Conflict of Interest between SSL Key Certs and DNSSEC Key Certs - SSL keys certify something, usually about the "owner" of a given key, and let you have some trust in whoever possesses that key, often trusting a connection to a particular web server.
There is no conflict of interest, because the two serve different purposes.
Firstly, HTTPS (HTTP over SSL) is used for encryption as much as authentication. How many people check to see if the little lock symbol is there? Good. Now how many people check to see if the credentials associated with that lock match the company they're dealing with? Uh-oh. All you're getting, then, is encryption. DNSSEC will not provide the encryption to secure your credit card number, so the market for SSL certs is unaffected.
Secondly, DNSSEC aims at securing a different level. For many transactions that don't require SSL, it would be nice to have some assurance you're dealing with the right site. What if someone poisoned your DNS cache and redirected you to a fake Slashdot to gather your credentials and steal your account? How about sending mail, which is often handled completely under the hood by the MTAs involved without you, the mail client, having any say in checking on the routing?
Mind you, I tend to believe DJB knows what he's talking about when he criticizes DNSSEC, but the problem space is a valid one, and solving it won't conflict with SSL certificates.
So who is held accountable when the latest patch breaks something and causes loss of data?
The same someone who is held accountable when the default OS installation is insecure and the system is compromised by a 2-bit, brain-dead worm.
That would be... um... hmm... lessee... ah... tumbleweeds blow by in the hot desert wind... nobody, and certainly not Microsoft.
You can be sure that whatever legalese is in the EULA puts the responsibility squarely on the administrator, where it belongs. If they don't choose to disable auto-patch, then they undertake that risk voluntarily.
Because in a civil environment, we call devices that allow eavesdropping and jamming of communications "cell towers" and "central offices."
Seriously, something like this is designed to intrude into an area of no control or hostile control. The civil scenario you describe is one where the authorities have control, and have laws requiring the telecom carriers to allow access to the infrastructure in certain circumstances. No need to drop pringles cans.
But that's not a SCO host, that's shareholder.com:
$ host ir.sco.com ir.sco.com. is an alias for cald.client.shareholder.com. cald.client.sharehol der.com. is an alias for client.shareholder.com. client.shareholder.com. has address 170.224.5.43
It is very common for the entire IR site to be handled by an external Investor Relations firm like shareholder.com. That way they can manage simultaneous release of press releases by fax, conference, and web without having to coordinate with the true company's admin monkeys.
They pay taxes (sales tax and the federal taxes deducted from their paychecks).
Please pardon what may be a stupid question, but since federal tax withholding is done using social security numbers, and since illegal aliens don't have SSNs, how does this work? Wouldn't that be a big red flag for the IRS that someone is employing illegal aliens? I thought, rather, that most illegal aliens worked "under the table," with no taxes being withheld or accounting being performed.
Isn't financial data required to be protected by something equivelent to HIPPA?
HIPAA (Health Insurance Portability and Accountability Act) mostly revolves around (suprise) health related personal information. Financial organizations need to pay attention to it for their own employee's information, and for any health-related organizations they provide services for, but it's not the biggest IT driver for financial companies.
The Gramm-Leach-Bliley Act of 1999 is more closely targeted on financial organizations. Also, the Office of the Comptroller of the Currency (OCC) issues a lot of regulations that financial institutions need to pay close attention to. Insofar as Acxiom acts (acxts?) as a third-party vendor for financial institutions, they are also expected to meet those regulations when dealing with financial customer data.
If, as the first article states, "All of the information was encrypted," then they were probably not in violation of any of these rules or regulations. It sounds like all the guy did was pull encrypted files off a publicly accessible FTP dropoff point, probably after sniffing plaintext authentication credentials on the network. Stupid move by Acxiom, but not fatal; bad PR but no real impact.
Why did they have a server outside their firewall?!?
I think that if you translate from Dumb Reporter to Technical you get "server on a service network or DMZ, available to the Internet but segregated from their internal network." That's standard practice, the thing has to be available to the Internet.
In either case, I'm guessing they brute-forced / dictionary attacked the file with John the Ripper or the like
Again, you need to translate here. Based on personal experience with similar organizations, I believe this translates to "He sniffed the plaintext (non-anonymous) FTP passwords off the Internet and used them to log in himself and get files."
