No, that's not what the vulnerability means. To be clear, the exploit is not that "old" cookies can be used to log in as someone else. It's that "in-use" cookies on the client machine can be replicated and used on another machine as long as the session hasn't been timed out on the server. Once I've logged out on the client, nobody can then access that machine and get a client cookie off it to continue the session. They have to have copied the cookie while my session was active on the client. (Please see the article - you can't simply copy old cookies off a machine I once logged into, or even logged out of 3 seconds ago, and access my session - you have to have the active cookie from my live session BEFORE I end the session client-side.).
Thus, there's no fear of using a public PC and then later, someone else using it and accessing my account. The only way this could happen is if the machine is already compromised in some other way which allows the attacker access to my cookie while I'm using it. If the machine is already compromised in such a manner, they can just key-log me instead.
What you're thinking of is an entirely separate issue - very badly coded sites which use permanent cookies as session authentication. THAT is a bad security issue, but not what's being discussed in this article or comments.
While sites do use encryption mechanisms in their cookies sometimes, that doesn't prevent MITM attacks (or of course, a compromised machine) from continuing the access anyhow. In fact, of all the attack vectors, XSS is the only one which could be prevented by the cookies timing out server-side instantly.
What I mean by that is, the other attack vectors all provide alternate methods of intrusion other than stealing a cookie from your PC.. malware can just keylog, DNS poisoning can present you with an entirely fake site to capture your login details, and, for example, in an MITM attack you're never actually getting the correct cookie - the MITM has it, and subsequently your log-out request doesn't have to be passed on by the attacker and generally wouldn't be.
My point is, this particular flaw in cookies isn't specifically a Microsoft issue. Microsoft, like most other sites out there (say, Amazon, Ebay, etc:)) choose when to time out their cookies rather than allowing the client to specifically insist on it happening.
While it can be done (Slashdot does, for example, kill your cookie server-side whenever you choose to log out - not when you close the browser though, as it doesn't know and just relies on a regular time-out) it's generally not a security issue unless there's already another underlying security issue in order to exploit it.
Yeah, I understand that issue - I was probably a little over the top in my first post. I followed up in a couple of other replies (eg, http://slashdot.org/comments.pl?sid=3981407&cid=44303997) that I get what they're saying the issue is, but that this is fairly standard "intended" behavior. Hence why it occurs on most major sites - servers decide when to expire their logins, rather than clients. I just thought it was odd that the author jumped all over it being a "Microsoft" issue, when it's just as much a "Google" or "Sourceforge" issue, etc.
Actually, the whole "Microsoft knew about it in 2012!" thing is kinda amusing, since it's actually more like "most of us knew about it in 2003.."
Right, but a trojan could just keylog me as well. Or read the passwords stored by my browser.
Look, I do understand the issue, I just don't see it as an issue. This has pretty much been the "expected" and likely intended behavior server-side for years. As another example, take almost any commercial forum software. Login in and open up two threads in two tabs. Log out in one of the tabs - the other is still logged in, using the same cookie, and can keep browsing and posting on your logged in account. Even though you've explicitely clicked "log out" in one tab, the server doesn't immediately throw away the cookie. It doesn't *know* you have another tab open, but doesn't presume you don't and kill everything.
Maybe it should - but this is not normal behavior. The server-side cookies will expire on their own, and it seems kinda paranoid to attack Microsoft for an "issue" (I invert the comments as I believe it's intended behavior) which is web-wide, and can only generally be exploited by either someone who already has access to the account, or an already compromised machine.
PS. I do understand that the original issue is that the cookie isn't expiring server-side "as fast as they would like", but it will do. The complaint isn't that someone can come along and pick up a logged out browser session and use old cookies to "log in". No - the cookie has to be copied from the logged in session - in other words, already have access to the machine in a logged in state. If malware has already rooted your machine to this point, then trust me.. they've just keylogged your login, and don't care about your cookies.
