Heh. I had some cable wiring like that back in Jersey; the cable line for the building was just a splice off the pole, and the lines in the basement were just one incoming line, hooked to like 20 y-splitters.
Sadly, this actually was legitimate wiring, though it worked like crap.
Mostly they run fiber near your house, and then send everything the rest of the way on their antiquated copper network. The whole bit in the article is talking about an attempt by AT&T to try to run fiber closer to your house, and how it's flopping for 'em. I wish they'd just do the real deal as well, or do something what the water companies do: run fiber near someone, and let them pay if they want to hook on.
For a real, high band fiber connection, I'd be willing to put in some change, and I doubt I'm the only one.
For those who don't want to RTFA, it's the usual mix of local politics, coupled with the regulatory snafu that's arising from the ever-decreasing "difference" between phone and cable companies.
Basically the phone company is doing a significant fiber upgrade, and trying to slip the whole "we're going to be doing tv soon" idea under the radar of the local people, who've already signed one of those craptastic cable monopoly agreements with comcast...The upgrade also includes large beige junction boxes, which is causing the predictable uproar among the affluent, yard-obsessed yuppies who live in the suburb in question. To add insult to injury, the community just got over a nasty fight with SBC (now part of Verizon), over doing fiber-to-the-house on their own initiative.
It's all a load of crap at this point anyway. The damn regulation we're using to play phone and cable companies off against each other is hilariously dated, especially since they're all sending the same damn bits, and mostly sending them over the same damn wires!
We need a simple law to force wire sharing (so we don't end up with five times the amount of bandwidth we need going into every damn neighborhood), and maybe a standard connector for data cables, and we need to step back, and let them fight it out to the death. Forcing those jokers to compete is the only way we'll get decent service for a decent price.
I used to know a guy who had this huge heated pool, and he was forever complaining about the cost of keeping it warm, etc, etc. So I talked him into setting up a solar heating setup, which cost hardly anything to set up (sun's been heating water for a long time), and worked beautifully for practically nothing. Now, I didn't refer to it as solar, because he's tech illiterate, and since it didn't use any "solar panels" I didn't want to confuse him.
At some later point, while splashing around in his nice warm pool, I made reference to Low-E glass coating for his big picture windows, and some supplemental solar for his big roof.
His exact words: "Don't buy into that...Solar just isn't efficient!"
For me it just makes economic sense to try and use the least amount of energy possible.
I used to do that when I lived in New York...That was completely effective, you could close all the windows at 7:00am, and the house would stay decently cool until around 2:00 or 3:00, and then you'd open all the windows and sweat until 5:30 or 6, when it would start cooling off.
In Georgia, however, the nights are almost as miserable as the days because the humidity in the air traps the heat...it's literally like a sauna...and leaving your AC off for hours means it has to work harder to cool things back off when you finally cave in and turn it on. It's probably still a net savings, but in July I don't even consider it.
I'm always interested in better insulation...The house has too many damn windows though, and I'm not planning on living there long enough to make my money back on replacing them, which is an issue. I've still done a few, but it's ~200.00 per window, not counting installation, so I'm not in any hurry.
Well, where I live, A/C is pretty much a given. With Summer temperatures running in the mid 90s to the mid 100s (35-39c), there is no amount of insulation short of ~20 feet of earth thrown over your house that will make a difference. You're going to need something, and while insulation means that it'll be cooler until ~13:00, after that it just means it'll stay warm longer.
Still, the first thing I did when I bought my new house was to put another layer of insulation in the attic, and get a quote for having more insulation put into the outside walls as well.
It only makes sense to add extra insulation...In the north you get a lot of people talking about the insulation, because in their minds insulation keeps you warm, and they think about that. It's not so much the case in the south, because people think of insulation as keeping you warm and thats the LAST thing they want. It's more a problem of education than anything else.
The protocol is connectionless, but the connection can be tracked easily enough. Bah, you're right. I just deal with the NAT end of it so often, I see connections everywhere.
I hate percentage goals. What a worthless metric. If I have a great year for programming (like I did last year), then the next year my job responsibilities double and my code output drops, did I become less productive...or more?