Now, does that mean they had all users change their passwords, or just their passwords on that server
Translation: "We changed all the FTP passwords, so that they will be secure until the next time someone sniffs them.
Which is why their infrastructure was vulnerable to begin with?
Note that they also state the information he got was encrypted and not believed to have been used. It is not unusual for organizations like Acxiom to accept PGP or ZIP encrypted files via FTP. Obviously, that isn't good enough - if only because of the negative publicity that comes out of an incident like this - but that's what they do.
The only sign of weak infrastructure here is FTP passing plaintext passwords over the Internet. I don't see any real evidence that anything else was compromised - except their PR shell.
One of my first jobs was running some hot laser printers for a junk mailer. I believe we used lists from Acxiom. The most damage you could do with one of these lists would be to shill for publishers clearing house. No identity theft with this list.
Ya think maybe they don't sell the full details to junk mailers who only want to do mailing lists?
Wake me when it's a credit card/banking database.
Acxiom does have services customized to Financial Services, Healthcare and Insurance, among others. I bet they use more than mailing labels to "Analyze data and target prospects with the same characteristics as your most profitable customers." It'd be interesting to know what information helps "Create a 360-degree view of healthcare customers."
Since the alleged hack was an 'inside job' by a person who had access to the data, is it news at all?
Yes, in that it illustrates one of the dangers of data mining; you can't always trust the mine companies or the miners they hire.
Insofar as that "danger" affects anyone whose personal information could end up at a provider like Acxiom, it is relevant to, say, 95% of the/. readership.
Mere access to credit card numbers and the corresponding user list does not constitute a major threat, IMO.
There's this new thing called "Identity Theft" that kind of sucks to be a victim of. Maybe you've heard of it?
The same can't be said about Hotmail hacks or even Windows hacks.
*snort* Yeah, cause, you know, Junior's inane personal email is MUCH more important than his financial record.
From the article: Oracle maintains its bullish stance on Linux, despite the copyright, intellectual-property, and unfair competition lawsuits introduced by various players in the market.
Who are the various players? SCO, SCO, and SCO?
This article makes it seem like Linux is the churning center of numberous legal actions by disparate parties, when to the best of my knowledge, there's just one bad apple (SCO) throwing (vague, unsubstantiated) accusations around weekly.
Surely if there were other Linux-related legal actions going on/. would be covering them daily!
From my own limited experiences with the legal system,... these things move at a speed akin to continental drift.
IANAL, but I believe that "Injunctive relief" suits move faster than normal lawsuits, because their purpose is to stop an ongoing illegal activity (as opposed to apportion blame and determine compensation for a past activity).
They said that the only significant part of the kernel that was an issue was the scheduler, which looked like it had been copied "line by line" from Unix sources
Wasn't the scheduler stuff the same as the RCU code? And wasn't the issue with the RCU code that Sequent developed and released a Linux implementation (while having the standard SYSV license), then got bought by IBM (thus the current lawsuit)?
Linux was certified as providing only "low to moderate" security, compared with the same group's certification as "moderate to high" last year of the security of Microsoft's Windows 2000 software. Supporters said Linux software, whose popular mascot is a penguin, was under testing for better-security ratings.
I would guess that IBM wanted to go for the faster, cheaper rating first and wait to get it certified higher. Common Criteria testing is expensive and time-consuming. It isn't a statement on Linux, it says more about how much got spent this time around.
So are we going to start seeing the fancy labels which are on all the other foods?
Nope. The BATF (Bureau of Alcohol, Tobacco, and Firearms) will not allow brewers to put anything that might be (correctly or incorrectly) intepreted as health information. The Yakima Brewery in Washington had to deal with ATF harrassment when they had the temerity to list calories, protein, carbohydrates, fat, cholesterol, sodium and potassium.
Today we pasteurize beer - before this practice became mainstream, beer used to be pretty unsanitary.
Pasteurization has nothing to do with sanitary in beer. Homebrewers never pasteurize their beer.
Firstly, let's talk about unsanitary. Unsanitary - back then - meant things like cholera, which lived quite happily in water and was a serious health threat. The alcohol in beer kills things like cholera. There are no known human pathogens that can grow or live in beer, so you can't mess up and brew something that'll hurt you. So, in the context of unclean water, beer _is_ sanitary - the alcohol kills germs.
