People meekly accept this BS (along with the liquids ban, et al) as "security" when it's really BS.
If you're so annoyed with the whole thing, why not stop flying?
I haven't been on a plane since 9/11. I decided right then that I'd never fly again, and have in fact taken several cross-country drives and Greyhound trips to support that stance. The only reason my kids have been on a plane since 9/11 is because my dad has paid the bill because he wanted to see his grandkids so bad. The only reason my wife has been on a plane since is because she needed to travel to see a dying relative, and taking a boat takes too damned long when cancer is in the equation.
I will *never* travel by plane again. Ever. If I had a job that required the occasional trip/conference/whatever, I'd tell them to book me a car rental or not book me at all. If it meant my job? So be it! I've taken a moral stand at jobs and lost them before. I will not be treated like some kind of animal to be herded and paraded around under the guise of security.
Just like with high gas prices, people just won't make the commitment to change *their* lifestyle unless it's convenient for them. They'll bitch and moan about their $80 SUV fill-ups, but refuse to trade it in for smaller car because they need to tow that boat or camper twice a year on Memorial and Labor Day. Everyone hates acting like we're terrified of shoes, fingernail clippers, and shampoo at the airport, but nobody will suck it up and (as a collective) tell the TSA and the airlines to fuck off.
Yeah, I know.... boycotts never accomplish much. But at least my actions go hand in hand with my convictions.
On the one hand, we have an oligopoly of carriers that the public should be able to safely assume is honest and watched over closely by regulators. Due to their power and reach and (presumed) government oversight, we should be able to trust the telcos to do no harm (recent legislation aside). And on the other hand, we have a rag-tag confederation of volunteered servers with no specific charter, ethic, no terms of service, and no oversight -- nobody with an ounce of common sense should truly trust the TOR network 100% and the exit nodes even less so.
And, no, I don't think these researchers (or anyone else outside of the infrastructure providers) should be prevented from mangling/monitoring their packets in any way they choose. I also believe that any *person* should be able to record anything that comes over their phone lines. If this witch hunt gets out of hand, we can expect to see prosecutions for "wiretapping" in cases where suspicious wives install keyloggers to snare their husbands.
Nice setup. Do you mind sharing what you use? I tried a quick search to find a true application firewall proxy app for DNS (old fashioned FWTK style), and didn't find much.
I, too, think this is a lame precedent. However, ownership of one end of the means of communication is no defense, as in some states where both parties must consent to recording phone calls. I'm not saying it's right, just that this is how it is in other cases.
Having said that, anyone using TOR who actually trusts the exit nodes needs their head examined. There are exit nodes which are known to be hostile, and some operators have even publicly stated they have monitored traffic and captured login/password pairs. One should never, NEVER access anything via TOR that may correlate to their meatspace life. Either use the web read-only, or set up nym accounts on sites that require registration.
That Tivo will now track user purchases, along with viewing habits. Or that Ellen DeGeneres (and any show she's involved with) has reached "high profile" status.
I have kids around the same age, and got them into the Alice environment for a while. It fell out of favor after a bit, but some of the concepts seemed to help later on when my son got a Lego Mindstorm set.
My son is currently digging showing off pics of his lego creations on the lego community kids portal. He keeps bugging me for a "real" digital camera, as he has one of those cheap $15 deals from Wal Mart. I've been toying with getting him a better camera, registering a domain name for him, then teach him the basics of HTML and see what he does with it.
Thought experiments like these are fun, and sometimes even productive. After I first read about the Firewire/DMA attack, I got to thinking about about various hardware seizure scenarious, much like you describe.
I've concluded that the only really decent protection is a series of software heartbeats tied to the physical environment in which the computer operates.
You can monitor voltage of various parts of the PC and UPS, so this might help against in the case where a machine's power source is tampered with.
Ditto temperature. You set up a daemon that maintains a statistical profile of your machine's various temp readings. Then, if a statistically significant deviation is detected, have the machine shut down and/or initiate wiping.
One can monitor the live device tree for signs of unexpected hardware connections, such as USB or Firewire devices, then react accordingly.
I'm sure even custom kits that detect movement of the case itself would be easy to implement. Perhaps a mercury switch to monitor the voltage on, or (to get really stupid with ideas) even a little device in the case with gyros to detect motion in all three planes.
