That looks great. I used to work at a place where we cobbled together a combination of Owncloud, Jira, and Slack, and it was all kind of a mess. I'd like to try Nextcloud out.
Christ almighty, it's like volunteering to be surveilled by the goddamn Stasi! Amazon, the on-line bookstore from the 90s, is distributing listening devices that they have somehow convinced people to purchase for themselves, and is employing a spatially-distributed sweatshop of thousands of people who sit for nine hours a day and listen in on other people's private conversations, transcribe them, and file them away. This dystopian horror goes beyond Orwell's nightmares, and the whole point of it is to sell people more shit. It's goddamn madness!
I know it's become a cliche to warn people against adopting Google products because Google will discontinue them after a few years. In this case, though, I'm not joking at all when I ask: why would anyone trust this service to Google? They seem to have recycled Google+ and Google Wave into a re-implementation of IRC, email, and message forums. Which... fine, I guess. Of course, know that Google is going to consume everything you input into this system and use it to, at a minimum, advertise at you. And when Google finally does retire the service, maybe you'll be able to get your data out in some format that is absolutely useless as input to any other competitor.
I don't know what the open-source alternatives are, but I'd feel a lot better about using OSS for this purpose.
(4) establish an Independent Review Board for any behavioral or psychological research, of any purpose, conducted on users or on the basis of user activity or data, which shall review and have authority to approve, require modification in, or disapprove all behavioral or psychological experiments or research;
Does this mean that if I use site/log analytics to study the behavior of users so I can adjust the features of the site for better user efficiency, that I need to convene an independent IRB, register that IRB with the Commission, and then produce a human subjects research plan for approval? As stupid as that sounds, it seems to pretty clearly fall within rule 4.
I appreciate the intentions of these senators, I guess. But it doesn't look like this proposal has been vetted by anyone who knows how the Internet actually works... like the recent EU bills, or the constant calls for back doors into encryption, or online content filtering. It'd be nice if our legislators were more tech literate.
I might stop using Windows when MS stops offering security updates for Windows 7 (in January, unless things change). I have never heard of a single feature of Windows 10 that is attractive to me. Almost everything I see and hear about it makes me actively not want it.
I've already had, for several years, a dedicated Linux desktop that I use almost daily. I have peccadilloes with Ubuntu and Gnome that I'm sure I could fix if it were my primary OS. I mostly hang on to Windows because of proprietary software support. I use ArcGIS for my work, and I play PC games. These days, game publishers are starting to offer Linux versions of their games, and Steam is making it much easier to play Windows games under Linux. And if I had to, I could keep a laptop around with Windows just to run specific software that doesn't work elsewhere.
For the time being, I'm quite comfortable with Windows 7. But as time passes, it's clear that what MS wants me to do is rent my OS from them, and that's just not going to happen.
Actually no they can't: there are a lot of laws about what businesses can and can't do. funnily enough very very few people who advocate for fewer controls restricting behaviour also advocate for removal of limitd liability protection.
Sure there are. But so far, Amazon isn't accused of breaking any laws with their promotion practices. If they are, it's up to their lawyers to decide whether they want to risk prosecution or change their behavior. I have no idea whether Amazon's promotion of Amazon Basics items in their search results is illegal, and I doubt anybody will really know unless there's a trial about it. I'm just saying that I don't feel confused, pressured, limited, or unable to purchase alternatives to the Basics items that are promoted.
When MS got corrected for anti-competitive behavior for IE, I got it. Windows 95 came with IE, and it was not obvious to the typical user that there was any other choice. They would need to go out specifically looking for another web browser and go through the installation process, all of this predicated on the users knowing that other browsers existed. But in this case, the Basics items are listed at the top of the search results, and users can see the other items just by scrolling down, which doesn't seem to me an undue burden on them.
But that's the roblem with monopoly abuse. I shop somewhere else. Enough people don't that Amaon can do a good deal of harm to the companies whose products I want.
I agree with you there. It's why I don't shop at Wal-Mart. I also try to buy stuff at local businesses as much as possible. But I live in a smaller town, so sometimes Amazon is the best option. I don't feel too bad about ordering things from Amazon that aren't readily available in town. Sometimes, Amazon doesn't have what I need, or I don't trust them to supply a legitimate product--so I order from the manufacturer's site instead.
