I just hope Chris Dodds et al doesn't decide that post constitutes "not paying any attention to me when my job is at stake.", and Wil loses out on anymore acting gigs.
Fear's not the only motivator by any means. It's just a pretty effective one. There are a lot of others.
You've got someone you enjoy being with doing it with you. That helps a lot.
My point is about the general population. Inidividuals find lots of reasons and motivations for doing things.
But, if we're going to broadly apply lifestyle changes, we have to find something that will motivate a broad range of people who have thus far proved resistant to existing efforts.
Yes. We've seen a creeping move toward less physical activity in the population and eating more of a fast food diet. (couldn't resist that one.;)
As to the problem of standards:
There were a lot of people who pointed out the disparities in the body mass index and neck waist ratios in the military. And there, you have a higher proportion of highly athletic people than the general populace.
So, yes, there was the weightlifting farmer in my Guard unit that was over the body mass indices. There was also my platoon sergeant who was definitely overweight, but had an 18 inch neck size, so he still technically passed.
But in general, though BMIs and the like are flawed, they aren't the source of the problem.
They're the source of different problems like you mention.
The obesity problem is real, not just created by the lens of statistics we're looking at it with.
And yes, though fear is effective, I certainly don't argue for it. It tends to result in misapplication and side effects like you mention, or witch burning, or the like.
Make people afraid of obesity to a greater extent and you will soon find they are also afraid of the obese to a greater extent.
Sorry, but your user name is a bitter irony for this comment.
You're assuming that Joe User or Jane Sysadmin three levels below yours has maintained the file on their machine and or done backups locally.
Or, you're assuming that the cloud company has "done it right" and that it exists in multiple clouds so that a single legal action (as are wont to happen in the real corporate world with lawsuits and hostile takeovers etc.) can't get it all.
I've seen too many cases just of the scenario of lost source code for things that are already fielded to believe that one.
In some places. Certainly better than Gary Indiana was in the early 70s. I can vouch personally for that.
"Their water will still be polluted"
In some places. But I'll take my chances with small amounts of runoff related chemicals as opposed to the old style pollutants like sewage, cholera, shigella, etc.
"Their food will still be processed with chemicals"
I'm still waiting to see this food with no chemicals. Every bit that I've seen has chemicals like sodium chloride, dihydrogen monoxide, and an array of chemicals so complex and unknown that we can't even begin to synthesize them in a laboratory.
You would have though that such a marvel would be known to the researchers at a major ag/food science/biochem research university where I work.
Maybe they're all just paid off by the $conspiracy.;)
Indeed. It worked. What worked was one of the most effective ways of changing behavior there is. Fear.
But, as I mentioned in another post, just relying on fear is limited. We've been getting out the word on obesity for decades. But, it's not producing fear in sufficient amounts to broadly change behavior. Our minds adapt to the situation, and we have an amazing ability to rationalize. Those traits served well in an animal environment where calories were limited by the environment. If there was excess food, the population rose to meet it. Or another species increased.
Now we have a situation where society/indvidual controls aren't working as well as they have in the past due to it being a different situation (whether it's HCFS or food immediately available on impulse, etc, etc take your pick of whatever cause you favor. I suspect it's not just one.).
The methods we have been using aren't working so well. Or at least, the social costs of imposing those methods in a way strong enough to work are awfully high.
Lets distill it down even more. Fear is often what motivates.
Not surprising. That's how we evolved. Fear kicks in and we move.
But, as I mentioned in another post, slowly changing things like weight and lifestyle don't raise fear in and of themselves.
Regardless of how much it makes sense, you have to find a way of getting people to actually go along with the lifestyle changes. And that's not always easy to do in a way they won't consciously or subconsciously rebel against.
Having everyone get diagnosed with life threatening very scary illness probably isn't the way to change behavior. It might well work, but it has downsides.
Having people in a controlled military like environment WRT eating and exercise, for example, might well work wonders for their physical health. But it's neither something most would opt for, or really a reasonable option.
I'm certainly implying "just give up". I'm just saying that our usual social control mechanisms which are little changed from say, the Roman Empire, haven't been as effective with this as they are for some other things. I'd love some new ideas.
Because though there is an illusion of freedom in the wild, lions are strictyly hemmed in by mother nature in terms of calories.
