Well, in theory it's just for fishing a particular file with the filename that you type.
I'm not too worried about it, because in my office I use Linux and I run WinXP in a virtual machine, in that VM I use a nonadmin account for normal stuff - viewing and priting Word or Excel docs, instant messaging, AND I use the Run As feature to launch browser windows as yet another different nonadmin account. On the Linux host itself, I run firefox as a different user from my main user account.
So if I gather correctly, you can grab my bookmarks or downloaded files, IF I actually type all the letters to those specific paths? That's it?
I'd be more worried about Windows graphic driver exploits - graphics drivers seem a bit shoddy- plus they are all about performance, not security. And currently it's basically - Nvidia, ATI and Intel.
I've had weird things happen with Linux sound though so I wonder about the security of such stuff. I've pretty much given up on getting Linux sound to work properly for sustained periods of time (this on suse 10.0, perhaps I should try 10.2).
I'm not in the US, nor a US citizen, but I thought the US companies wanted to send those jobs overseas anyway? Why should smart US students waste X years doing CS, graduate and then have their jobs outsourced or have to compete for jobs treated as "cheap labour" by companies (after all what's the H1-B thing really about)?
If the companies keep changing their minds, well too bad for them.
Meanwhile, it's supply and demand. Not enough applicants? Start offering higher salaries and better working conditions then - too bad you'd probably have to wait a while - try thinking longer term next time.
Otherwise I think they just want more silly people to rush into CS just to increase supply and keep prices down.
The real crisis is the shortage of people with competence and integrity, rather than a shortage of people who do Computer Science.
BUT I do see valid uses for javascript. If my proposal is implemented, I wouldn't mind enabling javascript for some sites that I trust, IF I see they are using that tag to "disarm" content that comes from 3rd parties who I don't necessarily trust (it would be fairly easy to check).
That way I can have the features of javascript and know that it would be much harder for an attacker to inject malicious javascript into the site and have it execute on MY browser (if it supports the tag).
A paranoid website would even enclose nearly ALL its _own_ content and only enable trusted snippets of active content.
[1] At home when I need javascript etc or am browsing a less trusted site I use a browser in a virtual machine. At work, for normal sites I use a browser running as a different user.
The feature I proposed is to help a site protect their users from 3rd party content being displayed on that site.
3rd party content could be webmail being read, comments to a discussion site, search results, adverts.
Say I only allow jpgs and gifs in avatars, so as site owner, I just have the HTML for the avatars looking something like: <shieldson lock="z34kv85mg925" allowed="image-jpg,image-gif"/> <img src="http://3rdpartysite.com/hopefully/this/is/an/ avatar/image.jpg"> <shieldsoff lock="z34kv85mg925"/>
Similar thing for sigs, posts, or webmail from spammers/hackers. <shieldson lock="ad6i5gmp02d" allowed="plain-html,plain-text"/> potentially dangerous webmail message here <shieldsoff lock="ad6i5gmp02d"/>
Every now and then you hear Yahoo, MySpace, Gmail etc having problems with filtering out content that should not be active, or at least "that active";).
If the tags I propose are implemented, they will be a good _safety_net_.
The sites should still try to filter and escape stuff, but this is defense in depth. And it should be compatible with browsers that don't support it - they should ignore unknown tags.
Get one of those devices that allow you to skip ads then?
Or stick to buying DVDs or downloading videos so that you have better control.
It's not as if most ads are worth watching.
If there's a great ad you just have to see, I'm sure someone would put it on youtube, AND the advertisers who created it wouldn't object to you downloading it and watching it.
There is always risk. If you or your child can't deal with the risks of the real world, you might as well prepare to face it early. Otherwise you shouldn't even be driving a car.
This advertisement doesn't really increase the risks significantly at all, since all kids want to pretend to be like mommy/daddy.
Basically, your child is going to copy you and other people. If you do things right, your child will be copying you primarily, doing things right.
I remember pretending to drive a car when I was very very young. And at one point in time I also had a toy steering wheel which I was allowed to use in the car. At no time was I allowed to touch the _real_steering_wheel_, the gear shift, parking brakes or anyone busy driving a car.
Lastly, the chances of dying in life are 100%. So if you are risk averse maybe you should sign up for one of those eternal life assurance deals;)...
