Luckily, if the child might be showing any signs of rebellion, intelligence, or desire to flourish on their own terms, there are a slew of "disease du jour" and designer drugs to keep them in that glassy-eyed / dopey-smiled state of puppiness. Autism/aspergers/marjoram/whatever is always available in case junior shows a but too much resistance.
I'm reminded of an exchange I observed on FreeRepublic; it was on plain ol' porn in general, but the point, I think, applies here as well.
In reply to "BTW, just what is so great about pornography that compels you to spend so much time oozing to its defense??":
Oh, no, you don't. Pornography need not be great to deserve protection. Freedoms don't require justification. It's the revocation of freedoms that requires justification, and that justification had better be ironclad. The rantings of a madman are no basis for a totalitarian clampdown on free speech. Check that...I suppose the rantings of a madman are the only possible basis for a totalitarian clampdown on free speech, so perhaps it was inevitable that the anti-porn lobby would go in that direction. But that doesn't make it right.
"I can't think of a good reason not to" is never a good reason to ban something. Speech gets the benefit of the doubt; that's the whole idea. You have to show a damned good positive reason for banning; being unable to think of a reason not to ban is no excuse. "Even slightly reinforc[ing]" a bad idea doesn't even come close.
As in, if we do as Brin says, and accept a completely "open" society without privacy as we understand it, then those who seek to take away privacy in the name of security will begin to balance their demands on our rights because they never really wanted that much access in the first place, they were just ramping up rhetoric as a bargaining tool.
No, no. If we accept a completely "open" society without privacy, then those who seek to take away privacy in the name of security will be most unhappy to find that policy applying to them as well. The centerpiece of his argument is that surveillance will happen; the only choice we really have is whether we want to have it be performed by elites on the rest of us, or by everyone on everyone.
The blacklist is active by default, at least on Ubuntu. Add a blacklisted key to an authorized_keys file and try to log in using it. auth.log on the server will have a line like the following:
May 15 08:47:40 ns1 sshd[2989]: Public key 27:26:b8:52:d2:8e:7a:18:3f:8e:81:87:6b:7e:87:e9 blacklisted (see ssh-vulnkey(1))
and the client will read Permission denied (publickey).
Keys do need to be regenerated, but a patched system is not vulnerable to SSH key guessing, no matter what the authorized_hosts file contains. Bad keys will simply stop working. Any SSH remote-login vulnerability is fixed as soon as you dist-upgrade your packages, installing openssh-blacklist.
(Okay, certain keys which have options on them weren't detected by the first version of the ssh-vulnkey tool, but now they are.)
Your system, when an SSH server (the package on Debian or Ubuntu is called "openssh-server") is installed, it generates host keys (that is, secret keys that identify your computer uniquely). This update will regenerate the keys for you, though you can do it manually (as root: "rm/etc/ssh/ssh_host*; dpkg-reconfigure openssh-server") if you need to for some reason. Note that regenerating your keys will not fix anything unless you install the update first, because the generated keys will still be weak.
If you or anyone else logs into your machine via SSH, they'll get a warning about the host keys having changed. If you log into anyone else's machine via SSH, you'll need to make yourself new keys (by running ssh-keygen) and send everyone your new public key.
If you run an SSL website with an affected key, you'll have to get the certificate revoked by the issuing CA, and get a new key signed to make a new cert.
There's a list of applications which may be using weak keys at the Debian wiki. If you're not running any kind of server, it's likely that you're only going to need to replace your SSH keys, as described previously.
Those who administer servers are in for a significantly bumpier ride.
The CA has to add your cert to their CRL and make that list widely available until the cert expires. They also may have to run an OCSP responder to let users know that it's been revoked. (The fact that pretty much nobody actually uses these mechanisms doesn't change anything.)
Additionally, it's almost certain that this isn't the CA's fault; people generally generate their own RSA keys, then send a CSR to the CA to get them signed. It's not the CA's fault if the original key was bad, and there's nothing they could have done about it at the time in any case.
