maryland while I'm cruising at 70mph in the "fast" lane.
Merging in and out of traffic, for any reason is FAR more dangerous than me going a mere 5 mph over the speed limit. So to force me to merge because every asshole who thinks they're important wants to go 80mph is causing me to be reckless.
The alternative is for *me* to get stuck behind the asshole in the right lane doing 45mph in a 65mph zone.
So what makes YOU more important that *I* have to get behind the slower guy so YOU can go faster?
A warming Earth doesn't mean you'll have summer into January in Canada.
It means processes that have occurred for tens and hundreds of thousands of years are thrown out of balance, of which hundreds of thousands of species rely on. Do you really think humanity is prepared for a disastrous change in global climate? No. There's a strong possibility that many millions will die, and it will happen "slowly". What you'll see is more fighting over resources that never had a problem with before. You already see some bits of this between states in the US (Arizona and the Colorado River, and the whole fiasco between Georgia and Tennessee).
Massive global shifts in climate happen but typically take many hundreds to thousands of years to actually occur. There was a time when humans survived while England was completely under ice--but the kicker is *we didn't actually live there*.
For all intents and purposes this is Capitalism at its finest. That is, China as a *government* ensures that production output is high and costs are low. But at the end of the day, it doesn't matter if it was China or "Super Multi-National Private Enterprise", the affects would be the same.
I would argue that attempting to leverage tariffs is in fact "crony Capitalism", i.e. "We want you to increase the cost to import their products so we can compete because we don't think it's fair."
Slashdot Mirror
I rather enjoy the light from a daylight CFL bulb, it's much nicer. But then again, I'm not one of those types of "color phile" people.
Flicker from CFLs? Really? Because I see the flicker from incandescent bulbs and I don't like it.
I think you're the one mistaken about a "free market". It means that the market works with NO government intervention into business.
This includes:
No OSHA
If you contract with a company knowingly putting yourself in danger, well, that's *your* fault, not theirs. You should have worked somewhere safer.
Monopolies and Oligopolies are free to exist since no government can step in to take them down.
Collusion is free to run rampant since there will be no regulation on it.
Insider trading and stock manipulation is all good to go, again, no government to stop them!
Privacy? Regulatory Compliance? Who needs that?
You got injured from a product, aka lawn darts? Then don't buy them if they're so unsafe!
You could leave. The ultimate reality of this situation is that the BUSINESS thinks that the IT department they have fulfills their needs, not yours. If it doesn't fulfill your needs, go up the proper business channels explaining why they don't. If nobody listens or cares, then find another job. At this point it's the company's loss if you leave, not yours.
although they sometimes get grants from various government agencies to buy new equipment).
What about the OP's post did you not understand when you wrote that statement?....
It's a good move. Parsing syslog sucks. And I don't care how awesome you think you are as a developer--you need to use the system logging facilities to make it easier on those of us who adminster systems.
At the very least a unified format similar to Microsoft's format would be nice.
ID / DATE-Time / Severity / BLOB OF TEXT
This guy ^
You employ good security measures IMO :)
Even if attackers can remove relevant logs they have no guaranteed knowledge of what your logging is doing and triggering upon first entry (hopefully). A root login or escalation that triggers an e-mail is something they're very unlikely to catch before you are notified about the intrusion.
From the article it appears it had nothing to do with whether or not root login is turned on.
Remember, OpenSSH runs as the root user even if root logins are not accepted. Exploiting a vulnerability in OpenSSH isn't entirely out of the picture.
A more proper way to do things is to force a VPN scenario to manage your servers. Try to run known proven VPN hardware from major vendors (such as Juniper and Cisco) where the hardware they use is special purpose (and not running a lot of extra fluff), which limits your attack surface. Then you enable management of your machines via the VPN.
FYI: I have seen video proof of a current version of OpenSSH with a remote escalation exploit that has yet to be acknowledged or patched. The exploit code was supposedly purchased by Apple. The demonstration was run on Ubuntu 11.10.