Yeah, the fake reviews and counterfeits at Amazon are getting bad. There are a fair number of things I wouldn't really consider buying there anymore: USB keys > 2 GB, phone chargers, batteries, certain kinds of cables. I have a particular book in my cart, but so many reviewers are complaining that they got a low-quality counterfeit printing of the book that I'm just going to order it from the publisher. Board games are iffy.
Maybe some of that low-quality crap benefits Amazon Basics by comparison, but there are a lot of categories where Amazon has no product to compete with the knockoffs, and it's got to be hurting them when we stop buying from them because we sometimes have literally no idea what's going to arrive in the box.
I'm hardly making an impassioned defense of Amazon. I just don't care. It's Amazon's web site, and they can run it how they want. If that pisses people off so much, they should shop somewhere else. As a thinking human being, I'm not particularly confused by listings that say "Sponsored" at the top of them. I find it's not that difficult to scroll past them.
I never had a problem with it. If I search for something and Amazon suggests an Amazon Basics item at the top of the results, it is not mentally or physically taxing to move the scroll wheel a little bit and see the rest of the results. Is this complaint based upon the idea that consumers simply buy the very first thing they see, regardless of whether it's what they want?
I guess, for certain items that people don't care who made it or where it came from, the first item in the list may be purchased more often. So who is Amazon supposed to put at the top of the list? Anyone can complain that search results are biased because the thing at the top of the list isn't the thing they wish was at the top. But, then, if you're selling such a common commodity item that Amazon is undercutting you with their own generic version, maybe you should be selling something else.
I can't see how labor laws would enter into it, since the person has no employment relationship with the company. On the other hand, 'pay me or I'll make this information public' is almost the definition of blackmail. I feel like in any bug bounty situation, there should be a contract between the person and company before things go too far, to avoid situations like in the article. I'm not sure how to propose or negotiate such a contract while avoiding implications of blackmail.
Good Lord, man, talk about a slippery slope argument. Are you seriously blaming the problem of plastic pollution on lonely garbage men who let plastic bags blow away because they don't have a partner on the truck? And then, due to the banning of disposable plastic shopping bags, forecasting the doom of civilization?
I've been using re-usable cloth shopping bags for the last 5-10 years. I keep them in the trunk of the car. They're durable. I wash them periodically. They work just fine for getting groceries, other kinds of shopping, and even non-commerce related toting. I think I paid about $2.00 for each of them. I've used them hundreds of times.
We should stop producing most disposable plastic bags. Oil is too valuable to make into shitty plastic bags just so someone can use them to carry groceries from the store to the car and then the car to the house. Even if the bags actually made it to the landfill and didn't wind up in the ocean, it would still be a waste. Since they do end up in the ocean, it's even worse.
Just off the top of my head, here are a bunch of steps that might be taken in the situation:
Security team to discover the hack
Shut down systems/services to stop the attack
Document the extent of the hack and compromised data
Replace affected hardware with new, preserving the old as evidence
Eliminate the attacker's shells
Eliminate the attacker's malware
Rebuild affected systems
Audit everything the attacker might have touched
Prepare legal documentation
Depose everyone
Liaise with law enforcement
...
This requires the time of security analysts, consultants, lawyers, management, IT people; recompense for lost time for anyone at MS unable to work while affected systems were down; money for hardware replacement;... . MS probably isn't feeling especially generous about these costs, and is definitely going to count every cost they can in their total.
The guy had access for three weeks until mid-February, and was arrested in June. So there's 3.5 months give or take a few weeks when MS could have been doing all of this work. I hope it wouldn't have taken them the whole time, but it's easy to see how the costs could add up.
- Appropriate mix of using contractors and in-house development. SpaceX and others are showing that they can get payloads, soon including people, into orbit. NASA should recognize the commodification of the basics and focus the big government dollars on space tech that the commercial guys won't touch right now. Of course, that means giving up on a lot of pork spending, in line with your item #2.
- Adjust the budget to realistically accomplish the goals. I suspect this means increasing the budget, but I don't know.
Anyway, as I said, I think you're right, which is to say: none of this is going to happen anytime soon.
NASA does a lot of stuff, and a lot of it (Earth observation missions, for example) works really well. But for these moon shot missions, nothing is at stake. Someone like Mike Pence says we're going to the moon for no particular reason, and nobody cares, and nobody believes we're actually going to the moon, so when we don't go, it's not a surprise to anybody--in fact, they've all forgotten that Mike Pence said anything about it in the first place. So who cares if we failed?