It's clear "logging out" for a vast majority of sites expires the client-side cookie immediately. The server-side cookie will time out on its own. If there are sites where these persist "forever", that's a hugely different issue to "it didn't expire on their side as soon as I told it to, so I can still access it with the cookie I copied while I was still logged in to the session".. And again, has as much to do with Microsoft as it does with.. say.. Hasbro, considering the same behaviour doubtless occurs on their site. BARBIE WANTS TO STEAL YOUR COOKIES!
Is this entire article some kind of joke? If you have physical access to a machine and are able to "steal" the cookies from their logged in browser session, then on another machine replicate that browser session and utilize that same logged in cookie so that the site can't tell the difference between the machine you HAVE PHYSICAL LOGGED-IN ACCESS TO and the replicated session, so you're able to continue using the site? Isn't this behaviour "as intended"?
This would only be a "flaw" if another site could remotely copy my cookies and continue my session 'as me'. (Well, actually, I have Java installed, so they probably can *cough*). Otherwise, it's exactly how a logged in cookie is meant to work. The only tacit connection to "Microsoft" seems to be that "Microsoft, like some other companies.. have websites on the internet."
Actually, the fact that Microsoft requires re-authentication to make any account changes is actually a good thing. The article makes some excuse about "what's the use of that if they're already able to read the emails with the logged in cookie", to which I counter - YES, OR.. YOU KNOW.. READING THE EMAILS ON THE LOGGED IN SESSION YOU ALREADY HAVE ON THE ORIGINAL MACHINE IN FRONT OF YOU.
Linux developers are as closely associated to my wage as dairy farmers are, however I feel no compulsion to up-root and move to the countryside. I possibly could have been less brash in my reply, however I was agreeing with a portion of your post. I have considered working on open source projects before, but have found the majority of projects I'm interested in are dictacted by a small close-knit group of friends who really have no interest in the opinions or contributions of others (sure, if you can solve an issue THEY'RE having, you're welcome, but if you've got a usage issue which requires their collaboration then you can go hang). I'm sure you can imagine the much more colorful language used.
The two solutions to so many issues that are angrily presented are "if you're having that issue, then write a patch and recompile" or "if you want that functionality, then fork it and write it yourself". I can't count the number of times there's some obvious glaring bug with a package, but it works OK on the author's computer, and if you're not using his exact hardware configuration then you're "a fucking idiot and it's your fault". Sure, sometimes I *can* actually fix it - but what exactly is my motivation to do so? To help that jackass? To submit a patch so other people think that jackass is actually competent?
The community seems to be dominated by "little-Hitlers" who basically ruin the experience. A couple of projects I have actually contributed to have over the past 8-9 years magically had my attribution disappear although my code is still present. If the folks "in charge" don't clean up their act, there's good reason why so many of us will keep avoiding contributing anything meaningful.
Right, which is the exact ideometer effect that's being discussed here. There are other (subconcious) cues at work which lead him to believe where the water will be - or just pure coincidence. Aside from the obvious fact there's no actual mechanism at work, it can be easily disproven. Take a dowser out until they find a spot "with water", then blindfold them and drive them around to re-test various random spots including this one. The vast majority of the time, they'll get it wrong - suddenly not able to detect water at the spot they previously said it was at, or detect water in places they previously said it wasn't. Also fun is taking them to an area known to be entirely over a natural aquifier and watch them wander around until they "find" water in some exclusive spot.
Map-based dowsing is even easier to disprove - again, aside from the obvious lack of any mechanism (ie, it doesn't really need proof, but just to satisfy the idiots out there we have to go through it). Give a map-dowser a map without orientation or contour lines and suddenly their "abilities" go away. Give them a fully-detailed map but blind-fold them, and similarly, they're no longer able to "detect" where the water is.