As far as desktop is concerned I don't consider linux to be any different than Windows. While it is true that by default Windows XP and previous permitted Administrative privileges, UAC in Vista and 7 go a step above to prevent "drive by" system-level malware infections.
Local root escalation exploits exist, but they exist in Linux, too. This goes for a very wide range of applications.
Both Windows and Linux have gone through great lengths for local security though, and I'd suggest looking at the Microsoft Enhanced Mitigation Experience Toolkit utility that is available.
You can harden individual processes from common exploit techniques (heap spray, null page, structured exception handling, etc)
Just to respond to you here, and keep in mind I'm an Atheist (whom has also read a good chunk of the Old Testament).
-First and foremost, The simple gist of "Creation" is that around 5,000 years ago God created Earth, the Sun, everything around, and then created Adam, then created Eve from Adam's rib. Then Eve ate the apple from the tree of knowledge and got them both kicked out of the garden of Eden.
Come forward to our time where we have evolutionary theory, and they reject anything that could contradict this idea that "God created man through Adam and Eve".
What they've attempted to do in the education system here in the US to placate this theory is to try and separate "macro" vs "micro" evolution. The idea that mutations occur within a species, but speciation is a different process altogether. What this method of teaching allows religious people to do is separate the idea that "man came from Apes" from the idea that "We can selectively breed certain types of food."
Some aren't satisfied with that separation though and wish to go even further.
This is exactly what we used to do at my old job. People would come to IT asking to buy something, and then we'd say "You have to get your manager to approve it", where it would go on their team's budget, not IT's.
People very quickly learned just how much extra $ that "OMFG AWESOME APP" is that they just want to throw out to their whole team.
There are advantages and disadvantages to this approach though. A disadvantage is sometimes you can pad some numbers in IT to make things happen that otherwise you couldn't get, and plan for unknowns. This may sound like you're trying to shaft the company but you're really not. For example, for a big project, you pad in an extra couple of grand to pick up another server here or there that can be used to help that project along that wasn't originally specced for. You have to tread carefully with this approach, but it is needed sometimes when people don't know what they truly need, and when shit hits the fan and IT's prepared, they look at IT for the respect of making that happen.
It sounds like you need to attend one of my IPv6 courses :)
What exactly are you talking about with "dual stack lite"?
Comcast is going completely native dual stack. They are maintaining both an IPv4 and an IPv6 infrastructure separate at the IP layer.
You do know that *all* of Google's services are IPv6-enabled, right? As of right now they have it specially configured to only be available to "white-listed" IPv6 DNS servers. Expect that to change over the course of 2012, then, IPv6 Google for everyone!
Facebook has www.v6.facebook.com, xbox.com is IPv6-enabled, World of Warcraft has a few IPv6-enabled game servers (only a few mostly due to datacenter and deployment limitations).
Expect a massive IPv6 push in 2012 due to the Comcast deployment.
Per more recent RFC changes the requirement has been lowered.
/48, so as long as they aren't forcing you to below a /64 for stupid reasons like "we're wasting IP space".
/56 and /60s as-needed.
ISPs do not have to provide a
Essentially, chances are you're going to get
I have a word of wisdom for you:
-Instead of thinking IT "gets in the way", you should put together what it is you want to do on the network and the systems and propose it to IT. If you're a decently sized company I also hope you have a Security guru within the company as well. Sometimes this is one and the same with IT, depends on the structure.
-Propose your change to IT to see if it's something they are going to have to support. Chances are if it's on the network, IT is going to have to support in some way--whether it be server infrastructure or application support. If it's something IT is going to get called about at 2AM that's down that you stood up, the IT department has every right to control that network.
I actually work in a shop where we in IT keep a very hands off approach and believe me it's a nightmare. It's a nightmare to support and it's a nightmare from a security perspective. I'm actually working a plan in order to bring it back into IT's hands so we can at least handle what's going on. We recently had a security audit done and believe me--it wasn't pretty.