There really is plenty that can be done nowadays, and the url shortening sites make it possible to do even more "interesting" stuff.
For example: some discussion boards only check the url endings to see if it ends with jpg or gif before allowing you to specify it as your avatar.
Most url shortening sites allow you to add/blah.jpg to the shortened url without grumbling, and they will just append/blah.jpg to the final expanded URL.
So if you pick an expanded URL of http://targetsite.com/do=somethingnaughty&foo=
And the shortened URL is say: http://shorturl.org/s/szxvnf
Then you can specify an image to be http://shorturl.org/s/szxvnf/blah.jpg and it will expand to http://targetsite.com/do=somethingnaughty&foo=/bla h.jpg
And so something naughty happens without the victim even needing to click on anything.
If the site signs urls with the user's session cookie, and all urls and forms must have a checksum derived from this, then that makes it harder for the attacker.
However, if the attacker manages to inject javascript somewhere, that javascript could figure out the session cookies and other stuff. And that is why javascript is such a risk.
To reduce such risks, I proposed years ago to the W3C and browser makers to have an HTML tag that disables active content, but nobody really seemed interested.
Example: <shieldson lock="randomstring" allowed="java,vrml,svg"/> disallowed material disabled <shieldsoff lock="randomstring"/>
The attacker has to guess "randomstring" in order to inject active content that's not specifically allowed between <shieldson> and <shieldsoff>. Otherwise the browser will just ignore it (and/or log an error).
Without such tags, HTML is like driving a car with 100 accelerator pedals, but not a single brake pedal. To stop you need to make sure that ALL 100 accelerator pedals are not pressed.
Various people have said: "Just escape stuff correctly". But I think the evidence is that even though in theory people can make sure all 100 "Go" pedals are "escaped", in practice that doesn't happen well enough.
Furthermore, if someone comes up with a new "Go" tag #101, your old escaping libraries might not escape it correctly. Whereas my proposed "brake" tag will have a "default deny" behaviour, the browser should only allow specified active content. So any new type of active content that slips through escaping will still be ignored.
In my opinion the browser makers and browser language makers are not really interested about security.
Yeah, but I'm a harmless dick. So hopefully people learn from that, and don't click on something that causes big problems.
There really is plenty that can be done nowadays, and the url shortening sites make it possible to do even more "interesting" stuff.
For example: some discussion boards only check the url endings to see if it ends with jpg or gif before allowing you to specify it as your avatar.
Most url shortening sites allow you to add/blah.jpg to the shortened url without grumbling, and they will just append/blah.jpg to the final expanded URL.
So if you pick an expanded URL of http://targetsite.com/do=somethingnaughty&foo=
And the shortened URL is say: http://shorturl.org/s/szxvnf
Then you can specify an image to be http://shorturl.org/s/szxvnf/blah.jpg and it will expand to http://targetsite.com/do=somethingnaughty&foo=/bla h.jpg
And something naughty happens without the victim even needing to click on anything.
If the site signs urls with the user's session cookie, and all urls and forms must have a checksum derived from this, then it makes it harder for the attacker.
However, if the attacker manages to inject javascript somewhere, that javascript could figure out the session cookies and other stuff. And that is why javascript is a risk.
To reduce such risks, I proposed years ago to the W3C and browser makers to have an HTML tag that disables active content, but nobody really seemed interested.
Example: <shieldson lock="randomstring" allowed="java,vrml,svg"/> disallowed material disabled <shieldsoff lock="randomstring"/>
The attacker has to guess "randomstring" in order to inject active content that's not specifically allowed between <shieldson> and <shieldsoff>. Otherwise the browser will just ignore it (and/or log an error).
Without such tags, HTML is like driving a car with 100 accelerator pedals, but not a single brake pedal. To stop you need to make sure that ALL 100 accelerator pedals are not pressed.
Various people have said: "Just escape stuff correctly". But I think the evidence is that even though in theory people can make sure all 100 "Go" pedals are "escaped", in practice that doesn't happen well enough.
Furthermore, if someone comes up with a new "Go" tag #101, your old escaping libraries might not escape it correctly. Whereas my proposed "brake" tag will have a "default deny" behaviour, the browser should only allow specified active content. So any new type of active content that slips through escaping will still be ignored.
In my opinion the browser makers and browser language makers are not really interested about security.