In all cases, it's either fraudulent, subconcious, or simply luck. Likewise, stories about "other people" are steeped in grandeur. A guy who gets it right "a couple of times" is suddenly a legendary dowser, and every re-telling by both others and himself get better and better each time.
It certainly does demonstrate the changing audience of/. when "George Zimmerman Acquitted In Death of Trayvon Martin" has 1256 comments, and "Sculpting Nanoflows With Supercomputers" has 7..
As much as we decry the aforementioned not qualifying as "News for nerds", this disparity speaks volume to the actual readership interests.
No specific word from the article on charges per se, however I don't think "seeks to kill WHOIS" is alarmist. The plan is to basically remove the WHOIS system, and instead have all the data managed by a "third party", to whom you have to apply to if you want any information on a particular domains ownership, rather than they automated system we have now.
FTA: Access to the 'live' domain records maintained by gTLD registries would also be possible via the ARDS "upon request and subject to controls to deter overuse or abuse of this option". "Requestors" – people who want to query the data maintained by ARDS – would have to apply for the right to access domain information.
Who's the "we" you're referring to when you say "we hate blah blah"? Mine was pretty clearly spelled out, with comments such as "those who prefer to see their pixels". You're a hypocrite to accuse someone else of "speaking for others" (even though I actually explained whom I was speaking about), and then go on to do the same yourself.
Also, you're confusing film with television, but don't let that stop your crazed rant. I too, only watch full HD, 100hz digital TV. That's not what I see where I go to the cinema, however, mainly because it's not being shown.
While I'm sure there have been (and will be) dozens of such hypocritical comments made, the allowance must also be made that some of the folks who made such comments are simply those who prefer to see their pixels and won't be impressed or buying into this resolution. I've tried 4k displays before myself, and the whole thing just feels unnerving to me. Maybe it's because I do so much work in graphics, or maybe it's just "what feels comfortable" the same way we prefer technically inferior 25fps movies to 100fps digital film; I just can't see a way forward where I'll feel comfortable with the 4k revolution (admittedly, this screen is only 3/4ths of the way there, but it won't be much longer before we see 4k laptops).
While the editors are pretty bad around here, more people seem to pick up on the facts more quickly than folks here. Much of the discussion still seems to be about "Israel" and "Jews", when these two guys were neither Israeli or Jewish. They're simply far right-wing nuts who figured that Jews would happily "give them money" on the promise that they'd use it to "kill their enemies" - in other words they were counting on their own negative image of Jews to be fulfilled to in turn feed their own greed. They're no more pro-Israel than a shop selling Halal meat in order to cater to their customers needs is "pro-Iran".
It is encouraging though to see a few of these publishers dumping some of their older titles over to GOG DRM-free, though. EA's released pretty much everything Origin ever did (Origin the studio, that is) on GOG. Would like to see them throw some more old IP they're not currently exploiting on there. And then some publishers throwing up even more recent games there - Torchlight, Neverwinter Nights 2, GRID, etc. I'd be nice if this expanded.
Because you managed to skip it while parroting your "you have no evidence" diatribe, let me repeat:
To help you out, my statement is made up of two constituent assertions:
1. We can demonstrate that while a person is conscious, there is electrical activity in the brain.
2. We can demonstrate that while there is no electrical activity in the brain, there is no evidence of consciousness.
I can demonstrate both of these easily, but I'll need a willing participant, an EKG, and a gun. This is actually the most simple to prove of any statement I made in my original post - it doesn't even involve strange quarks!:) You're quite right that I have no medical texts at my place of work, nor the inclination to go on a Google search to prove both of the above statements - it would be a waste of my time. I don't believe either of these assertions are news to you. If you disagree with them, say so. If you agree with them, say so. Of course, you won't do either - you are literally arguing for the sake of arguing alone. Hence, as mentioned previously, you're boring.
I need to present evidence that there's no evidence of consciousness in the absence of electrical brain activity? What? Which constituent part of "plenty of scientific evidence that all conscious response is the result of electrical activity in the brain" are you suggesting is incorrect?