If both an easily usable remote vulnerability with privilege escalation is counted the same as a very hard to exploit local vulnerability...
I knowingly created a vulnerability in a single sign-on system that I implemented. I did it for expediency. But when I did, I spoke with my boss about it first, and then we all talked about it at a staff meeting to try to determine ways that it could be exploited. The two we came up with involved a bad actor who already had unrestricted physical access to a logged-in user's machine, or a bad actor who had reality-defying luck at guessing a UUID within a 24-hour period. In either case, the attacker couldn't gain access beyond the user they impersonated. It was decided that even though a vulnerability existed, successful exploitation was unlikely.
The point being, as you say, not all vulnerabilities are made equal. If you can determine the risk of exploitation, the value of the system being protected, and the cost of recovery from a bad action, and accept all of that, then maybe the cost of eliminating the vulnerability is greater than the expected cost of dealing with an exploit.
Technologically, it's such a simple solution. You create something like a limited database view, you expose it on an API, and you give API keys to the people you want to be able to query it.
This is trivial technology to us, but to the people actually doing the work, the more likely scenario is that one person gives another a USB key with a giant Excel spreadsheet containing all the details of every person involved.
Why is it so hard for us to communicate to them that we know how to effect communication in ways that limit exposure of sensitive information? Why does it so often come down to some dumbass passing a.xlsx to some other dumbass? I have done so many consulting jobs where I have received mountains of inappropriate data, and I just ignore it, because what else am I gonna do? I mean, ethically. Obviously, some people just sell it.
How do tech people who do shit like this, and other shit like store passwords in plain text, still have jobs, after so many years?
Yeah, I have several GitHub projects where I've left passwords in the code. The passwords work on a local instance of some API that's exposed on a port that isn't open outside the machine it's on, has NAT without port-forwarding between it and the Internet, and is only running when I turn it on. The passwords, themselves, are randomly generated and not reused on other services, so they don't leak any particular information about my passwords elsewhere. When I put the code into production, I use a different instance of the API and so create new passwords. I don't see any vulnerability here that would be exploitable without tremendous effort and luck (plus a strong motivation to break into a service of extremely low value), so I don't worry about it.
So I wonder if these passwords would get caught up in such an analysis. I know I've had people come up to me at conferences and worriedly tell me that I've left a password in my code. I reassure them that it's okay and the passwords are fairly inert.
If the answer is "money" then that's a totally valid reason for them to lobby. But it's also cynical, because the businesses insist that it isn't about money, it's instead about their noble efforts to protect consumers. I obviously don't believe that line of horseshit, but I was just hoping there's a reason somewhere in between the two.
Apple and others (John Deere, to pick another industry) consistently lobby against right-to-repair laws. I've heard plenty of arguments in favor of RTR, but I've rarely heard a credible argument against. Is there a reason, outside of greed, that we shouldn't be able to have access to documentation and parts for devices we own?
I have an HP laptop that's getting on in years, and the wifi has developed an intermittent fault. On HP's site, I downloaded a tech/repair manual for the thing that includes the part number for the wifi card. It's trivial for me to buy a new one and install it. What is it about Apple's gadgets that forbids mere mortals from looking inside?
Apple claims it is protecting its intellectual property, protecting consumers’ safety, and defending device security, though Talamantes-Eggman said no company has put forward a coherent reason why these bills would result in less secure devices or the divulgence of trade secrets.
There is some of it that I like, but I'm afraid I don't know many band names. I had a roommate who was a big metal fan, and I came to know that often when I said I liked something, he would call it 'progressive metal' which I think means it's... more... orchestral, maybe? Anyway, I like it more when it's less screamy and more instrumental and classically influenced.
As a stats grad student, I took a class where I was in a group with an undergrad business major. We'd just sat through a lecture where the professor has told us why the sample size isn't always 30, and explained how to compute a sample size based upon the estimated population size and estimated variance. When we broke into our groups to compute a sample size for an example problem, the business major said, "That's easy... 30!"
I'd just like to say, I appreciate your starting of the thread that is probably the most productive and interesting of all the threads in the comments, even if it's not really the purpose of the article. (And despite the fact that I'm not a big metal fan.)