Sure the F-22 will trash the F-15, but a creative and smart General might still be able to figure out ways to win even though losing a fair number of battles.
Whoa... You really really better get good advice ASAP.
If the IRS comes by and says you owe them say 80K, and you don't have cash, receipts and stuff to cover your butt, you're in big trouble.
You probably should have posted anonymously through tor:).
When the Gov can't pin anything on someone they don't like (or want to jail), they get the IRS to do the dirty work. And the IRS have quite a LOT of power.
I've heard a Slashdotter complain that one time he made a mistake and sent his state tax cheques to the Feds, and the Fed tax cheques to the state. The state told him nicely that they couldn't cash the cheque. But somehow the Feds managed to cash the cheque!
When he asked the Bank how they could allow that to happen, he was told the Bank isn't going to argue with the IRS, they can cash whatever cheque they want... Seems the feds got one of those big red rubber stamps, stamped over the cheque and pwn3d!
Don't panic yet. Get good financial/legal advice first. Ask for "off the record" advice too.
People keep complaining about my sig. But they should just learn.
Browsers suck. javascript is unsafe and most sites/webapps don't sign url/form parameters. So learn to think before you click.
And if you are thinking of clicking on some strange stuff, open a pristine VM, and use a clean browser there (you can even "sort of" put the VM on a different network from your computer - get two NICs).
"They don't understand HUMAN consequences. They get that if they stick their finger in a light-socket, they'll get shocked."
And they actually stop sticking their fingers in light sockets?
Simple solution then: stop sticking knives in people, etc, and you stop getting shocked. If you are right and basic conditioning works, then give them basic conditioning.
Maybe you are talking about a different mental problem? Some people/animals can only learn if they are immediately punished for the wrong actions. You can't punish them hours after the unwanted action. There are workarounds for that too.
Or are you now claiming they know the difference between getting pain from inanimate objects and getting pain from humans, and thus learn/respond differently? IF that is so, that would be very different from your claim that they "don't understand human consequences".
But I don't see the part that proves what you claim. It jumps straight to net CO2 without showing how that is calculated. So I attempted to do my own calculations based on the report's data.
From page 66 (second PDF), I get 22938 CO2-eq emitted from paper making (mill emissions- the dominating fraction as per page 80) that's passed to "magazine chain". But I am not sure how many tons of magazine paper were produced that generated those tons of CO2. I assume from page 67 that it's 37245 tons, but page 47 claims 37477 (which doesn't improve the report's credibility). To be conservative I shall take the lower figure (a higher figure will better support my claims).
I assume 44% per mass of carbon in paper (from various sources including cellulose being 44% carbon by mass). Using the figures from page 66 - it's 3.66 tons of "CO2-eq" to 1 ton of carbon. 37245 * 0.44 * 3.66= 59979 CO2-eq.
So you have 22938 tons of CO2 emitted as mill emissions for 59979 CO2-eq (of paper produced). Given the ratios in page 80 (comparing ME etc - ME seems to be about 60% of total emissions - 61% to 77% according to nytimes article[1]), if more than 90% of that paper is landfilled or just left lying around (preferably 100% as per my post and recommendation, but see also page 82 and 83[2]), tell me how there is net CO2 emission?
Keep in mind that my original suggestion[3] was that reusable paper is overrated and normal paper producing should be made more efficient and safer, and then keeping stacks of paper around would be fine for the environment.
Show me how the report you refer to actually proves that my suggestion is not practical or possible. In fact, the numbers in the report seem to show it's already possible.
Maybe I'm just too stupid to understand the report? In my opinion the report doesn't seem very good, perhaps I'm biased but I've seen much better reports and papers that clearly show how their respective conclusions are reached.
Yes, the reforestation bit is being done already. I'm talking about putting more work into making the creation of paper cheaper, more efficient and safe.
In some countries growing Kenaf might be an alternative to trees for paper.
If a sociopath doesn't understand consequences he/she would have died very early from doing the many fatally dangerous things their parents and other people told them not to do. Like running in front of a bus, eating something toxic, etc.
I suggest it's more that sociopaths don't give a damn about consequences like: "you're grounded", "I'm going to smack your bottom", "we are going to put you in jail for 10 years". In fact maybe over the years they gradually learn that they can survive harsher and harsher punishments, and lose all fear of anything "civilized society" is willing to threaten them with.