Secondly, let's talk about pasteurization. In milk, pasteurization kills off certain bacteria that are present in the production chain (read: cow) but bad for humans in some cases. In beer, pasteurization kills off the yeast (not bad for humans, BTW) which insures that the fermentation will stop and the flavor of the beer will reach stasis. It does not kill of nasties; nasties can't live in beer. Again, homebrewers don't pasteurize, they don't need to, and it's too hard to do without killing the flavor. In fact, unpasteurized beer with yeast residue has lots of vitamin B, which helps with hangovers.
In short: beer didn't used to be unsanitary, water did. Beer still isn't. Water may be, depending upon where you live.
The subjective morality of an act depends on the intent of the actor. One ought ever to do as one's conscience instructs.
On this, we agree completely.
I believe that one's conscience is an internal device. You, on the other hand, have chosen to treat the Catholic church as generally authoritative.
If a human embryo dies a natural death, then that is one thing, but if the human embryo dies because death is intended by one who should be a protector, then that is another thing entirely.
I do not understand how you contradict the preciousness of the souled embryo with the fact that God allows 50% of them to die. If he has the power to protect them, and chooses not to, then how should we be held to a higher standard, made as we are in his image? If he cares even for the sparrow in the field, is he not as much the "protector" of the embryo as we are?
After considering this issue, I came to the personal decision that IVF was not immoral. Your mileage, obviously, may vary.
The Church's position... the Church teaches... the Church opposes... the Church teaches... the Church opposes... the Church opposes... the Church opposes...
I apologize, but I see little point in further debate. I do not recognize either the authority or the validity of the Catholic Church or its various doctrines. I reject an organization which preaches morality and conscience, but transfers child molesters from parish to parish and covers up their crimes. If there is a God, and he wishes to correct me on the moral choices I have made, then on judgement day I will stand and take responsibility for them. I will never stand there and say, "I did wrong, but unknowingly, because the Church said it was okay and I accepted their authority."
For the price of IVF, they can probably afford adoption too. Another post quoted one cylce of IVF treatment as costing more than $12,000
Adoption of anything but a black baby costs 2-3 times that, and can take 2-3 years. Adoption costs run 25-35k. International adoptions have a lower up front cost than domestic American, but often involve multiple trips across the world and interpreters, which drives the cost up until it is roughly equivalent.
The more you are willing to pay, the faster you can adopt. That's because some mothers need monetary support during the pregnancy; the people who can only afford $25k can't pay for them, so they're available for the people who have more to spend.
Insurance pays for IVF - to some extent or another - in 12 states, currently. For the people living in those states who have a job with insurance, the cost of IVF is negligible compared to adoption.
The real travesty in Fertility Medicine is that there has never been ANY funding by NIH for fertility medicine.
That's one of them, the other is the complete and total lack of interest in trying to find the causes or the fixes for male infertility.
Almost every reproductive procedure today involves manipulating the female. When the man has a low sperm count, there is nothing they can do to try and fix it except in certain obvious physiological cases (e.g., varicocele).
Many women who would be fine with IUI end up doing IVF, much more expensive and complicated, because the man has a low sperm count and there's no research on how to diagnose or fix it. There's a vast lack of interest in it, and one has to wonder how much of that is because the doctors are usually male and therefore taking a slanted view.
My wife and I are also in the midst of fertility treatment.
Good luck.
As far as finding a clinic, there are government reports on the reported statistics of each clinic, but they are always something like 2 years behind. In those two years, the rates have usually shifted. Pay attention to who is practicing at the clinic, both the doctors and the embryologists. If clinic X was really good two years ago, see how much staff turnover they've had. The embryologist is as important, if not more than, the doctors.
Either way, eggs and sperm used for IUI/IVF undergo testing for genetic defects, so I could argue that babies concieved via either of these methods are more likely lower the rate of birth disorders.
Actually, usually not. The parents are checked for certain genetic defects, but it is rare for the embryos to be checked, and the eggs/sperm are never checked.
You can't check an egg or a sperm without essentially destroying it. Sperm are divided by motility (how well they move) and morphology (remove those with multiple heads and tails, etc) but again, you can't do any genetic testing without destroying the sperm.