Then there's the network. If your machine looses link with the local network or even an internet ping location, then take measures. Using en encrypted link, such as WPA, would be particularly effective, as the access point would need to be taken along with the machine, else the link couldn't be established unless the shared secret is somehow determined before hand. Requiring a periodic access to some point on the internet would require a way to maintain internet access during the entire transport. Heck, to defeat this, you could watch the latency of various internet locations, then react if all of them show a deviation together.
As with all security, it would be a classic layered approach. The possibilities here are almost endless.
I think that cold boot attack is pretty tough to thwart. However, the capture and relocation of a running machine would be *much* easier to defend against, as there are so many environmental cues to watch over.
After reading the "Key expansion" defense, I got to thinking. Perhaps a fuzzy margin for the key length could be built into these crypto schemes? I know that common algorithms seem to usually be in multiples of, say, 128 bits (AES 128 and 256, for example). I've never tried using a weird bit length for anything (say, AES with 231 bits), and I don't know if these algorithms can even use such an odd key.
However, if they could, maybe during initialization the user could be prompted for a bit length and fuzz factor, say AES 256 +/- some percentage or absolute number.
This wouldn't make the attack impossible, of course, but it would vastly increase the amount of effort required to test the possible permutations of what's left in memory.
I wish they had tested FreeBSD's gbde and geli for this paper. I look forward to seeing how other platforms fare against this attack.
The blog post was at the site of Cosmo Girl, a magazine targeting teens. That's as "popular culture" as it gets, my friend.
Did you read the comments? 13- and 14-year olds talking about wanting or getting Brazilian bikini waxes! These young girls didn't pull this concept out of their asses -- they learned it from pop culture that tells them that they'd better look young, thin, and hairless enough to pass for a prepubescent girl (except the breasts -- large breasts are ok, so long as everything else is in line with a 12-year-old's physique).
As someone with a 13-year-old daughter, I've become acutely aware of the media influences that try to persuade her into thinking that her flawless, youthful beauty can be "improved" in some way or another. The fact that we now have women's magazines scaled down to target tweens and teens is a sad testament of our society. I mean, it's bad enough that the normal magazines try to tell adult women they are imperfect. But when the presses are churning out pulp to instill this life-long insecurity into little girls? That just goes too far.
As someone who supports a small shop, I agree with you in theory. But in practice, many of the packages people use don't support anything other than MySQL, or don't support Postgresql. Take FogBugz for example. Sad, but true. I'm sure I could find suitable replacements for most of our apps that will accommodate Postgresql and then migrate them, but there are only so many billable hours to go around.
For custom programming, sure -- go with the best DB from the get-go. But for canned apps that are cheap to deploy, sometimes the lowest common denominator wins.
That's easy enough -- ditch the TV! Or at least broadcast programming of any kind. Take a PC, a good monitor, and rent from NetFlix or torrent. The only time I see or hear a commercial is when I'm out of the house. I have this dream that a non-trivial portion of the population will, with the death of analog TV early next year, simply not make the transition and quit watching it entirely. The internet and rentals are entertaining enough. Now that I think about it, I haven't even listened to the radio in months, as we don't use the one i the house and the one in the car died.
What's even more sad is there is (was?) a US TV show along the same lines. "My Sweet 16" or something. I haven't watched TV in years, so I don't know the specifics. However, I've heard word of the show online. Youth, beauty, and wealth -- the pillars of the entertainment industry.
Don't some of the MUD/MOO/MUSH/whatever environments operate this way? I never got into MUDs and the like, but I had a roommate in college who was into them -- scripting stuff in his little corner of the virtual world. Back then (early 90s), it was of course on 1 server. But I swear that I heard a while back that they were moving into distributed models. Is this the case? I know there must be a folks here that indulge in the text-based virtual world scene who may know the answer.
Why would it be become illegal? Barter is supposed to be reported. Just like out-of-state use taxes -- as if *that* is ever reported. The logical extreme to your fear would be to outlaw cash transactions altogether, as they can't be readily traced. As much as people love their plastic and checks, I doubt we'll see physical, anonymous currency go away anytime soon. Ditto barter, which would be ridiculously difficult to enforce anyway.