They have to compete with other predators whose territories surround theirs and the reality that they can only harvest so much food and not deplete their territory. That's why there hasn't evolved such a strong ability to limit intake. It's mandated by the physical environment in animal societies.
Do you really want a society where caloric intake is strictly regulated by physics (or humorless people assigned to snooping on everything you eat/do)?
Part of the question is CAN it really be effectively changed by lifestyle changes over a whole population?
It's easy to say "eat less fat, and fewer calories and it will be better". We hear that all the time. Exercise more. No alcohol to excess.
But, actually getting people to follow it in a sustainable way hasn't happened in many cases.
When you have a method that well work, but you can't get people to follow, it's not very effective.
In some cases, drug interventions are more likely to be followed. Take a look at cholesterol meds (I live on em.). You can get people to take a pill a day more easily than giving up the cheeseburgers.
Maybe it should be that they change their lifestyles, but that's not the way it happens much of the time.
Another area which personalized med will help greatly is choosing which medication to use. Many times treating chronic illnesses requires switching drugs several times to find the ones that work best with fewest side effects. Having testing to identify how your body will react to a given medication would be very helpful.
No worries. My own reply was a bit more tart, but I got distracted by a customer for a few minutes and then rewrote it.
Yep, there's an awful lot of "OMG! Dire Threat! So you must buy our magic security dust" out there.
DBAs (or sysadmins) catch a lot of problem due to the differing priorities in a company.
The developers and engineers are judged by getting product ready and aren't too likely to get in major trouble over a DB or machine security problem. And they generally aren't DBAs or have that mindset that forgetting to do the equiv of changing the oil and filters can get you into problems. (It's slashdot. We've gotta have a car analogy.)
The DBAs/sysadmins have to live with any oversights of the programmers/engineers in security/stability in their code or systems, so they catch it a lot.
That's why alt.sysadmin.recovery was so popular. There's a reason why I don't do admin work anymore.;)
As you say, fixing the live backup bug will help with the inadvertant cases. And monitoring SCN growth will help with all the cases. A big thing is that now this is known, if it happens it can be recognized for what it is and that'll make recovery a lot less of a problem even in the worst case.
Or any other object that blocks the normal IR radiation from the body.
"Your honor, we had probable cause to search the individual because we thought that vague rectangular outline in his pocket was a gun. Our bad. It was a cell phone with a metal case. But, we did find the joint in his backpack during the search that we only did to ensure our own safety."
Jennifer Lewis' research group here at the University of Illinois did this work.
They've got a link on that page to a youtube video that shows how to make and use this conducting ink, but it goes through Boing Boing and is down at the moment due to the SOPA protest.
If it makes you feel better to call me a moron, great. I find looking at pictures of cute kittens helps my day. YMMV.
I think you've misunderstood the impact of this bug.
The threat is not that controlling one machine can let you delete that one node or shut the instance down. It's that having taken control of that node, which may for very good reason be in a less secure area (physically and network wise) than a main data center, you can then use it to not only lock up the systems in that protected center but make it so they have to be rebuilt. Regardless of the security in between the compromised machine and the protected systems as long as they use DBlink to send info to each other. Even via read only links.
This is effectively an escalation of your access to be able to take down more sensitive systems you do not already have access to.
Security is not one layer that all depends on. It's a series of barriers. This allows you to punch through the inner layers if you gain a foothold in an outer one.
Oh, and I'm not a "security type" any more. I have no great stake monetarily or professionally in this. I'm working in an unrelated field these past few years.
More importantly, I was a DBA who had to run linked databases under Oracle for financial companies, where downtime was extremely expensive. A fault that allows one compromised system to be used to damage a much more highly protected system indeed is a problem.
Compromised systems indeed are going to happen. Maybe it shouldn't be that way, but that's reality. Part of thinking in depth is minimizing the fallout when a system is compromised.
If you've been having this argument regularly you might consider the tiny possibility that there might be some of the misunderstanding on your side.
Is your comment about a DAG just a snide way of saying "you can't get there from here" in terms of reachability (I'd say that's a missapplication of it as a model) or do you have something else in mind?
Or is it just a good excuse to end the discussion?
It took me about 5 minutes to find the "undocumented and hidden" commands that let you directly change the SCN. (I'm not posting it, but you can google it easily if you like.)