You said: "They will associate the pain and fear purely with the person that is causing it".
If they can fear, then they can be controlled. After all that's all organized crime needs to work. Same goes for "well run" Dictatorships. You really think sociopath won't understand "If you screw with me, I will find you, and I will kill you." especially when it comes from someone who has proven willing and capable of enforcing such threats?
Of course a civilized society probably should just lock up sociopaths who have proven themselves a danger to others. Perhaps in the future they could be allowed an option to be freed but forced to wear a device which monitors whatever they are doing and is happening to them (also for their own protection - they might be unpopular with others...), and that will kill them if tampered with, or if it loses contact with "Big Brother" for too long despite warnings. The device could be removed after X years of reasonable behaviour (a low threat to others).
Well, in theory it's just for fishing a particular file with the filename that you type.
I'm not too worried about it, because in my office I use Linux and I run WinXP in a virtual machine, in that VM I use a nonadmin account for normal stuff - viewing and priting Word or Excel docs, instant messaging, AND I use the Run As feature to launch browser windows as yet another different nonadmin account. On the Linux host itself, I run firefox as a different user from my main user account.
So if I gather correctly, you can grab my bookmarks or downloaded files, IF I actually type all the letters to those specific paths? That's it?
I'd be more worried about Windows graphic driver exploits - graphics drivers seem a bit shoddy- plus they are all about performance, not security. And currently it's basically - Nvidia, ATI and Intel.
I've had weird things happen with Linux sound though so I wonder about the security of such stuff. I've pretty much given up on getting Linux sound to work properly for sustained periods of time (this on suse 10.0, perhaps I should try 10.2).
I'm not in the US, nor a US citizen, but I thought the US companies wanted to send those jobs overseas anyway? Why should smart US students waste X years doing CS, graduate and then have their jobs outsourced or have to compete for jobs treated as "cheap labour" by companies (after all what's the H1-B thing really about)?
If the companies keep changing their minds, well too bad for them.
Meanwhile, it's supply and demand. Not enough applicants? Start offering higher salaries and better working conditions then - too bad you'd probably have to wait a while - try thinking longer term next time.
Otherwise I think they just want more silly people to rush into CS just to increase supply and keep prices down.
The real crisis is the shortage of people with competence and integrity, rather than a shortage of people who do Computer Science.
They're not weak vulnerabilities if they happen on webmail sites, Amazon, Ebay and so on.
All these sites display content from 3rd parties. If they screw up, or a popular browser screws up, pretty naughty stuff can happen.
People complain that "one click buy" is not secure? Hah, you should see "zero click buy"[1] when it happens. And then there's bidding...
Once you can sneak in significant amounts of arbitrary javascript, it's pretty much "pwn3d time".
[1] Perhaps I should patent it, but it's so obvious to anyone in that field right?
Look on the bright side, you got modded up :).
Anyway, the W3C, browser bunch didn't seem to get it either. Even had someone from Netscape saying: "a server-side library is a more robust solution".
But sites are STILL supposed to use libraries etc to escape stuff! It's supposed to be an _additional_ measure. Argh!
"That's why smart people use firefox & noscript"
Hey I surf with javascript turned off too[1].
BUT I do see valid uses for javascript. If my proposal is implemented, I wouldn't mind enabling javascript for some sites that I trust, IF I see they are using that tag to "disarm" content that comes from 3rd parties who I don't necessarily trust (it would be fairly easy to check).
That way I can have the features of javascript and know that it would be much harder for an attacker to inject malicious javascript into the site and have it execute on MY browser (if it supports the tag).
A paranoid website would even enclose nearly ALL its _own_ content and only enable trusted snippets of active content.
[1] At home when I need javascript etc or am browsing a less trusted site I use a browser in a virtual machine. At work, for normal sites I use a browser running as a different user.
I think you misunderstand the usage.
/>/ avatar/image.jpg"> />
/> />
;).
The feature I proposed is to help a site protect their users from 3rd party content being displayed on that site.
3rd party content could be webmail being read, comments to a discussion site, search results, adverts.
Say I only allow jpgs and gifs in avatars, so as site owner, I just have the HTML for the avatars looking something like:
<shieldson lock="z34kv85mg925" allowed="image-jpg,image-gif"
<img src="http://3rdpartysite.com/hopefully/this/is/an
<shieldsoff lock="z34kv85mg925"
Similar thing for sigs, posts, or webmail from spammers/hackers.