-Trust IT that they know what they're talking about, generally. Not every IT guy is a guru at what they do, but trust that they have to handle not only what you're doing but *everyone else* as well. Every piece of software that every middle manager throws on their systems and think they're someone important because they have "manager" in their title. IT does not report to you; and for the most part the only real answer they need to give you with $special_application is that it's nothing on the network that would prevent it from working.
IT is also not usually consulted on projects but typically asked to stand servers up. As another example, we've got 10 year old Sun server hardware (long since EOL) that's supporting some developer applications. IT had pretty much no say in the matter at the time as far as this hardware is concerned, but guess who gets e-mails and phone calls when the hardware goes down? I've now had to replace multiple fans by gutting un-used systems. They're going to really go to shit when something more serious dies, such as a disk controller--and they lose everything.
The above situation is exactly the situation that happens when IT doesn't have control over the environment. This is why we try ot push for it.
As an FYI, the solution to the aforementioned Sun server problem is IT pulling in some new hardware with RHEL6 and configuring it for the developers to replace the aging Sun boxes (so they can install Oracle) and go from there. We're also pulling it under IT's banner as an essential service for 8x5 support. We're procuring licensing, books, training, and support contracts.
It's not that it's not easy to support, it's not that it's not easy to configure--the problem comes in with who actually owns the data and where that data goes. With your iPhone, you have access to resources even after you're fired that you should no longer have access to. There's data and information on your phone that does not belong to you that belongs to the company.
But since it's your phone you surely aren't going to let the company wipe your phone and wipe your iPhone backups, are you? Of course not.
And this is where the problem comes in.
For more secure configurations (and if you do anything with user financial data or medical records, as well as anything government) you tend to have to follow a strict policy for encryption and security of that data. Every single one of the laptops and desktops on the government network that we support is encrypted. It's a bitch for us in IT to have to handle at times, but it works.
Throw in some FIPS requirements and there again goes your iPhone.
That depends on what you would consider valid under the Constitution.
First and foremost, the TSA is a government institution, for the time being.
Airports, however, are private entities (some are state run, but very few). A private entity is not governed by the Constitution. So technically speaking, a private airport is a Constitution-free property. You can argue all you want against this but most of the arguments for the Constitution argue exactly for these very rights.
Airplanes are also private objects, they are not public goods. So an airline could say that you cannot fly without being searched, and an airport is freely able to install as many searching mechanisms as they want. If they really wanted to they could also insist you pray to Allah and the Quran and there's nothing you can do about it except not fly.
The only real sticking point here is *who* is conducting the searches. But once the TSA goes private, which they have been trying to do for years now, any semblance of a Constitutional argument you have completely goes out the window. Why? Because the entire process is a private entity process at that point.
In fact, if they really wanted to they could FORCE us to go through the cancer scanners if we wanted to fly at all, period. The fact that they provide an opt-out is rather generous, IMO, and an option I take advantage of every time.
Keep in mind that most people that argue in favor of the "keep right" laws aren't actually trying to follow the law. As stated above, I understand the roads and the point of the keep-right laws very much.
One other point that I kept out that is the primary thing that most people use to validate their viewpoints: Most keep right laws do not define anything related to the speed limit. In some states it's implied, in others you are required by law to allow anyone to pass you if they're going faster. The primary purpose of that is revenue generation. For example, the guy going 90mph, if caught, is going to get a higher fine than the guy going 10mph over. So the laws will silently encourage this behavior to allow more money to come in.
In Maryland we do not have a "keep right" law, so I never grew up with it and never learned it. For the most part I have rarely encountered a situation where someone "slow" is in the left lane, that is, slower than the speed of traffic--unless there's a lot of traffic. Typically you'll see it on 3 or 4 lane highways (say, I-695) where there's a disabled vehicle on the left-hand side, or construction.