For the method I'm thinking of, you need DBA rights. But if you've rooted a machine, that's not much of a barrier. You can change and then change back the sys password with known means and standard tools that are present up to somewhere in the 11 series. (And even that isn't a barrier, as you can add the tools back in even in 11).
I won't give a recipe for how to do it in an open discussion, but you can get the info easily on the net. 10 minutes of google-fu is not a significant security barrier.
You can calculate the value needed from the current time and multiplication.
Further, like many exploits, only one person needs to be good enough to develop the exploit. Then it can be packaged in a script that any random can use.
This one truly is pretty trivial to exploit. And with a bit of imagination (certainly nothing we haven't seen in the system crackers) you can still do it even if Oracle patches the most obvious routes.
Yes, there's a lot of hype in security. I've railed against it myself. But, the attitude "this is too hard" leads to a lot of compromised systems. I've had to clean up too many compromised systems due to that complacency.
If what you say was true, such things as stack smashing and SQL injection that compromise systems all the time would never have become a problem. They all had to have someone work out the particulars so that they were good enough to displace previous attack methods.
Go subscribe to Bugtraq or VulnDev for a while. It'll be an eye opener for you.
(Or for that matter, plate tectonics which has only been nearly universally accepted for a surprisingly short time. Mid 1960s.)
It's got a lot of evidence behind it, though.
Where the problem comes up is what should be done to combat it.
It's not "just a few lifestyle changes" as a previous post put it, that some propose. It's a massive reworking of energy infrastructure and how worldwide economies work.
Or it's geo-engineering on an unprecedented scale with no certainty of what all the effects are.
Further, there's no guarantee that those measures will do enough to slow it substantially, let alone stop it.
One of the common themes we hear is that it's a nonlinear process with feedback systems we don't understand well. (North Atlantic ocean circulation? Freeing of methane from tundra or from clathrates? What are the trigger points where it goes into self sustaining increase? Even the effect of cloud cover and how it's modified during warming is only understood somewhat.)
Those points alone should point that it's not nearly so well settled as evolution or plate tectonics.
One of the questions is do we do this massive change and then watch as either the changes aren't as large as expected, or that doing them made no difference.
Look at the responses in this thread. Bitter vitrol thrown by both sides of it (and even some of those in the middle).
If that's not a religious debate by all involved, I hardly know what one is.
Gah. Had a mind fade. (It's been a few years). Somehow got "bob" tangled up with scott/tiger in my mind.
It looks like it may require the DBA role. Not sure it takes that. But still, it means you only have to get it on a low level server and it can propagate the error to any other that's linking to it. Even if the links are read only.
From the article on page 3: (Though they don't give the actual commands, they should be pretty straightforward to figure out.)
"But the risk of incrementing the SCN via the backup bug is not the only cause for concern. Perhaps the most important part of our finding is that the SCN can be incremented by anyone who can issue commands on an interconnected database."
Note the phrasing: "anyone who can issue commands on an interconnected database".
Not an admin, not a role with backup rights, or anything specific. Just ability to issue commands. It may be inaccurate, but I suspect this one needs no special privileges above a normal user.
In fact, the ATT incident for 1999 mentioned in an earlier post was using the default "bob" account to exercise the bug.
Slashdot Mirror
"looked like a disk, a black flap, and a scorpion"
Is that like one of those drafting exercises where an object looks like a black flap from the front, a scorpion from the side, and a disk from above?
Over at DailyKos, Wil Wheaton (CleverNickName) links to the techdirt article on this and puts in his own comments:
http://www.dailykos.com/story/2012/01/21/1057058/-Chris-Dodd-threatens-politicans-who-arent-corrupt-enough-to-stay-bought?via=search
I just hope Chris Dodds et al doesn't decide that post constitutes "not paying any attention to me when my job is at stake.", and Wil loses out on anymore acting gigs.
Fear's not the only motivator by any means. It's just a pretty effective one. There are a lot of others.
You've got someone you enjoy being with doing it with you. That helps a lot.
My point is about the general population. Inidividuals find lots of reasons and motivations for doing things.
But, if we're going to broadly apply lifestyle changes, we have to find something that will motivate a broad range of people who have thus far proved resistant to existing efforts.