To help you out, my statement is made up of two constituent assertions:
1. We can demonstrate that while a person is conscious, there is electrical activity in the brain.
2. We can demonstrate that while there is no electrical activity in the brain, there is no evidence of consciousness.
Unless you're confusing the actual definition of consciousness with philosophical discussions of what COULD constitute consciousnss if we *were* discussing entirely metaphysical abstractions, your challenge seems to simply be "you can't prove that science is correct" in the same way I can't prove the non-existence of an invisible flying spaghetti monster. We don't take into account what we can't observe, only what we can - which is why the current scientific position is that consciousness is only the result of electrical activity in the brain. This will remain fact until it can be disproven.
As for the last bit, yeah, I know you hadn't made such a definitive assertion. I was actually hoping you would in response, but clearly you don't have the balls to. Reading over your history of philosophical discussion, it seems your constant position is nothing but smoke and mirrors. Either you don't know what you believe, or you're too afraid to state it for fear of persecution or simply being provably wrong about something. Your debate tactic is to simply present an ever-moving target which simply questions the certainty of your opponents position, without ever establishing one of your own. Arguing with you is boring. Good night.
The only difficulty I'll have demonstrating cessation of conciousness is the illegality of killing people for funzies. However, there have been several billion case studies where people have died, all brain activity has stopped, and there is no scientific evidence that the dead brain is then aware of its surroundings and/or own (non-existant) thoughts; the definition of consciousness. There is, however, plenty of scientific evidence that all conscious response is the result of electrical activity in the brain, and thus with these two known results we establish that dead = no consciousness. My assertions ARE the result of the scientific process.
Are you actually going to assert anything aside from "No, because I said so, it's up to you to prove my negative wrong"? Actually, you have asserted something - you believe in life after death. Sorry, thought I was talking to someone intelligent.
OK, that one deserves a +funny. The rest are just silliness.. ironically, since you're adding nothing to the conversation except insult, you're Redditor comparison seems somewhat hypocritical.
And clearly, you're confused as to how science works. Nothing I've said is a "metaphysical assumption".:) Science only works with facts. Everything I've stated is a proven, testable fact. The mechanisms at play are established in current theory. (And please, don't confuse theory with theory). This will remain so until someone can demonstrate a theory which explains or proves something science can't, along with explaining all known current phenonema associated with the theory. This establishes the positions I've presented as far from "baseless speculation" as one can possibly can get - unless you simply don't believe science works, in which case it's a wonder you trust these magical science-born computer thingamawhatsists.
One can't be agnostic about the scientific process. If you refer to results of the scientific process as "baseless speculation" then you have advanced a position - that being that you don't trust the scientific process. If you do, then you can't turn around whenever it's convenient for the sake of argument and simply disagree with the results.
How is that baseless speculation? I think you're just arguing for the sake of it because you liked GPs post. If you want to learn about consciousness, you can read any number of medical or scientific texts, or start with a simple Google. Hell, you can start with Wikipedia - http://en.wikipedia.org/wiki/Consciousness http://en.wikipedia.org/wiki/Brain_death
What you're calling "baseless speculation" is "established medical and scientific fact".
If you have any contrary opinion, then you need to provide evidence to support YOUR position. There's enough of a wealth of evidence for it not to be "baseless" by any stretch of the imagination. If you choose to *believe* that your consciousness continues to exist after death, you must do so with the knowledge that the science demonstrates that this is impossible, making it a supernatural belief.
I haven't made any baseless speculation. Can you name one? Failing to do so demonstrates "Why is your baseless speculation better than the parents?" as no better than a straw man fallacy.