It is not the law in my state.
More importantly, the people arguing in favor of this are not using the lane for "passing" either. They are very well speeding in that lane.
In an ideal situation the following is true (and so is the design of the passing lane)
-Speed limit on the road of 65 mph.
-Trucks generally are required to go a bit slower, generally 55mph.
-Sometimes people tend to go slower for whatever reason--either hauling items or just scared of the road.
-You, going 65mph, would then merge into the passing lane to go around the trucks, people going slow, and people hauling items, then merge back into the right lane.
This is the ideal scenario and if you pay attention to road signs and how driving works that is exactly what you're describing.
Unfortunately the reality is more along the lines of this:
-In states where right-lane laws exist, MOST people generally stay to the right. You almost never see a "slow" person in the fast lane unless there's a significant amount of traffic on the road.
-The people you see in the left lane are "passing everybody", generally cruising, around 80mph or above. The speeds can vary, but I've found that no matter how fast I go there's usually at least a couple of people who insist on going faster.
States/Provinces I've driven in: California, Texas, Arkansas, Tennessee, Alabama, Virginia (both I-81 and I-95, and I-64), North Carolina (primarily I-95), Florida (Route 1, I-95, and the Florida Turnpike), South Carolina (I-95 and the road that goes to Charleston), New York (Manhattan Island, the highway that goes to Quebec, I-95, and I-86), Pennsylvania (I-95, I-76, and various areas around Pittsburgh), New Jersey (Garden State Parkway and I-95), Quebec (A-40, all around Montreal Island, Quebec City, various other highways), Maryland (I live here)
I'm a bit of a road warrior
I opt out of these things every time I fly. My buddies insist "you get more exposure to radiation flying in the aircraft than you do going through the scanner." They proceed to go right through them.
Amusingly enough I've had an easier time voluntarily subjecting myself to the search than I have ever had when involuntarily being forced into being searched. I travel a lot, single white guy, long hair--most people assume drugs, search accordingly.
At the end of the day though; someone touching my crotch very briefly (trust me, they don't want to be touching me any more than I want to be touched) isn't going to give me cancer.
Incorrect. Speeding is born out of the desire to speed. It has never mattered how fast I go, how smoothly I am operating--the fact is you always get those people that will speed faster than you. I've seen upwards of 90mph on I-95 in Maryland while I'm cruising at 70mph in the "fast" lane.
Merging in and out of traffic, for any reason is FAR more dangerous than me going a mere 5 mph over the speed limit. So to force me to merge because every asshole who thinks they're important wants to go 80mph is causing me to be reckless.
The alternative is for *me* to get stuck behind the asshole in the right lane doing 45mph in a 65mph zone.
So what makes YOU more important that *I* have to get behind the slower guy so YOU can go faster?
A warming Earth doesn't mean you'll have summer into January in Canada.
It means processes that have occurred for tens and hundreds of thousands of years are thrown out of balance, of which hundreds of thousands of species rely on. Do you really think humanity is prepared for a disastrous change in global climate? No. There's a strong possibility that many millions will die, and it will happen "slowly". What you'll see is more fighting over resources that never had a problem with before. You already see some bits of this between states in the US (Arizona and the Colorado River, and the whole fiasco between Georgia and Tennessee).
Massive global shifts in climate happen but typically take many hundreds to thousands of years to actually occur. There was a time when humans survived while England was completely under ice--but the kicker is *we didn't actually live there*.
For all intents and purposes this is Capitalism at its finest. That is, China as a *government* ensures that production output is high and costs are low. But at the end of the day, it doesn't matter if it was China or "Super Multi-National Private Enterprise", the affects would be the same.
I would argue that attempting to leverage tariffs is in fact "crony Capitalism", i.e. "We want you to increase the cost to import their products so we can compete because we don't think it's fair."
Welcome to Capitalism.