Also, to reply to myself, an interesting point about this journal is that it makes public the reviewers' notes preceding publication. Here they are:
https://royalsocietypublishing...
You'll see that an anonymous reviewer raised significant doubts about the scientific veracity of the paper as well as its general utility. After a revision, the reviewer made a grudging acceptance of the paper with the comment, "I remain sceptical about the usefulness of this approach... Perhaps it will start a further debate!" Which sounds a lot to me like they thought it was bullshit but didn't want to argue about it anymore.
Slashdot Mirror
That looks great. I used to work at a place where we cobbled together a combination of Owncloud, Jira, and Slack, and it was all kind of a mess. I'd like to try Nextcloud out.
Christ almighty, it's like volunteering to be surveilled by the goddamn Stasi! Amazon, the on-line bookstore from the 90s, is distributing listening devices that they have somehow convinced people to purchase for themselves, and is employing a spatially-distributed sweatshop of thousands of people who sit for nine hours a day and listen in on other people's private conversations, transcribe them, and file them away. This dystopian horror goes beyond Orwell's nightmares, and the whole point of it is to sell people more shit. It's goddamn madness!
I know it's become a cliche to warn people against adopting Google products because Google will discontinue them after a few years. In this case, though, I'm not joking at all when I ask: why would anyone trust this service to Google? They seem to have recycled Google+ and Google Wave into a re-implementation of IRC, email, and message forums. Which... fine, I guess. Of course, know that Google is going to consume everything you input into this system and use it to, at a minimum, advertise at you. And when Google finally does retire the service, maybe you'll be able to get your data out in some format that is absolutely useless as input to any other competitor.
I don't know what the open-source alternatives are, but I'd feel a lot better about using OSS for this purpose.
Does this mean that if I use site/log analytics to study the behavior of users so I can adjust the features of the site for better user efficiency, that I need to convene an independent IRB, register that IRB with the Commission, and then produce a human subjects research plan for approval? As stupid as that sounds, it seems to pretty clearly fall within rule 4.
I appreciate the intentions of these senators, I guess. But it doesn't look like this proposal has been vetted by anyone who knows how the Internet actually works... like the recent EU bills, or the constant calls for back doors into encryption, or online content filtering. It'd be nice if our legislators were more tech literate.
I might stop using Windows when MS stops offering security updates for Windows 7 (in January, unless things change). I have never heard of a single feature of Windows 10 that is attractive to me. Almost everything I see and hear about it makes me actively not want it.
I've already had, for several years, a dedicated Linux desktop that I use almost daily. I have peccadilloes with Ubuntu and Gnome that I'm sure I could fix if it were my primary OS. I mostly hang on to Windows because of proprietary software support. I use ArcGIS for my work, and I play PC games. These days, game publishers are starting to offer Linux versions of their games, and Steam is making it much easier to play Windows games under Linux. And if I had to, I could keep a laptop around with Windows just to run specific software that doesn't work elsewhere.
For the time being, I'm quite comfortable with Windows 7. But as time passes, it's clear that what MS wants me to do is rent my OS from them, and that's just not going to happen.
Sure there are. But so far, Amazon isn't accused of breaking any laws with their promotion practices. If they are, it's up to their lawyers to decide whether they want to risk prosecution or change their behavior. I have no idea whether Amazon's promotion of Amazon Basics items in their search results is illegal, and I doubt anybody will really know unless there's a trial about it. I'm just saying that I don't feel confused, pressured, limited, or unable to purchase alternatives to the Basics items that are promoted.
When MS got corrected for anti-competitive behavior for IE, I got it. Windows 95 came with IE, and it was not obvious to the typical user that there was any other choice. They would need to go out specifically looking for another web browser and go through the installation process, all of this predicated on the users knowing that other browsers existed. But in this case, the Basics items are listed at the top of the search results, and users can see the other items just by scrolling down, which doesn't seem to me an undue burden on them.
I agree with you there. It's why I don't shop at Wal-Mart. I also try to buy stuff at local businesses as much as possible. But I live in a smaller town, so sometimes Amazon is the best option. I don't feel too bad about ordering things from Amazon that aren't readily available in town. Sometimes, Amazon doesn't have what I need, or I don't trust them to supply a legitimate product--so I order from the manufacturer's site instead.