A patched machine will reject logins using blacklisted keys. Of course, this means that when you ssh into one of them and update the packages, you'd better have your new, fixed keys installed, or else you'll be locked out of your server.
I suppose you'd better hope you don't have security updates automatically installing themselves.
The SSL key my workplace uses to secure our websites is vulnerable. Now, of course we're getting it revoked and replaced with a non-vulnerable one, but that doesn't stop the problem. How many web clients actually check CRLs? Given that CRLs are a terribly stupid idea and nobody uses them anyway, how many web clients actually check the embedded OCSP URLs in certs that support them? (It's under Preferences/Advanced/Encryption/Verification in Firefox 2, and it's disabled by default.)
An as-yet-undetermined set of SSL websites are vulnerable (until their certs expire) to being hijacked and masqueraded-as--with that shiny yellow bar at the top, no less. And if there are any root CA keys out there that are vulnerable to being guessed? This problem is going to be with us for years.
OpenSSL used a variety of sources of randomness all mushed together, including/dev/random and whatever else the developers could think of. One of these methods of randomness was looking into uninitialized memory space. Because a debugging tool (valgrind) about that, the Debian guy commented it out (with an okay from the upstream mailing list). However, he made a rather ham-handed mistake and removed all sources of entropy (with the exception of the current process ID, which counts only enough to hide this bug rather than make it crushingly obvious) rather than just the one.
So, now it's time to buy stock in Verisign, in Thawte, in whoever's going to be scoring a huge windfall off of this.
The problem isn't with people generating their own certificates, but rather with people generating their own keys. Certain kinds of hosting generate your key for you, but you shouldn't really be using them. (And you'd have to know if they were using a compromised version of OpenSSL.)
It's easy enough to test for this; you should have a private key for your SSL cert. Run "openssl-vulnkey commercial.key" (or whatever your key's filename is) on a patched machine in order to test it. The one that my organization is using, for instance, comes up compromised.
(Coming up not-compromised wouldn't have meant that the key was definitely in the clear, but coming up compromised means that you definitely need to replace it. Enjoy paying for your incredibly expensive bits yet again.)
SNI (Server Name Indication) support is available, though not out-of-the-box that I'm aware of. See this test site. Sadly, enabling TLSEXT in openssl (required for SNI) seems to require bumping the soname of the library, which nobody wants to do. Hence, the specs remain unimplemented for the next Ubuntu release, later this month. (It's an LTS release, which makes this especially infuriating.)
And you can't use it on any public-facing websites that you care about people going to. It's unsupported in IE6 and even on IE7 unless you're using Vista. (Though Firefox 2 and later work fine.) Because of the enormous clusterfuck that is Vista, most people seem content to stick with XP. So unless you're restricting your site to a select cadre of friends who use browsers that don't suck, SNI is dead in the water for at least a few more years.
I remember when Longhorn was the next Cairo. Now, of course, Vista isn't Longhorn, just like the Segway wasn't really Ginger. (Remember how that worked out? Yeah.) Nobody sane in that company thinks that Windows 7 is due next year. They don't even have a damned marketing name for it yet. This will be at least the third major OS release they've pulled this crap with--Cairo, Longhorn and now "Windows 7"--and nobody's looking at the history. It's enough to make one switch to a different OS.
That's about where I stopped taking the article seriously as well. I tried to remember all those times I elected to drop kernel modules and compile everything into the monolithic core, because it makes for such a tremendous performance gain. Wait, no, it fucking well doesn't. Or perhaps that time I cat'ed all of my libs together into one big.so in order to make them load faster, because caching several different files in memory is slower than caching one file of the same total size? No, he's full of shit there, too.
The icing on this cake of hackery is that the author goes on to say that keeping full virtualization environments around is going to be less expensive in terms of memory and disk space than keeping a store of old libraries which are loaded as needed. I expect that his next tour de force will be explaining to us how ice is hot, bananas are purple, and dogs are actually shellfish.
I think the Nazis were scary, as was the Spanish Inquisition, even though I don't personally live in fear of either of them. How was my meaning not obvious?