Slashdot Mirror
No, that's not what the vulnerability means. To be clear, the exploit is not that "old" cookies can be used to log in as someone else. It's that "in-use" cookies on the client machine can be replicated and used on another machine as long as the session hasn't been timed out on the server. Once I've logged out on the client, nobody can then access that machine and get a client cookie off it to continue the session. They have to have copied the cookie while my session was active on the client. (Please see the article - you can't simply copy old cookies off a machine I once logged into, or even logged out of 3 seconds ago, and access my session - you have to have the active cookie from my live session BEFORE I end the session client-side.).
Thus, there's no fear of using a public PC and then later, someone else using it and accessing my account. The only way this could happen is if the machine is already compromised in some other way which allows the attacker access to my cookie while I'm using it. If the machine is already compromised in such a manner, they can just key-log me instead.
What you're thinking of is an entirely separate issue - very badly coded sites which use permanent cookies as session authentication. THAT is a bad security issue, but not what's being discussed in this article or comments.
While sites do use encryption mechanisms in their cookies sometimes, that doesn't prevent MITM attacks (or of course, a compromised machine) from continuing the access anyhow. In fact, of all the attack vectors, XSS is the only one which could be prevented by the cookies timing out server-side instantly.
:)) choose when to time out their cookies rather than allowing the client to specifically insist on it happening.
What I mean by that is, the other attack vectors all provide alternate methods of intrusion other than stealing a cookie from your PC.. malware can just keylog, DNS poisoning can present you with an entirely fake site to capture your login details, and, for example, in an MITM attack you're never actually getting the correct cookie - the MITM has it, and subsequently your log-out request doesn't have to be passed on by the attacker and generally wouldn't be.
My point is, this particular flaw in cookies isn't specifically a Microsoft issue. Microsoft, like most other sites out there (say, Amazon, Ebay, etc
While it can be done (Slashdot does, for example, kill your cookie server-side whenever you choose to log out - not when you close the browser though, as it doesn't know and just relies on a regular time-out) it's generally not a security issue unless there's already another underlying security issue in order to exploit it.
Yeah, I understand that issue - I was probably a little over the top in my first post. I followed up in a couple of other replies (eg, http://slashdot.org/comments.pl?sid=3981407&cid=44303997) that I get what they're saying the issue is, but that this is fairly standard "intended" behavior. Hence why it occurs on most major sites - servers decide when to expire their logins, rather than clients. I just thought it was odd that the author jumped all over it being a "Microsoft" issue, when it's just as much a "Google" or "Sourceforge" issue, etc.
Actually, the whole "Microsoft knew about it in 2012!" thing is kinda amusing, since it's actually more like "most of us knew about it in 2003.."
Right, but a trojan could just keylog me as well. Or read the passwords stored by my browser.
Look, I do understand the issue, I just don't see it as an issue. This has pretty much been the "expected" and likely intended behavior server-side for years. As another example, take almost any commercial forum software. Login in and open up two threads in two tabs. Log out in one of the tabs - the other is still logged in, using the same cookie, and can keep browsing and posting on your logged in account. Even though you've explicitely clicked "log out" in one tab, the server doesn't immediately throw away the cookie. It doesn't *know* you have another tab open, but doesn't presume you don't and kill everything.
Maybe it should - but this is not normal behavior. The server-side cookies will expire on their own, and it seems kinda paranoid to attack Microsoft for an "issue" (I invert the comments as I believe it's intended behavior) which is web-wide, and can only generally be exploited by either someone who already has access to the account, or an already compromised machine.
PS. I do understand that the original issue is that the cookie isn't expiring server-side "as fast as they would like", but it will do. The complaint isn't that someone can come along and pick up a logged out browser session and use old cookies to "log in". No - the cookie has to be copied from the logged in session - in other words, already have access to the machine in a logged in state. If malware has already rooted your machine to this point, then trust me.. they've just keylogged your login, and don't care about your cookies.