"we have also seen HUGE changes in behavior"
Yes. We've seen a creeping move toward less physical activity in the population and eating more of a fast food diet. (couldn't resist that one. ;)
As to the problem of standards:
There were a lot of people who pointed out the disparities in the body mass index and neck waist ratios in the military. And there, you have a higher proportion of highly athletic people than the general populace.
So, yes, there was the weightlifting farmer in my Guard unit that was over the body mass indices. There was also my platoon sergeant who was definitely overweight, but had an 18 inch neck size, so he still technically passed.
But in general, though BMIs and the like are flawed, they aren't the source of the problem.
They're the source of different problems like you mention.
The obesity problem is real, not just created by the lens of statistics we're looking at it with.
And yes, though fear is effective, I certainly don't argue for it. It tends to result in misapplication and side effects like you mention, or witch burning, or the like.
Make people afraid of obesity to a greater extent and you will soon find they are also afraid of the obese to a greater extent.
Sorry, but your user name is a bitter irony for this comment.
You're assuming that Joe User or Jane Sysadmin three levels below yours has maintained the file on their machine and or done backups locally.
Or, you're assuming that the cloud company has "done it right" and that it exists in multiple clouds so that a single legal action (as are wont to happen in the real corporate world with lawsuits and hostile takeovers etc.) can't get it all.
I've seen too many cases just of the scenario of lost source code for things that are already fielded to believe that one.
If it's possible to happen, it eventually will.
"Their air will still be toxic"
In some places. Certainly better than Gary Indiana was in the early 70s. I can vouch personally for that.
"Their water will still be polluted"
In some places. But I'll take my chances with small amounts of runoff related chemicals as opposed to the old style pollutants like sewage, cholera, shigella, etc.
"Their food will still be processed with chemicals"
I'm still waiting to see this food with no chemicals. Every bit that I've seen has chemicals like sodium chloride, dihydrogen monoxide, and an array of chemicals so complex and unknown that we can't even begin to synthesize them in a laboratory.
You would have though that such a marvel would be known to the researchers at a major ag/food science/biochem research university where I work.
Maybe they're all just paid off by the $conspiracy. ;)
Indeed. It worked. What worked was one of the most effective ways of changing behavior there is. Fear.
But, as I mentioned in another post, just relying on fear is limited. We've been getting out the word on obesity for decades. But, it's not producing fear in sufficient amounts to broadly change behavior. Our minds adapt to the situation, and we have an amazing ability to rationalize. Those traits served well in an animal environment where calories were limited by the environment. If there was excess food, the population rose to meet it. Or another species increased.
Now we have a situation where society/indvidual controls aren't working as well as they have in the past due to it being a different situation (whether it's HCFS or food immediately available on impulse, etc, etc take your pick of whatever cause you favor. I suspect it's not just one.).
The methods we have been using aren't working so well. Or at least, the social costs of imposing those methods in a way strong enough to work are awfully high.
Should be "certainly not implying".
Gah, mornings.
Lets distill it down even more. Fear is often what motivates.
Not surprising. That's how we evolved. Fear kicks in and we move.
But, as I mentioned in another post, slowly changing things like weight and lifestyle don't raise fear in and of themselves.
Regardless of how much it makes sense, you have to find a way of getting people to actually go along with the lifestyle changes. And that's not always easy to do in a way they won't consciously or subconsciously rebel against.
Having everyone get diagnosed with life threatening very scary illness probably isn't the way to change behavior. It might well work, but it has downsides.
Having people in a controlled military like environment WRT eating and exercise, for example, might well work wonders for their physical health. But it's neither something most would opt for, or really a reasonable option.
I'm certainly implying "just give up". I'm just saying that our usual social control mechanisms which are little changed from say, the Roman Empire, haven't been as effective with this as they are for some other things. I'd love some new ideas.
Bingo. I already commented or you'd get modded up.
Because though there is an illusion of freedom in the wild, lions are strictyly hemmed in by mother nature in terms of calories.
They have to compete with other predators whose territories surround theirs and the reality that they can only harvest so much food and not deplete their territory. That's why there hasn't evolved such a strong ability to limit intake. It's mandated by the physical environment in animal societies.
Do you really want a society where caloric intake is strictly regulated by physics (or humorless people assigned to snooping on everything you eat/do)?
"If a frog had shock absorbers, it wouldn't bump its butt when it hopped."
Easy to say. It's proved more difficult to actually get people to lose weight.