I have. I've been arguing against dogmatic creationists since third grade. Sometimes successfully, I might add.
And I do thank you for it. I suppose I should have been clearer; if there's been a movement or group which has done more to run amok outside its magisterium than any other, it's religious types, especially creationists. I'm not saying that they all do it, or that secular people don't, but it's for the most part a religious phenomenon.
And I think that people who say that religion and science are incompatible are unforgivably ignorant of the long history of religious scientists.
Boy, it's a good idea that I didn't say that. I said there's a conflict. The ways of knowing that characterize religion really suck for doing science. Religious scientists--and there are indeed a lot of them--have to compartmentalize themselves so that they're hard-headed rationalists six days a week before believing five impossible things on Sunday. (If they're reasonably competent scientists, that is.) Just because the conflict goes on inside one person instead of between two people doesn't mean it doesn't exist.
Evolution is a bad word, it has two meanings, and these meanings are used at cross purposes by its detractors (and even supporters).
It's a large theory, covering many events and mechanisms. Complaining about its breadth is like complaining that basic mechanics covers statics and dynamics.
Evolution, as in the basic "survival of the fit" bit, is a fact, and is observable in the short term.
That would be random mutation and natural selection.
Evolution as a grand theory of diversity, is a theory (a word that ALSO has many meanings, which are misused).
And that'd be common descent. Evolutionary biology also encompasses speciation, evolutionary-developmental biology, systematics and a whole heap of other fields. It's counterintuitive at times, like a lot of things in science, but that doesn't mean it can't be taught. (Lurking around the antievolution.org boards for a few weeks would answer most of the basic questions.) It's not trivial, but it's not impossible either--and if you're going to throw stones for an inaccurate version of the theory making the rounds in the public sphere, don't throw them at the biologists. I assure you, when Hollywood Evolution makes an appearance, the loudest forehead-slaps in the audience are coming from the biologists.
The only difficulty I have faced by not accepting evolution as fact has been ridicule at dinner parties among my friends who studied liberal arts rather than engineering in college.
Or perhaps, y'know, biology?
Evolution is an approximation...a guess.
The best available synthesis of endless mountains of evidence is pretty much the exact opposite of a guess. Calling them the same thing serves only to obfuscate.
However, unlike most hard science, there is no prospectively testable hypotheses which can be feasibly tested experimentally.
You will never find a mutant teleost fish with limb buds. You will never find a mutant tree with bones. You will never find a mutant multicellular animal that uses MADS box genes for a body plan. You will never find a mutant multiceullular plant that uses Hox genes for a body plan.
On the other hand, any gene conserved enough to appear all over a lineage will bear mutations which, when fed to a phylogenetics algorithm, replicate the same tree you get from any other gene to within a very, very high degree of similarity. Go find a set of genes and sequence them; it's a perfectly feasible experiment. (It's been done with plenty of extant genes.)
Have you actually looked into this yourself, or are you just making stuff up?
There is a reason that most of its current "researchers" are in social science departments at second tier institutions begging for NSF funds.
Please point to research published, for instance, in PLoS Biology by someone attached to a social science department. Heck, since you've asserted that most researchers in evolutionary biology work in social science departments, find five articles. It shouldn't be hard. (I'm leaning more towards the idea that you're just making stuff up.)
Have you ever read about the Fundamentalist Latter Day Saints? De facto enslavement of women, right in the United States (and a bit of Canada). The cult's been mostly disbanded after its leader, Warren Jeffs, was arrested, but it's not just the wacky foreigners that do it.
You're describing Stephen Jay Gould's non-overlapping magisteria. Although it sounds really darn cool (ten syllables, dude!), it's a bit of a pipe dream. If you want to complain about people not keeping their magisteria distinct, please start with the creationists. People who claim that there's no conflict between science and religion are either unforgivably ignorant of the long history religion has of making testable claims about the material world, or are trying to make excuses for what quite frankly looks like a pretty useless way of knowing things.