FreeBSD's geli (GEOM ELI) can have 2 different master keys, along with key files, if desired ("man geli" then search for "girlfriend"). The keys are easily backed up, as well (via the geli command or copying the last sector of the device -- which is what the command does anyways.) So even if you didn't have a 2nd key, you'd back up the key when you deployed the device to the end-user, and then, short of intentional device corruption (which, I assume, any HD crypto scheme is susceptible to), then the admin can recover the data.
For grins, I've started using full-HD encryption with geli on my workstation. It's really nice. I boot from a USB stick, which has just enough of the kernel and a fstab to mount the encrypted root device, then after passwords (1 for each of my 2 drives) are entered, everything just works. Speed, of course, is taken down a notch, but using gjournal with -o async,noatime helps a little.
People make too much of formal health care, I think. If HMOs and socialized medicine were that critical, then the human race wouldn't have made it this far. Maybe I have a cynical view of things, but I'd rather enjoy my time on this world rather than worrying about annual check-ups, when (not if, with the odds they are these days) I will get cancer, or whether social security and universal health care will be around when I'm 64. If my country doesn't want to "take care of its own" then fuck 'em! No point in stressing over it -- that's bad for your health, you know.:)
Granted, there's no argument that the current US health system is bloated and dysfunctional, and I've given up on politicians doing anything meaningful to correct the situation. However, some of us like to do as much on own as we can anyway. Whether that means raising our own food, fixing our own cars/computers, or taking care of and fixing our own bodies. In fact, when I was last employed (as opposed to doing 1099 work on my own), I refused the modest family health plan offered to me, as I truly believe health insurance to be wasted money on a corrupt and broken system.
And besides, even if health care were accessible and top-notch, why shouldn't us non-doctors have easy access to our own medical supplies? Sure, I won't be buying an MRI system in my lifetime, but I'm libertarian enough to think that I should be able to buy antibotics, needles, and other meds OTC for home use. If the human race is too stupid to not breed super antibiotic-resistant germs with unfettered access to such medicines, well, I think we deserve a major pruning of the gene pool.
Close... Where There Is No Doctor. Not a bad resource. However, aside from the World Health Organization site, basic emergency first aid sites, and finding the occasional needle in the haystack known as "misc.survivalism" there simply aren't a great many good online resources for DIY healthcare. I mean, we have sites dedicated to safe drug use like Erowid, and wikis covering all manor of things generally considered hazardous, yet I can't find a similar, quality resource for basic 24-hour clinic type of health care. It's truly a shame.
"Dial-a-nurse" services are available in the US, as well. We've used them on occasion. That was a long time ago (~8 years), and I was a bit perturbed by the amount of personal info they wanted, but it helped us out a bit. These days, a few current nursing-related books from the thrift store, a recent Merck Manual (though it's online these days), the internet, and ranch/feed-store meds have kept us out of a doctor's office for many years. Indeed, I wish more OTC medial supplies were available so those of us with half a brain (and without health insurance) can help ourselves when it's feasible. In fact, I wish there were decent DIY medical treatment resources on the web.
Cite me any theories, studies, or research which even hint at the existence of a primal instinct in animals which draws them towards fire and/or smoke and I'll concede to your retort. Everyone here knows that the sexual/procreation urge in most animals is one of the strongest they possess, even surpassing, at times, other more base instincts such as safety or feeding. Humans (particularly men) will risk money, power, social standing, and even possession of their own offspring to engage in sexual encounters. A instinctual draw to smoke or fire, if it existed, would be a groundbreaking example of a counterintuitive animal behavior. To compare the first drag of a cigarette to a woman's first experience with sexual intercourse is disingenuous at best.:-P
Your point? On my FreeBSD desktop, the equivalent of all those things you mention account for 5.2GB -- including the (uncompressed) base kernel/userland source tree, the ports tree, and the source distfiles for all of the applications I have installed. Of course, I need a bit more than that to compile the stuff, but if I didn't do source installs and used binary updates and packages (like in the MS Windows world), I could shave half of that disk usage away . There's just no excuse for an OS, with limited built-in apps, to take up as much space from the get-go as XP (and everything beyond) does.
Well, sure, if you're already hooked, then your points hold true. However, you truly have to be a follow-the-crowd dumb-ass to force your way through the initial phases of smoking in order to become tolerant of the practice and then become an addict. Unlike like other addictions (such as chocolate, whippets, or booze) which are *initially* pleasurable, a first time smoker's response of usually one of distaste.