It's like taking a poorly written application and cleaning it up, so that when you're finished, it's smaller than it was when you started. I did that a couple of months ago and this dumbass kept overwriting my new code with the old code, because he assumed that the new code must be bigger than the old code, and couldn't be bothered to look at the timestamps.
It depends. At work, I deny everything, and then open specific ports for specific traffic from specific subnets, and then every address gets monitored for usage. Catches most things, and in a work environment, blocking 99% of all ports is acceptable.
At home, I allow all outgoing, and a tiny amount of incoming. I monitor usage with snort, to check for spyware traffic. I've been doing it for 5 or 6 years and I've never had any problems. Probably helps that I don't do any web surfing/email from Windows machines, so if something did go across port 80 from one of them, it'd stick out.
The system maintains a "State Table" which stores information about all incoming/outgoing connections. For TCP it stores stuff out of the packet headers, including sequence, and state, and all that other junk, but it also stores origin and destination, to help spot packet spoofing.
For UDP the state table depends entirely on the origin port/address and the destination port/address. When the connection is made out, this is recorded in the table, and when the packets start coming back in, this is compared with the original entry.
If it matches, they are accepted, if it doesn't they aren't. Additionally there is a timeout, which, in the case of linux is actually hardcoded into the kernel in/usr/src/linux/net/ipv4/netfilter/ip_conntrack_pro to_udp.c...It defaults to 30 seconds, which means, if the local IP doesn't send a response every 30 seconds, the connection will time out.
All these people maintaining that UDP is a "connectionless" protocol are baffling to me...How do you think NAT works? Do you think that it just forwards UDP packets everywhere, hoping that someone wants them? All connection information has to be maintained with NAT, or there is no point.
Well, no, I suppose if you sent every packet from a UDP session to a different port, there would be no way of telling that they're all part of the same session, because you're right, UDP doesn't contain any tracking info.
The state table entry for a UDP packet, however, contains the source IP:port and the destination IP:port, and uses that information to "track" the exchange. So unless you just allow all UDP through the firewall, the state table keeps track of how often the destination ip responds, and if it doesn't respond within the timeout set in ip_conntrack_proto_udp.c at compile time, the system will terminate that connection, and require a "new" connection to be set up between those addresses. It also won't allow the destination port to be changed without a second "NEW" packet originating from the new destination port.
I agree it's not an "attack" as such. My original point was that it wasn't an exploit at all, in the sense that you are not able to break any existing rule using this method. If you allow UDP out, and UDP:Established in, then how can you complain that you end up accepting a bunch of UDP packets?
Coworker of mine has a sawed off hoe handle, which he maintains was useful for maintenance on an obscure now-obsolete color proofer. Routine application of this to users is beneficial in stopping the spread of these documents.
Heh.
The bulk of our traffic here is excel and powerpoint, so limiting word documents hasn't been a real problem. Additionally, corporate used to require stupidly high end router hardware in all parts of the building which was abusive on the budget, but, at times like this, comes in handy.
Absolutely. It be fair, it's easiest to set up a firewall that blocks all incoming non-ESTABLISHED traffic, and allows all outbound traffic. That's two lines of code.
Every other port or packet type you have a special case for is two more lines, so you see your work doubling in front of you with every little bit of added complexity.
Still, if you do it right, stuff like this won't sneak up on you.
UDP is not connectionless. It is "stateless" which is not the same thing. Incoming UDP packets still have to open a connection with a NEW packet, so simply dropping all NEW UDP packets will keep you secure from any non-established connection.
The IPTables code would be:
iptables -A INPUT -p udp -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT
This still wouldn't protect you from the "attack" described in the article, so to be truly secure, you should only allow outbound UDP on ports of your choosing.
Or you could just remove NAT for UDP:
iptables -A FORWARD -p udp --sport 1:10000 -j DROP
It's annoying, but it's hardly a "nightmare", and there a number of ways to keep your system secure, and to prohibit users from abusing your bandwidth with streaming applications.
It's not even "punching a hole", so don't think about it that way.
Many firewalls are set up to trust the computers on the inside, so if they make a connection out, the firewall allows that connection to persist by allowing packets that are a part of the internally originating conversation to come back through.