<shieldson lock="ad6i5gmp02d" allowed="plain-html,plain-text"
potentially dangerous webmail message here
<shieldsoff lock="ad6i5gmp02d"
Every now and then you hear Yahoo, MySpace, Gmail etc having problems with filtering out content that should not be active, or at least "that active"
If the tags I propose are implemented, they will be a good _safety_net_.
The sites should still try to filter and escape stuff, but this is defense in depth. And it should be compatible with browsers that don't support it - they should ignore unknown tags.
Get one of those devices that allow you to skip ads then?
Or stick to buying DVDs or downloading videos so that you have better control.
It's not as if most ads are worth watching.
If there's a great ad you just have to see, I'm sure someone would put it on youtube, AND the advertisers who created it wouldn't object to you downloading it and watching it.
Huh. Her dad was in the back seat.
;).
Looks like parents are one of the biggest dangers to their children. Either through bad nurture or bad genes
There is always risk. If you or your child can't deal with the risks of the real world, you might as well prepare to face it early. Otherwise you shouldn't even be driving a car.
;)...
This advertisement doesn't really increase the risks significantly at all, since all kids want to pretend to be like mommy/daddy.
Basically, your child is going to copy you and other people. If you do things right, your child will be copying you primarily, doing things right.
I remember pretending to drive a car when I was very very young. And at one point in time I also had a toy steering wheel which I was allowed to use in the car. At no time was I allowed to touch the _real_steering_wheel_, the gear shift, parking brakes or anyone busy driving a car.
Lastly, the chances of dying in life are 100%. So if you are risk averse maybe you should sign up for one of those eternal life assurance deals
There really is plenty that can be done nowadays, and the url shortening sites make it possible to do even more "interesting" stuff.
/blah.jpg to the shortened url without grumbling, and they will just append /blah.jpg to the final expanded URL.
a h.jpg
/>
For example: some discussion boards only check the url endings to see if it ends with jpg or gif before allowing you to specify it as your avatar.
Most url shortening sites allow you to add
So if you pick an expanded URL of http://targetsite.com/do=somethingnaughty&foo=
And the shortened URL is say: http://shorturl.org/s/szxvnf
Then you can specify an image to be http://shorturl.org/s/szxvnf/blah.jpg
and it will expand to http://targetsite.com/do=somethingnaughty&foo=/bl
And so something naughty happens without the victim even needing to click on anything.
If the site signs urls with the user's session cookie, and all urls and forms must have a checksum derived from this, then that makes it harder for the attacker.
However, if the attacker manages to inject javascript somewhere, that javascript could figure out the session cookies and other stuff. And that is why javascript is such a risk.
To reduce such risks, I proposed years ago to the W3C and browser makers to have an HTML tag that disables active content, but nobody really seemed interested.
Example:
<shieldson lock="randomstring" allowed="java,vrml,svg"
disallowed material disabled
<shieldsoff lock="randomstring"/>
The attacker has to guess "randomstring" in order to inject active content that's not specifically allowed between <shieldson> and <shieldsoff>. Otherwise the browser will just ignore it (and/or log an error).
Without such tags, HTML is like driving a car with 100 accelerator pedals, but not a single brake pedal. To stop you need to make sure that ALL 100 accelerator pedals are not pressed.
Various people have said: "Just escape stuff correctly". But I think the evidence is that even though in theory people can make sure all 100 "Go" pedals are "escaped", in practice that doesn't happen well enough.
Furthermore, if someone comes up with a new "Go" tag #101, your old escaping libraries might not escape it correctly. Whereas my proposed "brake" tag will have a "default deny" behaviour, the browser should only allow specified active content. So any new type of active content that slips through escaping will still be ignored.
In my opinion the browser makers and browser language makers are not really interested about security.
Oh well...
Yeah, but I'm a harmless dick. So hopefully people learn from that, and don't click on something that causes big problems.
/blah.jpg to the shortened url without grumbling, and they will just append /blah.jpg to the final expanded URL.
a h.jpg
/>
There really is plenty that can be done nowadays, and the url shortening sites make it possible to do even more "interesting" stuff.
For example: some discussion boards only check the url endings to see if it ends with jpg or gif before allowing you to specify it as your avatar.