By gum, you're absolutely right that the authoritarian nightmares of the twentieth century were mostly non-religious. (Not uniformly, though; the Taliban may have been small, but boy, were they scary.) The key difference isn't between religious and non-religious systems, I think, but between different ways of knowing. There's an interesting letter from Richard Dawkins to his daughter, which lays out a foundation for this idea, in that reasoning from evidence is depicted as a good way to know something, while authority, tradition and revelation were bad ways. Authoritarian murderers relied on the strength of their authority--when the people in North Korea were so indoctrinated that they'd rather eat their family members than rebel against the government, that's authority. When Stalin made his wacky decrees because they came to him in a brain cloud, that's revelation. Those aren't good reasons to rely on anything.
Stalin, Mao and their link are no more morally equivalent to your average liberal-democratic secular humanist than a member of the medieval Inquisition is morally equivalent to your average nominally religious member of a Western democracy. The former members of each pair have more in common with each other than either does with the latter set, and it's completely missing the mark to point at secularism as the cause. While religion is the most obvious embodiment of ways of knowing that lead to authoritarianism, it's hardly the only road that leads there.
(And you'll notice that plenty of the commentariat over at his place does as well, though I suspect the difference isn't a deep one.)
While I can see how evolutionary theory provides insight into abiogenesis (Spiegelman's Monster, anyone?), the fact remains that what we know about life on earth would work exactly the same whether a small initial population of prokaryotes arose by an as-yet-unknown abiogenic process, was placed here by aliens, or was zapped into place by His Noodle Appendage. Of course, what we know about tetrapod evolution would be utterly unchanged if we had some kind of omphalos thing happening prior to thir divergence from the rest of the fish.
I suppose I see his point, but I maintain that the proper response is "nothing we know about the emergence of the diversity of life on earth is affected in the least by how life emerged; while it's a fascinating topic, the two questions--the origin of life and the origin of species--are not the same one." No matter whether evolutionary theory can provide insights into abiogenesis, the two are fundamentally different things, and while it may make no sense to wall them off from each other, it is a misconception to assume that the theory of evolution rests or depends on a working theory of abiogenesis--and that's the real assertion being made.
After all, libertarianism is its own brand of fundie--there's a set of ideas defined as being right; if the ideas turn out not to work, the blame lies with the believers, not with the beliefs. The ideology cannot fail, it can only be failed. It provides a simple way of looking at the world, which provides easy answers to every question. And it's quite popular among engineers, especially in this country. It sounds like the same impulse which leads people to become bomb-throwing religious nutbars in other places leads them to become silly libertarians here.
I don't know if anything was published in a peer-reviewed journal; the CWT website doesn't appear to link to anything, and I don't know if that's par for the course for an engineering firm, or if they're not publishing to keep things secret, or if they're selling snake oil.
It was thought that in response to a series of events involving food poisoning, it would be made illegal to feed turkey guts to turkeys. This was not done, and the feedstock turned out to not be free. The process (according to the website) works on medical waste, PCBs, old tires and sewage, which are all things that people definitely pay to have hauled off, but the company still has exactly one working plant, nine years after their first experiment facility opened. (I haven't been able to find any good information as to why that might be--whether the process doesn't work well on other feedstocks, or they can't raise the capital, or what.) I suppose we should all bear that in mind while we're reading about how we're going to have an ethanol plant in every county, right next to the thermally depolymerized chicken in every pot.
Slashdot Mirror
I'm reminded of an exchange I observed on FreeRepublic; it was on plain ol' porn in general, but the point, I think, applies here as well.
In reply to "BTW, just what is so great about pornography that compels you to spend so much time oozing to its defense??": "I can't think of a good reason not to" is never a good reason to ban something. Speech gets the benefit of the doubt; that's the whole idea. You have to show a damned good positive reason for banning; being unable to think of a reason not to ban is no excuse. "Even slightly reinforc[ing]" a bad idea doesn't even come close.