So basically, far from having "a hole punched through your firewall", you've basically invited an untrustworthy element through your security, and it's opening a window so it can pass information back out to it's friends.
This is a very old, classic problem with firewalls, because you want the firewall to be as inobtrusive as possible, while still offering good protection. I don't, for example, block my windows PC from sending out on any port through the firewall, because I mainly use it to play games and I never know what ports it'll need to use. However, I do monitor it's internet usage using Snort, to keep an eye out for spyware and zombie processes. If I cared, I could lock it down to web-only with trivial changes in the firewall.
This isn't an exploit. If the admin's didn't want the firewall to forward ESTABLISHED/RESPONSE packets, they can take that capability out...One of the things I've always had issues with, with regards to commercial firewall software (e.g Zone Alarm/Windows Firewall) is that that capability usually ISN'T enabled, so I'm forever getting "APPLICATION IS TRYING TO CONNECT TO THE INTERNET" pop-ups.
If you're using a NAT with IPTables, it's trivial to tell it to drop packets on any port regardless of whether they're established or UDP or whatever. The article represents this like it's some kind of l33t hacker tool to break down a firewall from the outside, rather than the same problem you'd have if you downloaded a trojan, or some internet-connecting spyware.
Yea, I guess it is a bit whiny...I got dumped with a completely undocumented system after the powers that be fired and drove off the people who'd maintained that system, and when I jumped in and took up the slack (the slack of three people), working crazy overtime trying to keep up some SERIOUSLY erratic, yet mission-critical applications, then to get shafted in my review because my programming output dropped?
I did feel abused. At that point I stopped making anything idiot-proof, and stopped replacing awful kludges with stable configurations. I stopped programming in one programming language. I stopped using one crontab. I stopped caring if applications had critical directory mount chains that crossed multiple machines. Most importantly, I stopped documenting anything.
Looking at my work from a purely functional standpoint, no one could have any complaints. Everything does exactly what it's supposed to. But the robustness and redundancy that are the hallmarks of a system that is done correctly are gone, and the beauty of it all is, I've got a nasty performance review in my file blasting me for not focusing on "my job", so I fricking dare anyone to complain about anything that is not part of my official responsibilities.
I'm a coder and a unix admin...Unfortunately, I don't get paid to be a Unix admin (as the CFO told me, right before she cut out my raise), so while my code is documented to death, my network architecture is cryptic and erratic. Some services are enabled as I use them, but not set up to enable on boot. Some machines are in oddball locations in the building, and they're all headless, and unlabeled. Since the network infrastructure of the building is crap, I've had to pull my own cable to some machines to get adequate bandwidth, and that means that servers aren't necessarily plugged in where you'd think they would be.
All the Win admins, who tell the CIO they don't need to pay me to do admin work when everything is working perfectly, and then worship my skills when something breaks, can figure it out themselves if I'm not around. I'm tired of babying them, and giving them detailed written instructions for stuff that they should damn well know how to do.
The most commonly perverted science is chemistry. Did you know the lead (the element lead (Pb)) industry buried data relating to lead poisoning for almost half a century, while lobbying to have lead added to gasoline as an unnecessary additive? How about Tobacco companies, and "Smoking doesn't cause cancer"? Chemical companies defending themselves against lawsuits over their pollution by employing scientists who are willing to go on the stand and say that there is no possible link between dumping compounds containing large amounts of covalent chlorine into the environment and the statistically unlikely upswing of cancer in the area?
There are huge amounts of dishonest shilling in every branch of science where there is money at stake. That's just the way of the world.
Sure, other scientists hate them, and discredit their findings, but do you really think this costs them their jobs? Well, it might cost them their job at an institution that believes in pure unbiased science, but it is guaranteed to land them a sweet position at any variety of fuel/chemical company, or ideological think tank, depending on their bias.
And while their science isn't taken seriously by other scientists, it is given tons of air time by a media that has been trained to find two sides to every discussion no matter how many sides it actually has, and taken at face value by laypeople who are predisposed to believe science that supports their personal predudices.