In some cases, fertilized embryos are tested using PGD (preimplantation genetic diagnosis). In this procedure, the embryos which live until they've got around 8 cells have one cell cut off, and that cell is tested. The test involves checking the value of something like 9 of the 23 chromosome pairs, looking for non-paired chromosomes - for example, having 1 or 3 or 4 where there should only be 2. This can't be done until the embryo has enough cells to lose one for testing without being harmed. It isn't covered by insurance in states which cover IVF, and is usually only used when doctors have some reason to expect that the genetic makeup of the embryos is causing (previous) cycles to fail (e.g., spontaneous abortion by 10 weeks).
There has been some question about whether ICSI allows genetically unhealthy embryos where nature would not, but studies show that the risk is small. In ICSI, the doctor picks one sperm that looks good, and injects it into the egg rather than allowing multiple sperm to "do their best." Since there is no correlation between the way the sperm looks and its genetic health, the worry was that it would allow genetically unhealthy embryos which would not otherwise happen. The consensus seems to be that genetically unhealthy embryos happen both in nature and via ICSI, and that nature deals with them the same - they are non-viable and terminate themselves. (See my other post in this thread documenting that 50% of all pregnancies terminate prematurely in both nature and IVF.)
The person who would be less motivated to raise a child for these reasons is a heartless individual who should not be raising any children.
The world must be full of heartless people, then. Are you aware that the cost of adopting a black baby is something like 1/3 to 1/6 the cost of adopting anything else?
I didn't have to go through 100+ injections and get stuck with a foot-long needle to have eggs extracted, only to then get to go through pregnancy!
Count yourself lucky, dude. One of my friends had such an abysmally low sperm count that they had to extract the sperm with needles from the testicles.
You're right, though, in that IVF involves weeks and sometimes months of injections, both subcutaneous and intramuscular, for the woman. That the injections sometimes involve hormones which cause wild mood swings and loss of control. The people who think that this is done for "vanity" have no idea what they're talking about.
If an embryo is already infused with a human soul that, unconsciously on its part at first, somehow plays a part in directing the formation of the body and mind, then the embryo is already an end of creation and a person in that sense. An end of creation is not to be used or abused by another man, for the embryo has some right to develop.
Spontaneous abortion (that is to say, the pregnancy terminating itself without outside cause) rates are 50% among the general population (some studies actually say 75%). For every two children that is naturally conceived and granted a soul, one of them dies before being born. This is the way that the normal human system works. 7 out of 10 of these spontaneous abortions occur before the pregnancy is "clinically recognized." Many women never realize they were pregnant; their period is only a few days late and there is no noticeable difference when it comes.
Among young women, the spontaneous abortion rate for IVF and other technologies is equivalent to that of natural conception (50%, with ~15% being after "clinical recognition.").
(Among older women using their own eggs, the rate climbs up to 30% or more after clinical recognition. Unlike sperm, eggs suffer from entropy and their quality rapidly declines after age 30).
An article describing a study which explored this area is here.
Although it is too early for statistics, it is possible that technologies like PGD (Preimplantation Genetic Diagnosis) will lower the "death" rate by ensuring that the genetically healthiest embryos are used and clearly defective ones will not be used. "Genetically healthy" does not mean Gattaca-like perfection; it means that for 9 or so of the 23 chromosomes that we can test for today, there are two of each as their should be. XX or XY, not XXY, not X, not ''. No disorders that guarantee that the child may make it to birth, but will die of a heart defect by 3 months at the latest.
If every fertilized egg has a soul, then why does God let half of them die?
If a couple gets drunk, has sex, and gets pregnant with a child they don't want, does the church oppose that?
If a couple sacrifices (yes, it is a sacrifice) their time, money, energy, health, and sanity to have a child that they want more than anything else in the world, why would the church oppose that?
Slashdot Mirror
Conflict of Interest between SSL Key Certs and DNSSEC Key Certs - SSL keys certify something, usually about the "owner" of a given key, and let you have some trust in whoever possesses that key, often trusting a connection to a particular web server.
There is no conflict of interest, because the two serve different purposes.
Firstly, HTTPS (HTTP over SSL) is used for encryption as much as authentication. How many people check to see if the little lock symbol is there? Good. Now how many people check to see if the credentials associated with that lock match the company they're dealing with? Uh-oh. All you're getting, then, is encryption. DNSSEC will not provide the encryption to secure your credit card number, so the market for SSL certs is unaffected.