Ever wonder why so many movies or TV shows portray this scene:
1. Some bad boy/girl wannabe lights up their first smoke
2. They choke and cough, being generally shocked at how awful it is
3. They are then ridiculed by the veteran bad boys/girls who do smoke
This is such a common theme because -- wait for it -- the short-term instincts of animals tells them that smoke (or its source) is hazardous to the animal's health or well-being.
I'm about as anti nanny state as most people get. The poster who offered me the friendly "fuck you" totally missed the point. I don't wish to curb such self destructive behavior -- more power to those who enjoy it, so long as it doesn't negatively affect my own health, taxes, or insurance premiums. I just want smokers to acknowledge their habit is about as rational as shitting in their own water supply or jumping from cliffs.
There's the main flaw in your logic. Anyone who pays (way too much) for the privilege of habitually inhaling toxic smoke and gases (which is contrary to any living creature's survival instinct) cannot be described as "reasonable". Reason doesn't come into the equation for estimating how nicotine addicts will profit the tobacco companies.
Slashdot Mirror
If you're so annoyed with the whole thing, why not stop flying?
I haven't been on a plane since 9/11. I decided right then that I'd never fly again, and have in fact taken several cross-country drives and Greyhound trips to support that stance. The only reason my kids have been on a plane since 9/11 is because my dad has paid the bill because he wanted to see his grandkids so bad. The only reason my wife has been on a plane since is because she needed to travel to see a dying relative, and taking a boat takes too damned long when cancer is in the equation.
I will *never* travel by plane again. Ever. If I had a job that required the occasional trip/conference/whatever, I'd tell them to book me a car rental or not book me at all. If it meant my job? So be it! I've taken a moral stand at jobs and lost them before. I will not be treated like some kind of animal to be herded and paraded around under the guise of security.
Just like with high gas prices, people just won't make the commitment to change *their* lifestyle unless it's convenient for them. They'll bitch and moan about their $80 SUV fill-ups, but refuse to trade it in for smaller car because they need to tow that boat or camper twice a year on Memorial and Labor Day. Everyone hates acting like we're terrified of shoes, fingernail clippers, and shampoo at the airport, but nobody will suck it up and (as a collective) tell the TSA and the airlines to fuck off.
Yeah, I know.... boycotts never accomplish much. But at least my actions go hand in hand with my convictions.
On the one hand, we have an oligopoly of carriers that the public should be able to safely assume is honest and watched over closely by regulators. Due to their power and reach and (presumed) government oversight, we should be able to trust the telcos to do no harm (recent legislation aside). And on the other hand, we have a rag-tag confederation of volunteered servers with no specific charter, ethic, no terms of service, and no oversight -- nobody with an ounce of common sense should truly trust the TOR network 100% and the exit nodes even less so.
And, no, I don't think these researchers (or anyone else outside of the infrastructure providers) should be prevented from mangling/monitoring their packets in any way they choose. I also believe that any *person* should be able to record anything that comes over their phone lines. If this witch hunt gets out of hand, we can expect to see prosecutions for "wiretapping" in cases where suspicious wives install keyloggers to snare their husbands.
Nice setup. Do you mind sharing what you use? I tried a quick search to find a true application firewall proxy app for DNS (old fashioned FWTK style), and didn't find much.
Having said that, anyone using TOR who actually trusts the exit nodes needs their head examined. There are exit nodes which are known to be hostile, and some operators have even publicly stated they have monitored traffic and captured login/password pairs. One should never, NEVER access anything via TOR that may correlate to their meatspace life. Either use the web read-only, or set up nym accounts on sites that require registration.
That Tivo will now track user purchases, along with viewing habits. Or that Ellen DeGeneres (and any show she's involved with) has reached "high profile" status.
I have kids around the same age, and got them into the Alice environment for a while. It fell out of favor after a bit, but some of the concepts seemed to help later on when my son got a Lego Mindstorm set. My son is currently digging showing off pics of his lego creations on the lego community kids portal. He keeps bugging me for a "real" digital camera, as he has one of those cheap $15 deals from Wal Mart. I've been toying with getting him a better camera, registering a domain name for him, then teach him the basics of HTML and see what he does with it.
I've concluded that the only really decent protection is a series of software heartbeats tied to the physical environment in which the computer operates.
You can monitor voltage of various parts of the PC and UPS, so this might help against in the case where a machine's power source is tampered with.