You idealism is admirable, but you need to remember that science is about more than what scientists believe themselves, and scientific truth, no matter how well supported, can be overthrown in the public perception by well packaged crap science that appeals to their prejudices.
The AI argument is a strawman in this case. Assuming we created AI, we'd have to evolve a whole set of laws around their creation and treatment, so hypothesizing that we could make AI's do snuff child porn, so digital kiddie porn is bad, is a bit of a stretch.
As it stands, we already have out movie characters doing awful stuff to other movie characters. I mean "Saw" 1,2,& 3...Touristas? I've seen movies that I heartily wish I could unsee where there was no CGI to speak of...and no porn either.
I think there really is no point in defining an arbitrary limit...How would you do it? What would be the criteria? It's ridiculously difficult to define things like obscenity already...Just put a rating on it, so people know what they're getting into, and call it a day.
Eh. So it's okay for the majority to decide that, for example, English is the official language of this country, and refuse to provide any resources to anyone who is not fluent in english. That would be a desicion by the majority about the mores/norms of society. How about deciding that all unwed mothers under a certain age must have an abortion? Or, conversely, that all abortions, even in cases where the mother will certainly die without one, are illegal? Those are drastic examples, but they cut right to the core of why it's bad to allow the majority to decide what freedoms other people should be allowed.
I think, by definition, a free society is one that tolerates views that run counter to majority opinion. Sure, computer generated kiddie porn is not exactly the ideal of free expression, but as soon as you start limiting freedom just because you don't like what people are doing with it, you have problems.
Don't pretend like it just started now...People have been twisting science to meet political/economic ends for as long as there has been science. Admittedly, the Shrub administration is hugely anti-intellectual, but that just means that their bad science is more obvious.
Frankly as long as there is money/power at stake where scientific findings are concerned, there will be biased, skewed science. Scientists are no less susceptible to bribes and threats, and no less prone to intellectual whoredom than regular people.
Pennys have only a thin copper coating; they're mostly nickel. I've had one on my keychain for so long that almost all of the copper has worn off.
They've been a ridiculous indulgence for years though. What the hell can you buy for a penny? Just round everything up to the nearest nickel and use the tax revenue to help lower the goddamn national debt or something. That they still make and distribute this worthless currency is beyond me.
Heh. I had some cable wiring like that back in Jersey; the cable line for the building was just a splice off the pole, and the lines in the basement were just one incoming line, hooked to like 20 y-splitters.
Sadly, this actually was legitimate wiring, though it worked like crap.
Mostly they run fiber near your house, and then send everything the rest of the way on their antiquated copper network. The whole bit in the article is talking about an attempt by AT&T to try to run fiber closer to your house, and how it's flopping for 'em. I wish they'd just do the real deal as well, or do something what the water companies do: run fiber near someone, and let them pay if they want to hook on.
For a real, high band fiber connection, I'd be willing to put in some change, and I doubt I'm the only one.
Not Verizon, AT&T...Got my mergers confused.
For those who don't want to RTFA, it's the usual mix of local politics, coupled with the regulatory snafu that's arising from the ever-decreasing "difference" between phone and cable companies.
Basically the phone company is doing a significant fiber upgrade, and trying to slip the whole "we're going to be doing tv soon" idea under the radar of the local people, who've already signed one of those craptastic cable monopoly agreements with comcast...The upgrade also includes large beige junction boxes, which is causing the predictable uproar among the affluent, yard-obsessed yuppies who live in the suburb in question. To add insult to injury, the community just got over a nasty fight with SBC (now part of Verizon), over doing fiber-to-the-house on their own initiative.
It's all a load of crap at this point anyway. The damn regulation we're using to play phone and cable companies off against each other is hilariously dated, especially since they're all sending the same damn bits, and mostly sending them over the same damn wires!
We need a simple law to force wire sharing (so we don't end up with five times the amount of bandwidth we need going into every damn neighborhood), and maybe a standard connector for data cables, and we need to step back, and let them fight it out to the death. Forcing those jokers to compete is the only way we'll get decent service for a decent price.
I think there is a happy medium.