No, no. If we accept a completely "open" society without privacy, then those who seek to take away privacy in the name of security will be most unhappy to find that policy applying to them as well. The centerpiece of his argument is that surveillance will happen; the only choice we really have is whether we want to have it be performed by elites on the rest of us, or by everyone on everyone.
The blacklist is active by default, at least on Ubuntu. Add a blacklisted key to an authorized_keys file and try to log in using it. auth.log on the server will have a line like the following:
May 15 08:47:40 ns1 sshd[2989]: Public key 27:26:b8:52:d2:8e:7a:18:3f:8e:81:87:6b:7e:87:e9 blacklisted (see ssh-vulnkey(1))
and the client will read Permission denied (publickey).
Keys do need to be regenerated, but a patched system is not vulnerable to SSH key guessing, no matter what the authorized_hosts file contains. Bad keys will simply stop working. Any SSH remote-login vulnerability is fixed as soon as you dist-upgrade your packages, installing openssh-blacklist.
(Okay, certain keys which have options on them weren't detected by the first version of the ssh-vulnkey tool, but now they are.)
Your system, when an SSH server (the package on Debian or Ubuntu is called "openssh-server") is installed, it generates host keys (that is, secret keys that identify your computer uniquely). This update will regenerate the keys for you, though you can do it manually (as root: "rm /etc/ssh/ssh_host*; dpkg-reconfigure openssh-server") if you need to for some reason. Note that regenerating your keys will not fix anything unless you install the update first, because the generated keys will still be weak.
If you or anyone else logs into your machine via SSH, they'll get a warning about the host keys having changed. If you log into anyone else's machine via SSH, you'll need to make yourself new keys (by running ssh-keygen) and send everyone your new public key.
If you run an SSL website with an affected key, you'll have to get the certificate revoked by the issuing CA, and get a new key signed to make a new cert.
There's a list of applications which may be using weak keys at the Debian wiki. If you're not running any kind of server, it's likely that you're only going to need to replace your SSH keys, as described previously.
Those who administer servers are in for a significantly bumpier ride.
The CA has to add your cert to their CRL and make that list widely available until the cert expires. They also may have to run an OCSP responder to let users know that it's been revoked. (The fact that pretty much nobody actually uses these mechanisms doesn't change anything.)
Additionally, it's almost certain that this isn't the CA's fault; people generally generate their own RSA keys, then send a CSR to the CA to get them signed. It's not the CA's fault if the original key was bad, and there's nothing they could have done about it at the time in any case.
A patched machine will reject logins using blacklisted keys. Of course, this means that when you ssh into one of them and update the packages, you'd better have your new, fixed keys installed, or else you'll be locked out of your server.
I suppose you'd better hope you don't have security updates automatically installing themselves.
The SSL key my workplace uses to secure our websites is vulnerable. Now, of course we're getting it revoked and replaced with a non-vulnerable one, but that doesn't stop the problem. How many web clients actually check CRLs? Given that CRLs are a terribly stupid idea and nobody uses them anyway, how many web clients actually check the embedded OCSP URLs in certs that support them? (It's under Preferences/Advanced/Encryption/Verification in Firefox 2, and it's disabled by default.)
An as-yet-undetermined set of SSL websites are vulnerable (until their certs expire) to being hijacked and masqueraded-as--with that shiny yellow bar at the top, no less. And if there are any root CA keys out there that are vulnerable to being guessed? This problem is going to be with us for years.
OpenSSL used a variety of sources of randomness all mushed together, including /dev/random and whatever else the developers could think of. One of these methods of randomness was looking into uninitialized memory space. Because a debugging tool (valgrind) about that, the Debian guy commented it out (with an okay from the upstream mailing list). However, he made a rather ham-handed mistake and removed all sources of entropy (with the exception of the current process ID, which counts only enough to hide this bug rather than make it crushingly obvious) rather than just the one.
So, now it's time to buy stock in Verisign, in Thawte, in whoever's going to be scoring a huge windfall off of this.
The problem isn't with people generating their own certificates, but rather with people generating their own keys. Certain kinds of hosting generate your key for you, but you shouldn't really be using them. (And you'd have to know if they were using a compromised version of OpenSSL.)