Ditto temperature. You set up a daemon that maintains a statistical profile of your machine's various temp readings. Then, if a statistically significant deviation is detected, have the machine shut down and/or initiate wiping.
One can monitor the live device tree for signs of unexpected hardware connections, such as USB or Firewire devices, then react accordingly.
I'm sure even custom kits that detect movement of the case itself would be easy to implement. Perhaps a mercury switch to monitor the voltage on, or (to get really stupid with ideas) even a little device in the case with gyros to detect motion in all three planes.
Then there's the network. If your machine looses link with the local network or even an internet ping location, then take measures. Using en encrypted link, such as WPA, would be particularly effective, as the access point would need to be taken along with the machine, else the link couldn't be established unless the shared secret is somehow determined before hand. Requiring a periodic access to some point on the internet would require a way to maintain internet access during the entire transport. Heck, to defeat this, you could watch the latency of various internet locations, then react if all of them show a deviation together.
As with all security, it would be a classic layered approach. The possibilities here are almost endless.
I think that cold boot attack is pretty tough to thwart. However, the capture and relocation of a running machine would be *much* easier to defend against, as there are so many environmental cues to watch over.
After reading the "Key expansion" defense, I got to thinking. Perhaps a fuzzy margin for the key length could be built into these crypto schemes? I know that common algorithms seem to usually be in multiples of, say, 128 bits (AES 128 and 256, for example). I've never tried using a weird bit length for anything (say, AES with 231 bits), and I don't know if these algorithms can even use such an odd key.
However, if they could, maybe during initialization the user could be prompted for a bit length and fuzz factor, say AES 256 +/- some percentage or absolute number. This wouldn't make the attack impossible, of course, but it would vastly increase the amount of effort required to test the possible permutations of what's left in memory. I wish they had tested FreeBSD's gbde and geli for this paper. I look forward to seeing how other platforms fare against this attack.
Did you read the comments? 13- and 14-year olds talking about wanting or getting Brazilian bikini waxes! These young girls didn't pull this concept out of their asses -- they learned it from pop culture that tells them that they'd better look young, thin, and hairless enough to pass for a prepubescent girl (except the breasts -- large breasts are ok, so long as everything else is in line with a 12-year-old's physique).
As someone with a 13-year-old daughter, I've become acutely aware of the media influences that try to persuade her into thinking that her flawless, youthful beauty can be "improved" in some way or another. The fact that we now have women's magazines scaled down to target tweens and teens is a sad testament of our society. I mean, it's bad enough that the normal magazines try to tell adult women they are imperfect. But when the presses are churning out pulp to instill this life-long insecurity into little girls? That just goes too far.
For custom programming, sure -- go with the best DB from the get-go. But for canned apps that are cheap to deploy, sometimes the lowest common denominator wins.
That's easy enough -- ditch the TV! Or at least broadcast programming of any kind. Take a PC, a good monitor, and rent from NetFlix or torrent. The only time I see or hear a commercial is when I'm out of the house. I have this dream that a non-trivial portion of the population will, with the death of analog TV early next year, simply not make the transition and quit watching it entirely. The internet and rentals are entertaining enough. Now that I think about it, I haven't even listened to the radio in months, as we don't use the one i the house and the one in the car died.
Now, now gents... No more of this alt.cascade shit -- USENET is dead, remember?
What's even more sad is there is (was?) a US TV show along the same lines. "My Sweet 16" or something. I haven't watched TV in years, so I don't know the specifics. However, I've heard word of the show online. Youth, beauty, and wealth -- the pillars of the entertainment industry.
Don't some of the MUD/MOO/MUSH/whatever environments operate this way? I never got into MUDs and the like, but I had a roommate in college who was into them -- scripting stuff in his little corner of the virtual world. Back then (early 90s), it was of course on 1 server. But I swear that I heard a while back that they were moving into distributed models. Is this the case? I know there must be a folks here that indulge in the text-based virtual world scene who may know the answer.
Why would it be become illegal? Barter is supposed to be reported. Just like out-of-state use taxes -- as if *that* is ever reported. The logical extreme to your fear would be to outlaw cash transactions altogether, as they can't be readily traced. As much as people love their plastic and checks, I doubt we'll see physical, anonymous currency go away anytime soon. Ditto barter, which would be ridiculously difficult to enforce anyway.