I used to know a guy who had this huge heated pool, and he was forever complaining about the cost of keeping it warm, etc, etc. So I talked him into setting up a solar heating setup, which cost hardly anything to set up (sun's been heating water for a long time), and worked beautifully for practically nothing. Now, I didn't refer to it as solar, because he's tech illiterate, and since it didn't use any "solar panels" I didn't want to confuse him.
At some later point, while splashing around in his nice warm pool, I made reference to Low-E glass coating for his big picture windows, and some supplemental solar for his big roof.
His exact words: "Don't buy into that...Solar just isn't efficient!"
For me it just makes economic sense to try and use the least amount of energy possible.
I used to do that when I lived in New York...That was completely effective, you could close all the windows at 7:00am, and the house would stay decently cool until around 2:00 or 3:00, and then you'd open all the windows and sweat until 5:30 or 6, when it would start cooling off.
In Georgia, however, the nights are almost as miserable as the days because the humidity in the air traps the heat...it's literally like a sauna...and leaving your AC off for hours means it has to work harder to cool things back off when you finally cave in and turn it on. It's probably still a net savings, but in July I don't even consider it.
I'm always interested in better insulation...The house has too many damn windows though, and I'm not planning on living there long enough to make my money back on replacing them, which is an issue. I've still done a few, but it's ~200.00 per window, not counting installation, so I'm not in any hurry.
Well, where I live, A/C is pretty much a given. With Summer temperatures running in the mid 90s to the mid 100s (35-39c), there is no amount of insulation short of ~20 feet of earth thrown over your house that will make a difference. You're going to need something, and while insulation means that it'll be cooler until ~13:00, after that it just means it'll stay warm longer.
Still, the first thing I did when I bought my new house was to put another layer of insulation in the attic, and get a quote for having more insulation put into the outside walls as well.
It only makes sense to add extra insulation...In the north you get a lot of people talking about the insulation, because in their minds insulation keeps you warm, and they think about that. It's not so much the case in the south, because people think of insulation as keeping you warm and thats the LAST thing they want. It's more a problem of education than anything else.
The protocol is connectionless, but the connection can be tracked easily enough. Bah, you're right. I just deal with the NAT end of it so often, I see connections everywhere.
I hate percentage goals. What a worthless metric. If I have a great year for programming (like I did last year), then the next year my job responsibilities double and my code output drops, did I become less productive...or more?
It's like taking a poorly written application and cleaning it up, so that when you're finished, it's smaller than it was when you started. I did that a couple of months ago and this dumbass kept overwriting my new code with the old code, because he assumed that the new code must be bigger than the old code, and couldn't be bothered to look at the timestamps.
It depends. At work, I deny everything, and then open specific ports for specific traffic from specific subnets, and then every address gets monitored for usage. Catches most things, and in a work environment, blocking 99% of all ports is acceptable.
At home, I allow all outgoing, and a tiny amount of incoming. I monitor usage with snort, to check for spyware traffic. I've been doing it for 5 or 6 years and I've never had any problems. Probably helps that I don't do any web surfing/email from Windows machines, so if something did go across port 80 from one of them, it'd stick out.
The system maintains a "State Table" which stores information about all incoming/outgoing connections. For TCP it stores stuff out of the packet headers, including sequence, and state, and all that other junk, but it also stores origin and destination, to help spot packet spoofing.
/usr/src/linux/net/ipv4/netfilter/ip_conntrack_pro to_udp.c...It defaults to 30 seconds, which means, if the local IP doesn't send a response every 30 seconds, the connection will time out.
For UDP the state table depends entirely on the origin port/address and the destination port/address. When the connection is made out, this is recorded in the table, and when the packets start coming back in, this is compared with the original entry.
If it matches, they are accepted, if it doesn't they aren't. Additionally there is a timeout, which, in the case of linux is actually hardcoded into the kernel in
All these people maintaining that UDP is a "connectionless" protocol are baffling to me...How do you think NAT works? Do you think that it just forwards UDP packets everywhere, hoping that someone wants them? All connection information has to be maintained with NAT, or there is no point.