Yeah, the fake reviews and counterfeits at Amazon are getting bad. There are a fair number of things I wouldn't really consider buying there anymore: USB keys > 2 GB, phone chargers, batteries, certain kinds of cables. I have a particular book in my cart, but so many reviewers are complaining that they got a low-quality counterfeit printing of the book that I'm just going to order it from the publisher. Board games are iffy.
Maybe some of that low-quality crap benefits Amazon Basics by comparison, but there are a lot of categories where Amazon has no product to compete with the knockoffs, and it's got to be hurting them when we stop buying from them because we sometimes have literally no idea what's going to arrive in the box.
I'm hardly making an impassioned defense of Amazon. I just don't care. It's Amazon's web site, and they can run it how they want. If that pisses people off so much, they should shop somewhere else. As a thinking human being, I'm not particularly confused by listings that say "Sponsored" at the top of them. I find it's not that difficult to scroll past them.
I never had a problem with it. If I search for something and Amazon suggests an Amazon Basics item at the top of the results, it is not mentally or physically taxing to move the scroll wheel a little bit and see the rest of the results. Is this complaint based upon the idea that consumers simply buy the very first thing they see, regardless of whether it's what they want?
I guess, for certain items that people don't care who made it or where it came from, the first item in the list may be purchased more often. So who is Amazon supposed to put at the top of the list? Anyone can complain that search results are biased because the thing at the top of the list isn't the thing they wish was at the top. But, then, if you're selling such a common commodity item that Amazon is undercutting you with their own generic version, maybe you should be selling something else.
I can't see how labor laws would enter into it, since the person has no employment relationship with the company. On the other hand, 'pay me or I'll make this information public' is almost the definition of blackmail. I feel like in any bug bounty situation, there should be a contract between the person and company before things go too far, to avoid situations like in the article. I'm not sure how to propose or negotiate such a contract while avoiding implications of blackmail.
Good Lord, man, talk about a slippery slope argument. Are you seriously blaming the problem of plastic pollution on lonely garbage men who let plastic bags blow away because they don't have a partner on the truck? And then, due to the banning of disposable plastic shopping bags, forecasting the doom of civilization?
I've been using re-usable cloth shopping bags for the last 5-10 years. I keep them in the trunk of the car. They're durable. I wash them periodically. They work just fine for getting groceries, other kinds of shopping, and even non-commerce related toting. I think I paid about $2.00 for each of them. I've used them hundreds of times.
We should stop producing most disposable plastic bags. Oil is too valuable to make into shitty plastic bags just so someone can use them to carry groceries from the store to the car and then the car to the house. Even if the bags actually made it to the landfill and didn't wind up in the ocean, it would still be a waste. Since they do end up in the ocean, it's even worse.
Just off the top of my head, here are a bunch of steps that might be taken in the situation:
This requires the time of security analysts, consultants, lawyers, management, IT people; recompense for lost time for anyone at MS unable to work while affected systems were down; money for hardware replacement; ... . MS probably isn't feeling especially generous about these costs, and is definitely going to count every cost they can in their total.
The guy had access for three weeks until mid-February, and was arrested in June. So there's 3.5 months give or take a few weeks when MS could have been doing all of this work. I hope it wouldn't have taken them the whole time, but it's easy to see how the costs could add up.
I think you're right, but I would add two things:
- Appropriate mix of using contractors and in-house development. SpaceX and others are showing that they can get payloads, soon including people, into orbit. NASA should recognize the commodification of the basics and focus the big government dollars on space tech that the commercial guys won't touch right now. Of course, that means giving up on a lot of pork spending, in line with your item #2.
- Adjust the budget to realistically accomplish the goals. I suspect this means increasing the budget, but I don't know.
Anyway, as I said, I think you're right, which is to say: none of this is going to happen anytime soon.
NASA does a lot of stuff, and a lot of it (Earth observation missions, for example) works really well. But for these moon shot missions, nothing is at stake. Someone like Mike Pence says we're going to the moon for no particular reason, and nobody cares, and nobody believes we're actually going to the moon, so when we don't go, it's not a surprise to anybody--in fact, they've all forgotten that Mike Pence said anything about it in the first place. So who cares if we failed?