For grins, I've started using full-HD encryption with geli on my workstation. It's really nice. I boot from a USB stick, which has just enough of the kernel and a fstab to mount the encrypted root device, then after passwords (1 for each of my 2 drives) are entered, everything just works. Speed, of course, is taken down a notch, but using gjournal with -o async,noatime helps a little.
I encourage folks to check it out.
Granted, there's no argument that the current US health system is bloated and dysfunctional, and I've given up on politicians doing anything meaningful to correct the situation. However, some of us like to do as much on own as we can anyway. Whether that means raising our own food, fixing our own cars/computers, or taking care of and fixing our own bodies. In fact, when I was last employed (as opposed to doing 1099 work on my own), I refused the modest family health plan offered to me, as I truly believe health insurance to be wasted money on a corrupt and broken system.
And besides, even if health care were accessible and top-notch, why shouldn't us non-doctors have easy access to our own medical supplies? Sure, I won't be buying an MRI system in my lifetime, but I'm libertarian enough to think that I should be able to buy antibotics, needles, and other meds OTC for home use. If the human race is too stupid to not breed super antibiotic-resistant germs with unfettered access to such medicines, well, I think we deserve a major pruning of the gene pool.
Close... Where There Is No Doctor. Not a bad resource. However, aside from the World Health Organization site, basic emergency first aid sites, and finding the occasional needle in the haystack known as "misc.survivalism" there simply aren't a great many good online resources for DIY healthcare. I mean, we have sites dedicated to safe drug use like Erowid, and wikis covering all manor of things generally considered hazardous, yet I can't find a similar, quality resource for basic 24-hour clinic type of health care. It's truly a shame.
"Dial-a-nurse" services are available in the US, as well. We've used them on occasion. That was a long time ago (~8 years), and I was a bit perturbed by the amount of personal info they wanted, but it helped us out a bit. These days, a few current nursing-related books from the thrift store, a recent Merck Manual (though it's online these days), the internet, and ranch/feed-store meds have kept us out of a doctor's office for many years. Indeed, I wish more OTC medial supplies were available so those of us with half a brain (and without health insurance) can help ourselves when it's feasible. In fact, I wish there were decent DIY medical treatment resources on the web.
How the hell is this flamebait? This seems to be a pretty succinct summation of current government trends in this world.
Cite me any theories, studies, or research which even hint at the existence of a primal instinct in animals which draws them towards fire and/or smoke and I'll concede to your retort. Everyone here knows that the sexual/procreation urge in most animals is one of the strongest they possess, even surpassing, at times, other more base instincts such as safety or feeding. Humans (particularly men) will risk money, power, social standing, and even possession of their own offspring to engage in sexual encounters. A instinctual draw to smoke or fire, if it existed, would be a groundbreaking example of a counterintuitive animal behavior. To compare the first drag of a cigarette to a woman's first experience with sexual intercourse is disingenuous at best. :-P
Your point? On my FreeBSD desktop, the equivalent of all those things you mention account for 5.2GB -- including the (uncompressed) base kernel/userland source tree, the ports tree, and the source distfiles for all of the applications I have installed. Of course, I need a bit more than that to compile the stuff, but if I didn't do source installs and used binary updates and packages (like in the MS Windows world), I could shave half of that disk usage away . There's just no excuse for an OS, with limited built-in apps, to take up as much space from the get-go as XP (and everything beyond) does.
Ever wonder why so many movies or TV shows portray this scene:
1. Some bad boy/girl wannabe lights up their first smoke
2. They choke and cough, being generally shocked at how awful it is
3. They are then ridiculed by the veteran bad boys/girls who do smoke
This is such a common theme because -- wait for it -- the short-term instincts of animals tells them that smoke (or its source) is hazardous to the animal's health or well-being.
I'm about as anti nanny state as most people get. The poster who offered me the friendly "fuck you" totally missed the point. I don't wish to curb such self destructive behavior -- more power to those who enjoy it, so long as it doesn't negatively affect my own health, taxes, or insurance premiums. I just want smokers to acknowledge their habit is about as rational as shitting in their own water supply or jumping from cliffs.
There's the main flaw in your logic. Anyone who pays (way too much) for the privilege of habitually inhaling toxic smoke and gases (which is contrary to any living creature's survival instinct) cannot be described as "reasonable". Reason doesn't come into the equation for estimating how nicotine addicts will profit the tobacco companies.