Secondly, DNSSEC aims at securing a different level. For many transactions that don't require SSL, it would be nice to have some assurance you're dealing with the right site. What if someone poisoned your DNS cache and redirected you to a fake Slashdot to gather your credentials and steal your account? How about sending mail, which is often handled completely under the hood by the MTAs involved without you, the mail client, having any say in checking on the routing?
Mind you, I tend to believe DJB knows what he's talking about when he criticizes DNSSEC, but the problem space is a valid one, and solving it won't conflict with SSL certificates.
So who is held accountable when the latest patch breaks something and causes loss of data?
The same someone who is held accountable when the default OS installation is insecure and the system is compromised by a 2-bit, brain-dead worm.
That would be... um... hmm... lessee... ah... tumbleweeds blow by in the hot desert wind... nobody, and certainly not Microsoft.
You can be sure that whatever legalese is in the EULA puts the responsibility squarely on the administrator, where it belongs. If they don't choose to disable auto-patch, then they undertake that risk voluntarily.
Why limit the system to only battlefield?
Because in a civil environment, we call devices that allow eavesdropping and jamming of communications "cell towers" and "central offices."
Seriously, something like this is designed to intrude into an area of no control or hostile control. The civil scenario you describe is one where the authorities have control, and have laws requiring the telecom carriers to allow access to the infrastructure in certain circumstances. No need to drop pringles cans.
ir.sco.com is running IIS.
But that's not a SCO host, that's shareholder.com:
It is very common for the entire IR site to be handled by an external Investor Relations firm like shareholder.com. That way they can manage simultaneous release of press releases by fax, conference, and web without having to coordinate with the true company's admin monkeys.
They pay taxes (sales tax and the federal taxes deducted from their paychecks).
Please pardon what may be a stupid question, but since federal tax withholding is done using social security numbers, and since illegal aliens don't have SSNs, how does this work? Wouldn't that be a big red flag for the IRS that someone is employing illegal aliens? I thought, rather, that most illegal aliens worked "under the table," with no taxes being withheld or accounting being performed.
Isn't financial data required to be protected by something equivelent to HIPPA?
HIPAA (Health Insurance Portability and Accountability Act) mostly revolves around (suprise) health related personal information. Financial organizations need to pay attention to it for their own employee's information, and for any health-related organizations they provide services for, but it's not the biggest IT driver for financial companies.
The Gramm-Leach-Bliley Act of 1999 is more closely targeted on financial organizations. Also, the Office of the Comptroller of the Currency (OCC) issues a lot of regulations that financial institutions need to pay close attention to. Insofar as Acxiom acts (acxts?) as a third-party vendor for financial institutions, they are also expected to meet those regulations when dealing with financial customer data.
If, as the first article states, "All of the information was encrypted," then they were probably not in violation of any of these rules or regulations. It sounds like all the guy did was pull encrypted files off a publicly accessible FTP dropoff point, probably after sniffing plaintext authentication credentials on the network. Stupid move by Acxiom, but not fatal; bad PR but no real impact.
Why did they have a server outside their firewall?!?
I think that if you translate from Dumb Reporter to Technical you get "server on a service network or DMZ, available to the Internet but segregated from their internal network." That's standard practice, the thing has to be available to the Internet.
In either case, I'm guessing they brute-forced / dictionary attacked the file with John the Ripper or the like
Again, you need to translate here. Based on personal experience with similar organizations, I believe this translates to "He sniffed the plaintext (non-anonymous) FTP passwords off the Internet and used them to log in himself and get files."
Now, does that mean they had all users change their passwords, or just their passwords on that server
Translation: "We changed all the FTP passwords, so that they will be secure until the next time someone sniffs them.
Which is why their infrastructure was vulnerable to begin with?
Note that they also state the information he got was encrypted and not believed to have been used. It is not unusual for organizations like Acxiom to accept PGP or ZIP encrypted files via FTP. Obviously, that isn't good enough - if only because of the negative publicity that comes out of an incident like this - but that's what they do.
The only sign of weak infrastructure here is FTP passing plaintext passwords over the Internet. I don't see any real evidence that anything else was compromised - except their PR shell.