I knowingly created a vulnerability in a single sign-on system that I implemented. I did it for expediency. But when I did, I spoke with my boss about it first, and then we all talked about it at a staff meeting to try to determine ways that it could be exploited. The two we came up with involved a bad actor who already had unrestricted physical access to a logged-in user's machine, or a bad actor who had reality-defying luck at guessing a UUID within a 24-hour period. In either case, the attacker couldn't gain access beyond the user they impersonated. It was decided that even though a vulnerability existed, successful exploitation was unlikely.
The point being, as you say, not all vulnerabilities are made equal. If you can determine the risk of exploitation, the value of the system being protected, and the cost of recovery from a bad action, and accept all of that, then maybe the cost of eliminating the vulnerability is greater than the expected cost of dealing with an exploit.
Technologically, it's such a simple solution. You create something like a limited database view, you expose it on an API, and you give API keys to the people you want to be able to query it.
This is trivial technology to us, but to the people actually doing the work, the more likely scenario is that one person gives another a USB key with a giant Excel spreadsheet containing all the details of every person involved.
Why is it so hard for us to communicate to them that we know how to effect communication in ways that limit exposure of sensitive information? Why does it so often come down to some dumbass passing a .xlsx to some other dumbass? I have done so many consulting jobs where I have received mountains of inappropriate data, and I just ignore it, because what else am I gonna do? I mean, ethically. Obviously, some people just sell it.
How do tech people who do shit like this, and other shit like store passwords in plain text, still have jobs, after so many years?
Yeah, I have several GitHub projects where I've left passwords in the code. The passwords work on a local instance of some API that's exposed on a port that isn't open outside the machine it's on, has NAT without port-forwarding between it and the Internet, and is only running when I turn it on. The passwords, themselves, are randomly generated and not reused on other services, so they don't leak any particular information about my passwords elsewhere. When I put the code into production, I use a different instance of the API and so create new passwords. I don't see any vulnerability here that would be exploitable without tremendous effort and luck (plus a strong motivation to break into a service of extremely low value), so I don't worry about it.
So I wonder if these passwords would get caught up in such an analysis. I know I've had people come up to me at conferences and worriedly tell me that I've left a password in my code. I reassure them that it's okay and the passwords are fairly inert.
If the answer is "money" then that's a totally valid reason for them to lobby. But it's also cynical, because the businesses insist that it isn't about money, it's instead about their noble efforts to protect consumers. I obviously don't believe that line of horseshit, but I was just hoping there's a reason somewhere in between the two.
Apple and others (John Deere, to pick another industry) consistently lobby against right-to-repair laws. I've heard plenty of arguments in favor of RTR, but I've rarely heard a credible argument against. Is there a reason, outside of greed, that we shouldn't be able to have access to documentation and parts for devices we own?
I have an HP laptop that's getting on in years, and the wifi has developed an intermittent fault. On HP's site, I downloaded a tech/repair manual for the thing that includes the part number for the wifi card. It's trivial for me to buy a new one and install it. What is it about Apple's gadgets that forbids mere mortals from looking inside?
Why?
Not to worry; the way Google operates, the service will be cancelled before anyone has a chance to reach their bandwidth cap.
Thanks, I'll look into these.
Thanks, I'll check it out.
There is some of it that I like, but I'm afraid I don't know many band names. I had a roommate who was a big metal fan, and I came to know that often when I said I liked something, he would call it 'progressive metal' which I think means it's... more... orchestral, maybe? Anyway, I like it more when it's less screamy and more instrumental and classically influenced.
As a stats grad student, I took a class where I was in a group with an undergrad business major. We'd just sat through a lecture where the professor has told us why the sample size isn't always 30, and explained how to compute a sample size based upon the estimated population size and estimated variance. When we broke into our groups to compute a sample size for an example problem, the business major said, "That's easy... 30!"
I'd just like to say, I appreciate your starting of the thread that is probably the most productive and interesting of all the threads in the comments, even if it's not really the purpose of the article. (And despite the fact that I'm not a big metal fan.)
Also, to reply to myself, an interesting point about this journal is that it makes public the reviewers' notes preceding publication. Here they are: https://royalsocietypublishing... You'll see that an anonymous reviewer raised significant doubts about the scientific veracity of the paper as well as its general utility. After a revision, the reviewer made a grudging acceptance of the paper with the comment, "I remain sceptical about the usefulness of this approach... Perhaps it will start a further debate!" Which sounds a lot to me like they thought it was bullshit but didn't want to argue about it anymore.