Well, no, I suppose if you sent every packet from a UDP session to a different port, there would be no way of telling that they're all part of the same session, because you're right, UDP doesn't contain any tracking info.
The state table entry for a UDP packet, however, contains the source IP:port and the destination IP:port, and uses that information to "track" the exchange. So unless you just allow all UDP through the firewall, the state table keeps track of how often the destination ip responds, and if it doesn't respond within the timeout set in ip_conntrack_proto_udp.c at compile time, the system will terminate that connection, and require a "new" connection to be set up between those addresses. It also won't allow the destination port to be changed without a second "NEW" packet originating from the new destination port.
I agree it's not an "attack" as such. My original point was that it wasn't an exploit at all, in the sense that you are not able to break any existing rule using this method. If you allow UDP out, and UDP:Established in, then how can you complain that you end up accepting a bunch of UDP packets?
Coworker of mine has a sawed off hoe handle, which he maintains was useful for maintenance on an obscure now-obsolete color proofer. Routine application of this to users is beneficial in stopping the spread of these documents.
Heh.
The bulk of our traffic here is excel and powerpoint, so limiting word documents hasn't been a real problem. Additionally, corporate used to require stupidly high end router hardware in all parts of the building which was abusive on the budget, but, at times like this, comes in handy.
Absolutely. It be fair, it's easiest to set up a firewall that blocks all incoming non-ESTABLISHED traffic, and allows all outbound traffic. That's two lines of code.
Every other port or packet type you have a special case for is two more lines, so you see your work doubling in front of you with every little bit of added complexity.
Still, if you do it right, stuff like this won't sneak up on you.
UDP is not connectionless. It is "stateless" which is not the same thing. Incoming UDP packets still have to open a connection with a NEW packet, so simply dropping all NEW UDP packets will keep you secure from any non-established connection.
The IPTables code would be:
iptables -A INPUT -p udp -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT
This still wouldn't protect you from the "attack" described in the article, so to be truly secure, you should only allow outbound UDP on ports of your choosing.
Or you could just remove NAT for UDP:
iptables -A FORWARD -p udp --sport 1:10000 -j DROP
It's annoying, but it's hardly a "nightmare", and there a number of ways to keep your system secure, and to prohibit users from abusing your bandwidth with streaming applications.
It's not even "punching a hole", so don't think about it that way.
Many firewalls are set up to trust the computers on the inside, so if they make a connection out, the firewall allows that connection to persist by allowing packets that are a part of the internally originating conversation to come back through.
So basically, far from having "a hole punched through your firewall", you've basically invited an untrustworthy element through your security, and it's opening a window so it can pass information back out to it's friends.
This is a very old, classic problem with firewalls, because you want the firewall to be as inobtrusive as possible, while still offering good protection. I don't, for example, block my windows PC from sending out on any port through the firewall, because I mainly use it to play games and I never know what ports it'll need to use. However, I do monitor it's internet usage using Snort, to keep an eye out for spyware and zombie processes. If I cared, I could lock it down to web-only with trivial changes in the firewall.
This isn't an exploit. If the admin's didn't want the firewall to forward ESTABLISHED/RESPONSE packets, they can take that capability out...One of the things I've always had issues with, with regards to commercial firewall software (e.g Zone Alarm/Windows Firewall) is that that capability usually ISN'T enabled, so I'm forever getting "APPLICATION IS TRYING TO CONNECT TO THE INTERNET" pop-ups.
If you're using a NAT with IPTables, it's trivial to tell it to drop packets on any port regardless of whether they're established or UDP or whatever. The article represents this like it's some kind of l33t hacker tool to break down a firewall from the outside, rather than the same problem you'd have if you downloaded a trojan, or some internet-connecting spyware.
Very misleading.
Yea, I guess it is a bit whiny...I got dumped with a completely undocumented system after the powers that be fired and drove off the people who'd maintained that system, and when I jumped in and took up the slack (the slack of three people), working crazy overtime trying to keep up some SERIOUSLY erratic, yet mission-critical applications, then to get shafted in my review because my programming output dropped?