It's easy enough to test for this; you should have a private key for your SSL cert. Run "openssl-vulnkey commercial.key" (or whatever your key's filename is) on a patched machine in order to test it. The one that my organization is using, for instance, comes up compromised.
(Coming up not-compromised wouldn't have meant that the key was definitely in the clear, but coming up compromised means that you definitely need to replace it. Enjoy paying for your incredibly expensive bits yet again.)
SNI (Server Name Indication) support is available, though not out-of-the-box that I'm aware of. See this test site. Sadly, enabling TLSEXT in openssl (required for SNI) seems to require bumping the soname of the library, which nobody wants to do. Hence, the specs remain unimplemented for the next Ubuntu release, later this month. (It's an LTS release, which makes this especially infuriating.)
And you can't use it on any public-facing websites that you care about people going to. It's unsupported in IE6 and even on IE7 unless you're using Vista. (Though Firefox 2 and later work fine.) Because of the enormous clusterfuck that is Vista, most people seem content to stick with XP. So unless you're restricting your site to a select cadre of friends who use browsers that don't suck, SNI is dead in the water for at least a few more years.
I remember when Longhorn was the next Cairo. Now, of course, Vista isn't Longhorn, just like the Segway wasn't really Ginger. (Remember how that worked out? Yeah.) Nobody sane in that company thinks that Windows 7 is due next year. They don't even have a damned marketing name for it yet. This will be at least the third major OS release they've pulled this crap with--Cairo, Longhorn and now "Windows 7"--and nobody's looking at the history. It's enough to make one switch to a different OS.
That's about where I stopped taking the article seriously as well. I tried to remember all those times I elected to drop kernel modules and compile everything into the monolithic core, because it makes for such a tremendous performance gain. Wait, no, it fucking well doesn't. Or perhaps that time I cat'ed all of my libs together into one big .so in order to make them load faster, because caching several different files in memory is slower than caching one file of the same total size? No, he's full of shit there, too.
The icing on this cake of hackery is that the author goes on to say that keeping full virtualization environments around is going to be less expensive in terms of memory and disk space than keeping a store of old libraries which are loaded as needed. I expect that his next tour de force will be explaining to us how ice is hot, bananas are purple, and dogs are actually shellfish.
What a hack.
I think the Nazis were scary, as was the Spanish Inquisition, even though I don't personally live in fear of either of them. How was my meaning not obvious?
On the other hand, any gene conserved enough to appear all over a lineage will bear mutations which, when fed to a phylogenetics algorithm, replicate the same tree you get from any other gene to within a very, very high degree of similarity. Go find a set of genes and sequence them; it's a perfectly feasible experiment. (It's been done with plenty of extant genes.)
Have you actually looked into this yourself, or are you just making stuff up? Please point to research published, for instance, in PLoS Biology by someone attached to a social science department. Heck, since you've asserted that most researchers in evolutionary biology work in social science departments, find five articles. It shouldn't be hard. (I'm leaning more towards the idea that you're just making stuff up.)
Have you ever read about the Fundamentalist Latter Day Saints? De facto enslavement of women, right in the United States (and a bit of Canada). The cult's been mostly disbanded after its leader, Warren Jeffs, was arrested, but it's not just the wacky foreigners that do it.
You're describing Stephen Jay Gould's non-overlapping magisteria. Although it sounds really darn cool (ten syllables, dude!), it's a bit of a pipe dream. If you want to complain about people not keeping their magisteria distinct, please start with the creationists. People who claim that there's no conflict between science and religion are either unforgivably ignorant of the long history religion has of making testable claims about the material world, or are trying to make excuses for what quite frankly looks like a pretty useless way of knowing things.