One of my first jobs was running some hot laser printers for a junk mailer. I believe we used lists from Acxiom. The most damage you could do with one of these lists would be to shill for publishers clearing house. No identity theft with this list.
Ya think maybe they don't sell the full details to junk mailers who only want to do mailing lists?
Wake me when it's a credit card/banking database.
Acxiom does have services customized to Financial Services, Healthcare and Insurance, among others. I bet they use more than mailing labels to "Analyze data and target prospects with the same characteristics as your most profitable customers." It'd be interesting to know what information helps "Create a 360-degree view of healthcare customers."
Since the alleged hack was an 'inside job' by a person who had access to the data, is it news at all?
Yes, in that it illustrates one of the dangers of data mining; you can't always trust the mine companies or the miners they hire.
Insofar as that "danger" affects anyone whose personal information could end up at a provider like Acxiom, it is relevant to, say, 95% of the /. readership.
Mere access to credit card numbers and the corresponding user list does not constitute a major threat, IMO.
There's this new thing called "Identity Theft" that kind of sucks to be a victim of. Maybe you've heard of it?
The same can't be said about Hotmail hacks or even Windows hacks.
*snort* Yeah, cause, you know, Junior's inane personal email is MUCH more important than his financial record.
From the article: Oracle maintains its bullish stance on Linux, despite the copyright, intellectual-property, and unfair competition lawsuits introduced by various players in the market.
Who are the various players? SCO, SCO, and SCO?
This article makes it seem like Linux is the churning center of numberous legal actions by disparate parties, when to the best of my knowledge, there's just one bad apple (SCO) throwing (vague, unsubstantiated) accusations around weekly.
Surely if there were other Linux-related legal actions going on /. would be covering them daily!
From my own limited experiences with the legal system, ... these things move at a speed akin to continental drift.
IANAL, but I believe that "Injunctive relief" suits move faster than normal lawsuits, because their purpose is to stop an ongoing illegal activity (as opposed to apportion blame and determine compensation for a past activity).
They said that the only significant part of the kernel that was an issue was the scheduler, which looked like it had been copied "line by line" from Unix sources
Wasn't the scheduler stuff the same as the RCU code? And wasn't the issue with the RCU code that Sequent developed and released a Linux implementation (while having the standard SYSV license), then got bought by IBM (thus the current lawsuit)?
Just trying to keep track here...
Linux was certified as providing only "low to moderate" security, compared with the same group's certification as "moderate to high" last year of the security of Microsoft's Windows 2000 software. Supporters said Linux software, whose popular mascot is a penguin, was under testing for better-security ratings.
I would guess that IBM wanted to go for the faster, cheaper rating first and wait to get it certified higher. Common Criteria testing is expensive and time-consuming. It isn't a statement on Linux, it says more about how much got spent this time around.
So are we going to start seeing the fancy labels which are on all the other foods?
Nope. The BATF (Bureau of Alcohol, Tobacco, and Firearms) will not allow brewers to put anything that might be (correctly or incorrectly) intepreted as health information. The Yakima Brewery in Washington had to deal with ATF harrassment when they had the temerity to list calories, protein, carbohydrates, fat, cholesterol, sodium and potassium.
Today we pasteurize beer - before this practice became mainstream, beer used to be pretty unsanitary.
Pasteurization has nothing to do with sanitary in beer. Homebrewers never pasteurize their beer.
Firstly, let's talk about unsanitary. Unsanitary - back then - meant things like cholera, which lived quite happily in water and was a serious health threat. The alcohol in beer kills things like cholera. There are no known human pathogens that can grow or live in beer, so you can't mess up and brew something that'll hurt you. So, in the context of unclean water, beer _is_ sanitary - the alcohol kills germs.
Secondly, let's talk about pasteurization. In milk, pasteurization kills off certain bacteria that are present in the production chain (read: cow) but bad for humans in some cases. In beer, pasteurization kills off the yeast (not bad for humans, BTW) which insures that the fermentation will stop and the flavor of the beer will reach stasis. It does not kill of nasties; nasties can't live in beer. Again, homebrewers don't pasteurize, they don't need to, and it's too hard to do without killing the flavor. In fact, unpasteurized beer with yeast residue has lots of vitamin B, which helps with hangovers.
In short: beer didn't used to be unsanitary, water did. Beer still isn't. Water may be, depending upon where you live.