Most url shortening sites allow you to add
So if you pick an expanded URL of http://targetsite.com/do=somethingnaughty&foo=
And the shortened URL is say: http://shorturl.org/s/szxvnf
Then you can specify an image to be http://shorturl.org/s/szxvnf/blah.jpg
and it will expand to http://targetsite.com/do=somethingnaughty&foo=/bl
And something naughty happens without the victim even needing to click on anything.
If the site signs urls with the user's session cookie, and all urls and forms must have a checksum derived from this, then it makes it harder for the attacker.
However, if the attacker manages to inject javascript somewhere, that javascript could figure out the session cookies and other stuff. And that is why javascript is a risk.
To reduce such risks, I proposed years ago to the W3C and browser makers to have an HTML tag that disables active content, but nobody really seemed interested.
Example:
<shieldson lock="randomstring" allowed="java,vrml,svg"
disallowed material disabled
<shieldsoff lock="randomstring"/>
The attacker has to guess "randomstring" in order to inject active content that's not specifically allowed between <shieldson> and <shieldsoff>. Otherwise the browser will just ignore it (and/or log an error).
Without such tags, HTML is like driving a car with 100 accelerator pedals, but not a single brake pedal. To stop you need to make sure that ALL 100 accelerator pedals are not pressed.
Various people have said: "Just escape stuff correctly". But I think the evidence is that even though in theory people can make sure all 100 "Go" pedals are "escaped", in practice that doesn't happen well enough.
Furthermore, if someone comes up with a new "Go" tag #101, your old escaping libraries might not escape it correctly. Whereas my proposed "brake" tag will have a "default deny" behaviour, the browser should only allow specified active content. So any new type of active content that slips through escaping will still be ignored.
In my opinion the browser makers and browser language makers are not really interested about security.
Yeah, so why didn't they simulate the F22 case, when the F20 had E/W transition problem, and the simulated early F16 had the equatorial prob?
Sure the F-22 will trash the F-15, but a creative and smart General might still be able to figure out ways to win even though losing a fair number of battles.
_ 2002
http://en.wikipedia.org/wiki/Millennium_Challenge
Having the right General and officers could make a significant difference.
IR opaque smoke grenades?
I'd rather use a smoke shield.
There's already smoke that even blocks IR.
Then use sonic imaging to get around in the smoke.
If you actually weren't paying any taxes to any country, that's like happily walking on thin air. Or thinking you will never die.
Whoa... You really really better get good advice ASAP.
:).
If the IRS comes by and says you owe them say 80K, and you don't have cash, receipts and stuff to cover your butt, you're in big trouble.
You probably should have posted anonymously through tor
When the Gov can't pin anything on someone they don't like (or want to jail), they get the IRS to do the dirty work. And the IRS have quite a LOT of power.
I've heard a Slashdotter complain that one time he made a mistake and sent his state tax cheques to the Feds, and the Fed tax cheques to the state. The state told him nicely that they couldn't cash the cheque. But somehow the Feds managed to cash the cheque!
When he asked the Bank how they could allow that to happen, he was told the Bank isn't going to argue with the IRS, they can cash whatever cheque they want... Seems the feds got one of those big red rubber stamps, stamped over the cheque and pwn3d!
Don't panic yet. Get good financial/legal advice first. Ask for "off the record" advice too.
People keep complaining about my sig. But they should just learn.
Browsers suck. javascript is unsafe and most sites/webapps don't sign url/form parameters. So learn to think before you click.
And if you are thinking of clicking on some strange stuff, open a pristine VM, and use a clean browser there (you can even "sort of" put the VM on a different network from your computer - get two NICs).
"They don't understand HUMAN consequences. They get that if they stick their finger in a light-socket, they'll get shocked."
And they actually stop sticking their fingers in light sockets?
Simple solution then: stop sticking knives in people, etc, and you stop getting shocked. If you are right and basic conditioning works, then give them basic conditioning.
Maybe you are talking about a different mental problem? Some people/animals can only learn if they are immediately punished for the wrong actions. You can't punish them hours after the unwanted action. There are workarounds for that too.
Or are you now claiming they know the difference between getting pain from inanimate objects and getting pain from humans, and thus learn/respond differently? IF that is so, that would be very different from your claim that they "don't understand human consequences".