It's clear "logging out" for a vast majority of sites expires the client-side cookie immediately. The server-side cookie will time out on its own. If there are sites where these persist "forever", that's a hugely different issue to "it didn't expire on their side as soon as I told it to, so I can still access it with the cookie I copied while I was still logged in to the session".. And again, has as much to do with Microsoft as it does with.. say.. Hasbro, considering the same behaviour doubtless occurs on their site. BARBIE WANTS TO STEAL YOUR COOKIES!
Is this entire article some kind of joke? If you have physical access to a machine and are able to "steal" the cookies from their logged in browser session, then on another machine replicate that browser session and utilize that same logged in cookie so that the site can't tell the difference between the machine you HAVE PHYSICAL LOGGED-IN ACCESS TO and the replicated session, so you're able to continue using the site? Isn't this behaviour "as intended"?
This would only be a "flaw" if another site could remotely copy my cookies and continue my session 'as me'. (Well, actually, I have Java installed, so they probably can *cough*). Otherwise, it's exactly how a logged in cookie is meant to work. The only tacit connection to "Microsoft" seems to be that "Microsoft, like some other companies.. have websites on the internet."
Actually, the fact that Microsoft requires re-authentication to make any account changes is actually a good thing. The article makes some excuse about "what's the use of that if they're already able to read the emails with the logged in cookie", to which I counter - YES, OR.. YOU KNOW.. READING THE EMAILS ON THE LOGGED IN SESSION YOU ALREADY HAVE ON THE ORIGINAL MACHINE IN FRONT OF YOU.
I also found it interesting that the editors quoted Sarah verbatim, except for "..."ing out her "Not *fucking* cool" in the middle there.
Linux developers are as closely associated to my wage as dairy farmers are, however I feel no compulsion to up-root and move to the countryside. I possibly could have been less brash in my reply, however I was agreeing with a portion of your post. I have considered working on open source projects before, but have found the majority of projects I'm interested in are dictacted by a small close-knit group of friends who really have no interest in the opinions or contributions of others (sure, if you can solve an issue THEY'RE having, you're welcome, but if you've got a usage issue which requires their collaboration then you can go hang). I'm sure you can imagine the much more colorful language used.
The two solutions to so many issues that are angrily presented are "if you're having that issue, then write a patch and recompile" or "if you want that functionality, then fork it and write it yourself". I can't count the number of times there's some obvious glaring bug with a package, but it works OK on the author's computer, and if you're not using his exact hardware configuration then you're "a fucking idiot and it's your fault". Sure, sometimes I *can* actually fix it - but what exactly is my motivation to do so? To help that jackass? To submit a patch so other people think that jackass is actually competent?
The community seems to be dominated by "little-Hitlers" who basically ruin the experience. A couple of projects I have actually contributed to have over the past 8-9 years magically had my attribution disappear although my code is still present. If the folks "in charge" don't clean up their act, there's good reason why so many of us will keep avoiding contributing anything meaningful.
All true. It's the reason I, as a developer, refuse to get involved. Why on earth would I want to work with such people?
Right, which is the exact ideometer effect that's being discussed here. There are other (subconcious) cues at work which lead him to believe where the water will be - or just pure coincidence. Aside from the obvious fact there's no actual mechanism at work, it can be easily disproven. Take a dowser out until they find a spot "with water", then blindfold them and drive them around to re-test various random spots including this one. The vast majority of the time, they'll get it wrong - suddenly not able to detect water at the spot they previously said it was at, or detect water in places they previously said it wasn't. Also fun is taking them to an area known to be entirely over a natural aquifier and watch them wander around until they "find" water in some exclusive spot.
Map-based dowsing is even easier to disprove - again, aside from the obvious lack of any mechanism (ie, it doesn't really need proof, but just to satisfy the idiots out there we have to go through it). Give a map-dowser a map without orientation or contour lines and suddenly their "abilities" go away. Give them a fully-detailed map but blind-fold them, and similarly, they're no longer able to "detect" where the water is.