Sorry, not trolling. Posted too fast after too many glasses of wine and misread it as patching more bugs rather than being more responsive.
I concur that turnaround on FOSS bugs is faster than Microsoft. But Microsoft patches more (security hole) bugs than any individual piece of FOSS.
the strategy is to repeat provably false assertions as often and in as many different venues as possible
Excuse me? It is clearly a true assertion.
Microsoft patches more often because Microsoft has more bugs. At this point, even Sendmail has a better track record on # of bugs.
The subjective morality of an act depends on the intent of the actor. One ought ever to do as one's conscience instructs.
On this, we agree completely.
I believe that one's conscience is an internal device. You, on the other hand, have chosen to treat the Catholic church as generally authoritative.
If a human embryo dies a natural death, then that is one thing, but if the human embryo dies because death is intended by one who should be a protector, then that is another thing entirely.
I do not understand how you contradict the preciousness of the souled embryo with the fact that God allows 50% of them to die. If he has the power to protect them, and chooses not to, then how should we be held to a higher standard, made as we are in his image? If he cares even for the sparrow in the field, is he not as much the "protector" of the embryo as we are?
After considering this issue, I came to the personal decision that IVF was not immoral. Your mileage, obviously, may vary.
The Church's position... the Church teaches... the Church opposes... the Church teaches... the Church opposes... the Church opposes... the Church opposes...
I apologize, but I see little point in further debate. I do not recognize either the authority or the validity of the Catholic Church or its various doctrines. I reject an organization which preaches morality and conscience, but transfers child molesters from parish to parish and covers up their crimes. If there is a God, and he wishes to correct me on the moral choices I have made, then on judgement day I will stand and take responsibility for them. I will never stand there and say, "I did wrong, but unknowingly, because the Church said it was okay and I accepted their authority."
For the price of IVF, they can probably afford adoption too. Another post quoted one cylce of IVF treatment as costing more than $12,000
Adoption of anything but a black baby costs 2-3 times that, and can take 2-3 years. Adoption costs run 25-35k. International adoptions have a lower up front cost than domestic American, but often involve multiple trips across the world and interpreters, which drives the cost up until it is roughly equivalent.
The more you are willing to pay, the faster you can adopt. That's because some mothers need monetary support during the pregnancy; the people who can only afford $25k can't pay for them, so they're available for the people who have more to spend.
Insurance pays for IVF - to some extent or another - in 12 states, currently. For the people living in those states who have a job with insurance, the cost of IVF is negligible compared to adoption.
The real travesty in Fertility Medicine is that there has never been ANY funding by NIH for fertility medicine.
That's one of them, the other is the complete and total lack of interest in trying to find the causes or the fixes for male infertility.
Almost every reproductive procedure today involves manipulating the female. When the man has a low sperm count, there is nothing they can do to try and fix it except in certain obvious physiological cases (e.g., varicocele).
Many women who would be fine with IUI end up doing IVF, much more expensive and complicated, because the man has a low sperm count and there's no research on how to diagnose or fix it. There's a vast lack of interest in it, and one has to wonder how much of that is because the doctors are usually male and therefore taking a slanted view.
My wife and I are also in the midst of fertility treatment.
Good luck.
As far as finding a clinic, there are government reports on the reported statistics of each clinic, but they are always something like 2 years behind. In those two years, the rates have usually shifted. Pay attention to who is practicing at the clinic, both the doctors and the embryologists. If clinic X was really good two years ago, see how much staff turnover they've had. The embryologist is as important, if not more than, the doctors.
Either way, eggs and sperm used for IUI/IVF undergo testing for genetic defects, so I could argue that babies concieved via either of these methods are more likely lower the rate of birth disorders.
Actually, usually not. The parents are checked for certain genetic defects, but it is rare for the embryos to be checked, and the eggs/sperm are never checked.
You can't check an egg or a sperm without essentially destroying it. Sperm are divided by motility (how well they move) and morphology (remove those with multiple heads and tails, etc) but again, you can't do any genetic testing without destroying the sperm.