By gum, you're absolutely right that the authoritarian nightmares of the twentieth century were mostly non-religious. (Not uniformly, though; the Taliban may have been small, but boy, were they scary.) The key difference isn't between religious and non-religious systems, I think, but between different ways of knowing. There's an interesting letter from Richard Dawkins to his daughter, which lays out a foundation for this idea, in that reasoning from evidence is depicted as a good way to know something, while authority, tradition and revelation were bad ways. Authoritarian murderers relied on the strength of their authority--when the people in North Korea were so indoctrinated that they'd rather eat their family members than rebel against the government, that's authority. When Stalin made his wacky decrees because they came to him in a brain cloud, that's revelation. Those aren't good reasons to rely on anything.
Stalin, Mao and their link are no more morally equivalent to your average liberal-democratic secular humanist than a member of the medieval Inquisition is morally equivalent to your average nominally religious member of a Western democracy. The former members of each pair have more in common with each other than either does with the latter set, and it's completely missing the mark to point at secularism as the cause. While religion is the most obvious embodiment of ways of knowing that lead to authoritarianism, it's hardly the only road that leads there.
(And you'll notice that plenty of the commentariat over at his place does as well, though I suspect the difference isn't a deep one.)
While I can see how evolutionary theory provides insight into abiogenesis (Spiegelman's Monster, anyone?), the fact remains that what we know about life on earth would work exactly the same whether a small initial population of prokaryotes arose by an as-yet-unknown abiogenic process, was placed here by aliens, or was zapped into place by His Noodle Appendage. Of course, what we know about tetrapod evolution would be utterly unchanged if we had some kind of omphalos thing happening prior to thir divergence from the rest of the fish.
I suppose I see his point, but I maintain that the proper response is "nothing we know about the emergence of the diversity of life on earth is affected in the least by how life emerged; while it's a fascinating topic, the two questions--the origin of life and the origin of species--are not the same one." No matter whether evolutionary theory can provide insights into abiogenesis, the two are fundamentally different things, and while it may make no sense to wall them off from each other, it is a misconception to assume that the theory of evolution rests or depends on a working theory of abiogenesis--and that's the real assertion being made.
After all, libertarianism is its own brand of fundie--there's a set of ideas defined as being right; if the ideas turn out not to work, the blame lies with the believers, not with the beliefs. The ideology cannot fail, it can only be failed. It provides a simple way of looking at the world, which provides easy answers to every question. And it's quite popular among engineers, especially in this country. It sounds like the same impulse which leads people to become bomb-throwing religious nutbars in other places leads them to become silly libertarians here.
Here are a few publications on the process. They're not all freely available.
The original patent by Paul Baskis. (1992) Thermal depolymerizing reforming process and apparatus.
A new patent (issues about two months ago, though it was filed more like three years back) by the folks currently working at Changing World Technologies. (2007) Process for conversion of organic, waste, or low-value materials into useful products.
A research report for the Illinois Council on Food and Agricultural Research from the University of Illinois on what appears to be a similar process, if not the same one. (1999) Thermochemical conversion of Swine Manure to Produce Fuel and Reduce Waste. (There's a layman's write up at National Geographic News.)
An SAE report on recycling polyurethane foam and other plastic crap from shredded car interiors. (2005) Recycling Shredder Residue Containing Plastics and Foam Using a Thermal Conversion Process.
Another SAE report on the same topic. (2006) A Life Cycle Look at Making Diesel Oil from End-of-Life Vehicles.
I don't know if anything was published in a peer-reviewed journal; the CWT website doesn't appear to link to anything, and I don't know if that's par for the course for an engineering firm, or if they're not publishing to keep things secret, or if they're selling snake oil.
It was thought that in response to a series of events involving food poisoning, it would be made illegal to feed turkey guts to turkeys. This was not done, and the feedstock turned out to not be free. The process (according to the website) works on medical waste, PCBs, old tires and sewage, which are all things that people definitely pay to have hauled off, but the company still has exactly one working plant, nine years after their first experiment facility opened. (I haven't been able to find any good information as to why that might be--whether the process doesn't work well on other feedstocks, or they can't raise the capital, or what.) I suppose we should all bear that in mind while we're reading about how we're going to have an ethanol plant in every county, right next to the thermally depolymerized chicken in every pot.