In all cases, it's either fraudulent, subconcious, or simply luck. Likewise, stories about "other people" are steeped in grandeur. A guy who gets it right "a couple of times" is suddenly a legendary dowser, and every re-telling by both others and himself get better and better each time.
It certainly does demonstrate the changing audience of /. when "George Zimmerman Acquitted In Death of Trayvon Martin" has 1256 comments, and "Sculpting Nanoflows With Supercomputers" has 7..
As much as we decry the aforementioned not qualifying as "News for nerds", this disparity speaks volume to the actual readership interests.
No specific word from the article on charges per se, however I don't think "seeks to kill WHOIS" is alarmist. The plan is to basically remove the WHOIS system, and instead have all the data managed by a "third party", to whom you have to apply to if you want any information on a particular domains ownership, rather than they automated system we have now.
FTA:
Access to the 'live' domain records maintained by gTLD registries would also be possible via the ARDS "upon request and subject to controls to deter overuse or abuse of this option". "Requestors" – people who want to query the data maintained by ARDS – would have to apply for the right to access domain information.
Who's the "we" you're referring to when you say "we hate blah blah"? Mine was pretty clearly spelled out, with comments such as "those who prefer to see their pixels". You're a hypocrite to accuse someone else of "speaking for others" (even though I actually explained whom I was speaking about), and then go on to do the same yourself.
Also, you're confusing film with television, but don't let that stop your crazed rant. I too, only watch full HD, 100hz digital TV. That's not what I see where I go to the cinema, however, mainly because it's not being shown.
While I'm sure there have been (and will be) dozens of such hypocritical comments made, the allowance must also be made that some of the folks who made such comments are simply those who prefer to see their pixels and won't be impressed or buying into this resolution. I've tried 4k displays before myself, and the whole thing just feels unnerving to me. Maybe it's because I do so much work in graphics, or maybe it's just "what feels comfortable" the same way we prefer technically inferior 25fps movies to 100fps digital film; I just can't see a way forward where I'll feel comfortable with the 4k revolution (admittedly, this screen is only 3/4ths of the way there, but it won't be much longer before we see 4k laptops).
While the editors are pretty bad around here, more people seem to pick up on the facts more quickly than folks here. Much of the discussion still seems to be about "Israel" and "Jews", when these two guys were neither Israeli or Jewish. They're simply far right-wing nuts who figured that Jews would happily "give them money" on the promise that they'd use it to "kill their enemies" - in other words they were counting on their own negative image of Jews to be fulfilled to in turn feed their own greed. They're no more pro-Israel than a shop selling Halal meat in order to cater to their customers needs is "pro-Iran".
+1 Insightful ... Already commented on thread.
It is encouraging though to see a few of these publishers dumping some of their older titles over to GOG DRM-free, though. EA's released pretty much everything Origin ever did (Origin the studio, that is) on GOG. Would like to see them throw some more old IP they're not currently exploiting on there. And then some publishers throwing up even more recent games there - Torchlight, Neverwinter Nights 2, GRID, etc. I'd be nice if this expanded.
Because you managed to skip it while parroting your "you have no evidence" diatribe, let me repeat:
:) You're quite right that I have no medical texts at my place of work, nor the inclination to go on a Google search to prove both of the above statements - it would be a waste of my time. I don't believe either of these assertions are news to you. If you disagree with them, say so. If you agree with them, say so. Of course, you won't do either - you are literally arguing for the sake of arguing alone. Hence, as mentioned previously, you're boring.
To help you out, my statement is made up of two constituent assertions: 1. We can demonstrate that while a person is conscious, there is electrical activity in the brain. 2. We can demonstrate that while there is no electrical activity in the brain, there is no evidence of consciousness.
I can demonstrate both of these easily, but I'll need a willing participant, an EKG, and a gun. This is actually the most simple to prove of any statement I made in my original post - it doesn't even involve strange quarks!