Part of the question is CAN it really be effectively changed by lifestyle changes over a whole population?
It's easy to say "eat less fat, and fewer calories and it will be better". We hear that all the time. Exercise more. No alcohol to excess.
But, actually getting people to follow it in a sustainable way hasn't happened in many cases.
When you have a method that well work, but you can't get people to follow, it's not very effective.
In some cases, drug interventions are more likely to be followed. Take a look at cholesterol meds (I live on em.). You can get people to take a pill a day more easily than giving up the cheeseburgers.
Maybe it should be that they change their lifestyles, but that's not the way it happens much of the time.
Another area which personalized med will help greatly is choosing which medication to use. Many times treating chronic illnesses requires switching drugs several times to find the ones that work best with fewest side effects. Having testing to identify how your body will react to a given medication would be very helpful.
No worries. My own reply was a bit more tart, but I got distracted by a customer for a few minutes and then rewrote it.
Yep, there's an awful lot of "OMG! Dire Threat! So you must buy our magic security dust" out there.
DBAs (or sysadmins) catch a lot of problem due to the differing priorities in a company.
The developers and engineers are judged by getting product ready and aren't too likely to get in major trouble over a DB or machine security problem. And they generally aren't DBAs or have that mindset that forgetting to do the equiv of changing the oil and filters can get you into problems. (It's slashdot. We've gotta have a car analogy.)
The DBAs/sysadmins have to live with any oversights of the programmers/engineers in security/stability in their code or systems, so they catch it a lot.
That's why alt.sysadmin.recovery was so popular. There's a reason why I don't do admin work anymore. ;)
As you say, fixing the live backup bug will help with the inadvertant cases. And monitoring SCN growth will help with all the cases. A big thing is that now this is known, if it happens it can be recognized for what it is and that'll make recovery a lot less of a problem even in the worst case.
"There is also the desire to keep space free of military weaponry."
How about non-military weaponry?
Having my own private orbiting death ray would be great for salary negotiations.
And give a blurry image of it.
Or any other object that blocks the normal IR radiation from the body.
"Your honor, we had probable cause to search the individual because we thought that vague rectangular outline in his pocket was a gun. Our bad. It was a cell phone with a metal case. But, we did find the joint in his backpack during the search that we only did to ensure our own safety."
http://colloids.matse.illinois.edu/
Jennifer Lewis' research group here at the University of Illinois did this work.
They've got a link on that page to a youtube video that shows how to make and use this conducting ink, but it goes through Boing Boing and is down at the moment due to the SOPA protest.
Here's a direct link: http://www.youtube.com/watch?v=dfNByi-rrO4
Seriously cool work.
If it makes you feel better to call me a moron, great. I find looking at pictures of cute kittens helps my day. YMMV.
I think you've misunderstood the impact of this bug.
The threat is not that controlling one machine can let you delete that one node or shut the instance down. It's that having taken control of that node, which may for very good reason be in a less secure area (physically and network wise) than a main data center, you can then use it to not only lock up the systems in that protected center but make it so they have to be rebuilt. Regardless of the security in between the compromised machine and the protected systems as long as they use DBlink to send info to each other. Even via read only links.
This is effectively an escalation of your access to be able to take down more sensitive systems you do not already have access to.
Security is not one layer that all depends on. It's a series of barriers. This allows you to punch through the inner layers if you gain a foothold in an outer one.
Oh, and I'm not a "security type" any more. I have no great stake monetarily or professionally in this. I'm working in an unrelated field these past few years.
More importantly, I was a DBA who had to run linked databases under Oracle for financial companies, where downtime was extremely expensive. A fault that allows one compromised system to be used to damage a much more highly protected system indeed is a problem.
Compromised systems indeed are going to happen. Maybe it shouldn't be that way, but that's reality. Part of thinking in depth is minimizing the fallout when a system is compromised.
If you've been having this argument regularly you might consider the tiny possibility that there might be some of the misunderstanding on your side.
Is your comment about a DAG just a snide way of saying "you can't get there from here" in terms of reachability (I'd say that's a missapplication of it as a model) or do you have something else in mind?
Or is it just a good excuse to end the discussion?
Are you even reading the same article that I am?
It took me about 5 minutes to find the "undocumented and hidden" commands that let you directly change the SCN. (I'm not posting it, but you can google it easily if you like.)