In some cases, fertilized embryos are tested using PGD (preimplantation genetic diagnosis). In this procedure, the embryos which live until they've got around 8 cells have one cell cut off, and that cell is tested. The test involves checking the value of something like 9 of the 23 chromosome pairs, looking for non-paired chromosomes - for example, having 1 or 3 or 4 where there should only be 2. This can't be done until the embryo has enough cells to lose one for testing without being harmed. It isn't covered by insurance in states which cover IVF, and is usually only used when doctors have some reason to expect that the genetic makeup of the embryos is causing (previous) cycles to fail (e.g., spontaneous abortion by 10 weeks).
There has been some question about whether ICSI allows genetically unhealthy embryos where nature would not, but studies show that the risk is small. In ICSI, the doctor picks one sperm that looks good, and injects it into the egg rather than allowing multiple sperm to "do their best." Since there is no correlation between the way the sperm looks and its genetic health, the worry was that it would allow genetically unhealthy embryos which would not otherwise happen. The consensus seems to be that genetically unhealthy embryos happen both in nature and via ICSI, and that nature deals with them the same - they are non-viable and terminate themselves. (See my other post in this thread documenting that 50% of all pregnancies terminate prematurely in both nature and IVF.)
The person who would be less motivated to raise a child for these reasons is a heartless individual who should not be raising any children.
The world must be full of heartless people, then. Are you aware that the cost of adopting a black baby is something like 1/3 to 1/6 the cost of adopting anything else?
By overriding this mechanism in nature you create a child of inferior genetic make up who would no otherwise be by natural process.
Says whom? And where is your degree from?
Firstly, there is no evidence that IVF children are genetically inferior, period. Instead, "the consensus is that there is no increased anomaly rate in IVF. In fact, the anomaly rates are lower than recorded in birth defects surveillance programs. Irrespective, U.S. studies have never shown an increase in anomalies following IVF."
Secondly, studies show that "Children born through in vitro fertilization seem to be just as healthy psychologically as other youngsters."
I think it's unfair to create a child that may have genetic defects / other problems because of their parent's own selfishness.
I think you're fucking stupid. Selfishness has nothing to do with IVF. And your criticisms have nothing to do with scientifically documented reality.
I didn't have to go through 100+ injections and get stuck with a foot-long needle to have eggs extracted, only to then get to go through pregnancy!
Count yourself lucky, dude. One of my friends had such an abysmally low sperm count that they had to extract the sperm with needles from the testicles.
You're right, though, in that IVF involves weeks and sometimes months of injections, both subcutaneous and intramuscular, for the woman. That the injections sometimes involve hormones which cause wild mood swings and loss of control. The people who think that this is done for "vanity" have no idea what they're talking about.
Congratulations on the twins.
If an embryo is already infused with a human soul that, unconsciously on its part at first, somehow plays a part in directing the formation of the body and mind, then the embryo is already an end of creation and a person in that sense. An end of creation is not to be used or abused by another man, for the embryo has some right to develop.
Spontaneous abortion (that is to say, the pregnancy terminating itself without outside cause) rates are 50% among the general population (some studies actually say 75%). For every two children that is naturally conceived and granted a soul, one of them dies before being born. This is the way that the normal human system works. 7 out of 10 of these spontaneous abortions occur before the pregnancy is "clinically recognized." Many women never realize they were pregnant; their period is only a few days late and there is no noticeable difference when it comes.
Among young women, the spontaneous abortion rate for IVF and other technologies is equivalent to that of natural conception (50%, with ~15% being after "clinical recognition.").
(Among older women using their own eggs, the rate climbs up to 30% or more after clinical recognition. Unlike sperm, eggs suffer from entropy and their quality rapidly declines after age 30).
An article describing a study which explored this area is here.
Although it is too early for statistics, it is possible that technologies like PGD (Preimplantation Genetic Diagnosis) will lower the "death" rate by ensuring that the genetically healthiest embryos are used and clearly defective ones will not be used. "Genetically healthy" does not mean Gattaca-like perfection; it means that for 9 or so of the 23 chromosomes that we can test for today, there are two of each as their should be. XX or XY, not XXY, not X, not ''. No disorders that guarantee that the child may make it to birth, but will die of a heart defect by 3 months at the latest.
If every fertilized egg has a soul, then why does God let half of them die?
If a couple gets drunk, has sex, and gets pregnant with a child they don't want, does the church oppose that?
If a couple sacrifices (yes, it is a sacrifice) their time, money, energy, health, and sanity to have a child that they want more than anything else in the world, why would the church oppose that?