I downloaded the report[1] I think you are talking about, from:o 51.pdft o102.pdf
d y.shtml2 5adco.html?ex=1319428800&en=09ac79cfbc5f3df4&ei=50 881 18848
http://www.heinzctr.org/NEW_WEB/PDF/08014_Time_1t
http://www.heinzctr.org/NEW_WEB/PDF/08014_Time_52
But I don't see the part that proves what you claim. It jumps straight to net CO2 without showing how that is calculated. So I attempted to do my own calculations based on the report's data.
From page 66 (second PDF), I get 22938 CO2-eq emitted from paper making (mill emissions- the dominating fraction as per page 80) that's passed to "magazine chain". But I am not sure how many tons of magazine paper were produced that generated those tons of CO2. I assume from page 67 that it's 37245 tons, but page 47 claims 37477 (which doesn't improve the report's credibility). To be conservative I shall take the lower figure (a higher figure will better support my claims).
I assume 44% per mass of carbon in paper (from various sources including cellulose being 44% carbon by mass). Using the figures from page 66 - it's 3.66 tons of "CO2-eq" to 1 ton of carbon. 37245 * 0.44 * 3.66= 59979 CO2-eq.
So you have 22938 tons of CO2 emitted as mill emissions for 59979 CO2-eq (of paper produced). Given the ratios in page 80 (comparing ME etc - ME seems to be about 60% of total emissions - 61% to 77% according to nytimes article[1]), if more than 90% of that paper is landfilled or just left lying around (preferably 100% as per my post and recommendation, but see also page 82 and 83[2]), tell me how there is net CO2 emission?
Keep in mind that my original suggestion[3] was that reusable paper is overrated and normal paper producing should be made more efficient and safer, and then keeping stacks of paper around would be fine for the environment.
Show me how the report you refer to actually proves that my suggestion is not practical or possible. In fact, the numbers in the report seem to show it's already possible.
Maybe I'm just too stupid to understand the report? In my opinion the report doesn't seem very good, perhaps I'm biased but I've seen much better reports and papers that clearly show how their respective conclusions are reached.
[1] Linked from: http://www.heinzctr.org/Press_Releases/carbon_stu
as I gather from: http://www.nytimes.com/2006/10/25/business/media/
[2] From page 82 and 83 less than 8% of the magazines produced would be incinerated. If we assume 6% of the landfilled paper turns to CO2, then that brings the figure up to about 12% becoming CO2.
[3] http://slashdot.org/comments.pl?sid=223764&cid=18
Yes, the reforestation bit is being done already. I'm talking about putting more work into making the creation of paper cheaper, more efficient and safe.
In some countries growing Kenaf might be an alternative to trees for paper.
water+CO2+sunlight+misc = tree/plant grows.
Harvest, convert to paper. Use paper. Keep/landfill paper (aka carbon sequestration).
Replant. Repeat.
Whoever pays for all that paper would be sponsoring the extraction of CO2 from air.
If a sociopath doesn't understand consequences he/she would have died very early from doing the many fatally dangerous things their parents and other people told them not to do. Like running in front of a bus, eating something toxic, etc.
I suggest it's more that sociopaths don't give a damn about consequences like: "you're grounded", "I'm going to smack your bottom", "we are going to put you in jail for 10 years". In fact maybe over the years they gradually learn that they can survive harsher and harsher punishments, and lose all fear of anything "civilized society" is willing to threaten them with.
You said: "They will associate the pain and fear purely with the person that is causing it".
If they can fear, then they can be controlled. After all that's all organized crime needs to work. Same goes for "well run" Dictatorships. You really think sociopath won't understand "If you screw with me, I will find you, and I will kill you." especially when it comes from someone who has proven willing and capable of enforcing such threats?
Of course a civilized society probably should just lock up sociopaths who have proven themselves a danger to others. Perhaps in the future they could be allowed an option to be freed but forced to wear a device which monitors whatever they are doing and is happening to them (also for their own protection - they might be unpopular with others...), and that will kill them if tampered with, or if it loses contact with "Big Brother" for too long despite warnings. The device could be removed after X years of reasonable behaviour (a low threat to others).
You seemed to have completely missed the other part of my post which addresses what people like you do.
:).
I guess it's true it's really hard for you to read on screen!
"Thank god Windows can finally scale to decent hardware I say"
You work for a RAM company? Or HP?