For the method I'm thinking of, you need DBA rights. But if you've rooted a machine, that's not much of a barrier. You can change and then change back the sys password with known means and standard tools that are present up to somewhere in the 11 series. (And even that isn't a barrier, as you can add the tools back in even in 11).
I won't give a recipe for how to do it in an open discussion, but you can get the info easily on the net. 10 minutes of google-fu is not a significant security barrier.
You can calculate the value needed from the current time and multiplication.
Further, like many exploits, only one person needs to be good enough to develop the exploit. Then it can be packaged in a script that any random can use.
This one truly is pretty trivial to exploit. And with a bit of imagination (certainly nothing we haven't seen in the system crackers) you can still do it even if Oracle patches the most obvious routes.
Yes, there's a lot of hype in security. I've railed against it myself. But, the attitude "this is too hard" leads to a lot of compromised systems. I've had to clean up too many compromised systems due to that complacency.
If what you say was true, such things as stack smashing and SQL injection that compromise systems all the time would never have become a problem. They all had to have someone work out the particulars so that they were good enough to displace previous attack methods.
Go subscribe to Bugtraq or VulnDev for a while. It'll be an eye opener for you.
"Longer term Oracle will be raising the upper limit from 281 trillion to an even larger number."
I completely fail to see how that addresses the vulnerability.
So, they make it bigger, and bump up the rate at which the SCNs can increment.
Solution. Alter a couple of multipliers in your formula for figuring out what value is now the one to propagate.
Unless there's something I don't appreciate, this does nothing to prevent a malicious use of this.
"Cull the human population, like 75% of it...What, you don't think that's a realistic option?"
I think a surprising number of people wouldn't have a problem with that.
The problem is, they want to choose which 75%. And it's a different 75% for each of them.
If they're really dedicated, I'll thank them for volunteering to go first. The rest of us will be right behind you. We promise! :)
(In scifi fandom, this is called the six shallow graves problem.)
No, AGCC is not as well established as evolution.
(Or for that matter, plate tectonics which has only been nearly universally accepted for a surprisingly short time. Mid 1960s.)
It's got a lot of evidence behind it, though.
Where the problem comes up is what should be done to combat it.
It's not "just a few lifestyle changes" as a previous post put it, that some propose. It's a massive reworking of energy infrastructure and how worldwide economies work.
Or it's geo-engineering on an unprecedented scale with no certainty of what all the effects are.
Further, there's no guarantee that those measures will do enough to slow it substantially, let alone stop it.
One of the common themes we hear is that it's a nonlinear process with feedback systems we don't understand well. (North Atlantic ocean circulation? Freeing of methane from tundra or from clathrates? What are the trigger points where it goes into self sustaining increase? Even the effect of cloud cover and how it's modified during warming is only understood somewhat.)
Those points alone should point that it's not nearly so well settled as evolution or plate tectonics.
One of the questions is do we do this massive change and then watch as either the changes aren't as large as expected, or that doing them made no difference.
Look at the responses in this thread. Bitter vitrol thrown by both sides of it (and even some of those in the middle).
If that's not a religious debate by all involved, I hardly know what one is.
We might as well be arguing emacs vs vi.
Gah. Had a mind fade. (It's been a few years). Somehow got "bob" tangled up with scott/tiger in my mind.
It looks like it may require the DBA role. Not sure it takes that. But still, it means you only have to get it on a low level server and it can propagate the error to any other that's linking to it. Even if the links are read only.
From the article on page 3: (Though they don't give the actual commands, they should be pretty straightforward to figure out.)
"But the risk of incrementing the SCN via the backup bug is not the only cause for concern. Perhaps the most important part of our finding is that the SCN can be incremented by anyone who can issue commands on an interconnected database."
Note the phrasing: "anyone who can issue commands on an interconnected database".
Not an admin, not a role with backup rights, or anything specific. Just ability to issue commands. It may be inaccurate, but I suspect this one needs no special privileges above a normal user.
In fact, the ATT incident for 1999 mentioned in an earlier post was using the default "bob" account to exercise the bug.
"I'd rather see cyber war between Palestine and Israel than real war."
But what about the combination. Think of the possibilities.
Blow up the wrong target. Then make them think someone else did it. When the others end up bombing each other post a troll face.
Then you can post "You mad, bro?"