I need to present evidence that there's no evidence of consciousness in the absence of electrical brain activity? What? Which constituent part of "plenty of scientific evidence that all conscious response is the result of electrical activity in the brain" are you suggesting is incorrect?
To help you out, my statement is made up of two constituent assertions:
1. We can demonstrate that while a person is conscious, there is electrical activity in the brain.
2. We can demonstrate that while there is no electrical activity in the brain, there is no evidence of consciousness.
Unless you're confusing the actual definition of consciousness with philosophical discussions of what COULD constitute consciousnss if we *were* discussing entirely metaphysical abstractions, your challenge seems to simply be "you can't prove that science is correct" in the same way I can't prove the non-existence of an invisible flying spaghetti monster. We don't take into account what we can't observe, only what we can - which is why the current scientific position is that consciousness is only the result of electrical activity in the brain. This will remain fact until it can be disproven.
As for the last bit, yeah, I know you hadn't made such a definitive assertion. I was actually hoping you would in response, but clearly you don't have the balls to. Reading over your history of philosophical discussion, it seems your constant position is nothing but smoke and mirrors. Either you don't know what you believe, or you're too afraid to state it for fear of persecution or simply being provably wrong about something. Your debate tactic is to simply present an ever-moving target which simply questions the certainty of your opponents position, without ever establishing one of your own. Arguing with you is boring. Good night.
The only difficulty I'll have demonstrating cessation of conciousness is the illegality of killing people for funzies. However, there have been several billion case studies where people have died, all brain activity has stopped, and there is no scientific evidence that the dead brain is then aware of its surroundings and/or own (non-existant) thoughts; the definition of consciousness. There is, however, plenty of scientific evidence that all conscious response is the result of electrical activity in the brain, and thus with these two known results we establish that dead = no consciousness. My assertions ARE the result of the scientific process.
Are you actually going to assert anything aside from "No, because I said so, it's up to you to prove my negative wrong"? Actually, you have asserted something - you believe in life after death. Sorry, thought I was talking to someone intelligent.
OK, that one deserves a +funny. The rest are just silliness.. ironically, since you're adding nothing to the conversation except insult, you're Redditor comparison seems somewhat hypocritical.
And clearly, you're confused as to how science works. Nothing I've said is a "metaphysical assumption". :) Science only works with facts. Everything I've stated is a proven, testable fact. The mechanisms at play are established in current theory. (And please, don't confuse theory with theory). This will remain so until someone can demonstrate a theory which explains or proves something science can't, along with explaining all known current phenonema associated with the theory. This establishes the positions I've presented as far from "baseless speculation" as one can possibly can get - unless you simply don't believe science works, in which case it's a wonder you trust these magical science-born computer thingamawhatsists.
One can't be agnostic about the scientific process. If you refer to results of the scientific process as "baseless speculation" then you have advanced a position - that being that you don't trust the scientific process. If you do, then you can't turn around whenever it's convenient for the sake of argument and simply disagree with the results.
How is that baseless speculation? I think you're just arguing for the sake of it because you liked GPs post. If you want to learn about consciousness, you can read any number of medical or scientific texts, or start with a simple Google. Hell, you can start with Wikipedia -
http://en.wikipedia.org/wiki/Consciousness
http://en.wikipedia.org/wiki/Brain_death
What you're calling "baseless speculation" is "established medical and scientific fact".
If you have any contrary opinion, then you need to provide evidence to support YOUR position. There's enough of a wealth of evidence for it not to be "baseless" by any stretch of the imagination. If you choose to *believe* that your consciousness continues to exist after death, you must do so with the knowledge that the science demonstrates that this is impossible, making it a supernatural belief.
I haven't made any baseless speculation. Can you name one? Failing to do so demonstrates "Why is your baseless speculation better than the parents?" as no better than a straw man fallacy.
Prove a negative? The onus is not on me to prove that your dreams don't continue to exist after you die. It's up to you to prove they do.