I did feel abused. At that point I stopped making anything idiot-proof, and stopped replacing awful kludges with stable configurations. I stopped programming in one programming language. I stopped using one crontab. I stopped caring if applications had critical directory mount chains that crossed multiple machines. Most importantly, I stopped documenting anything.
Looking at my work from a purely functional standpoint, no one could have any complaints. Everything does exactly what it's supposed to. But the robustness and redundancy that are the hallmarks of a system that is done correctly are gone, and the beauty of it all is, I've got a nasty performance review in my file blasting me for not focusing on "my job", so I fricking dare anyone to complain about anything that is not part of my official responsibilities.
I'm a coder and a unix admin...Unfortunately, I don't get paid to be a Unix admin (as the CFO told me, right before she cut out my raise), so while my code is documented to death, my network architecture is cryptic and erratic. Some services are enabled as I use them, but not set up to enable on boot. Some machines are in oddball locations in the building, and they're all headless, and unlabeled. Since the network infrastructure of the building is crap, I've had to pull my own cable to some machines to get adequate bandwidth, and that means that servers aren't necessarily plugged in where you'd think they would be.
All the Win admins, who tell the CIO they don't need to pay me to do admin work when everything is working perfectly, and then worship my skills when something breaks, can figure it out themselves if I'm not around. I'm tired of babying them, and giving them detailed written instructions for stuff that they should damn well know how to do.
The most commonly perverted science is chemistry. Did you know the lead (the element lead (Pb)) industry buried data relating to lead poisoning for almost half a century, while lobbying to have lead added to gasoline as an unnecessary additive? How about Tobacco companies, and "Smoking doesn't cause cancer"? Chemical companies defending themselves against lawsuits over their pollution by employing scientists who are willing to go on the stand and say that there is no possible link between dumping compounds containing large amounts of covalent chlorine into the environment and the statistically unlikely upswing of cancer in the area?
There are huge amounts of dishonest shilling in every branch of science where there is money at stake. That's just the way of the world.
Sure, other scientists hate them, and discredit their findings, but do you really think this costs them their jobs? Well, it might cost them their job at an institution that believes in pure unbiased science, but it is guaranteed to land them a sweet position at any variety of fuel/chemical company, or ideological think tank, depending on their bias.
And while their science isn't taken seriously by other scientists, it is given tons of air time by a media that has been trained to find two sides to every discussion no matter how many sides it actually has, and taken at face value by laypeople who are predisposed to believe science that supports their personal predudices.
You idealism is admirable, but you need to remember that science is about more than what scientists believe themselves, and scientific truth, no matter how well supported, can be overthrown in the public perception by well packaged crap science that appeals to their prejudices.
The AI argument is a strawman in this case. Assuming we created AI, we'd have to evolve a whole set of laws around their creation and treatment, so hypothesizing that we could make AI's do snuff child porn, so digital kiddie porn is bad, is a bit of a stretch.
As it stands, we already have out movie characters doing awful stuff to other movie characters. I mean "Saw" 1,2,& 3...Touristas? I've seen movies that I heartily wish I could unsee where there was no CGI to speak of...and no porn either.
I think there really is no point in defining an arbitrary limit...How would you do it? What would be the criteria? It's ridiculously difficult to define things like obscenity already...Just put a rating on it, so people know what they're getting into, and call it a day.
Eh. So it's okay for the majority to decide that, for example, English is the official language of this country, and refuse to provide any resources to anyone who is not fluent in english. That would be a desicion by the majority about the mores/norms of society. How about deciding that all unwed mothers under a certain age must have an abortion? Or, conversely, that all abortions, even in cases where the mother will certainly die without one, are illegal? Those are drastic examples, but they cut right to the core of why it's bad to allow the majority to decide what freedoms other people should be allowed.
I think, by definition, a free society is one that tolerates views that run counter to majority opinion. Sure, computer generated kiddie porn is not exactly the ideal of free expression, but as soon as you start limiting freedom just because you don't like what people are doing with it, you have problems.
Don't pretend like it just started now...People have been twisting science to meet political/economic ends for as long as there has been science. Admittedly, the Shrub administration is hugely anti-intellectual, but that just means that their bad science is more obvious.
Frankly as long as there is money/power at stake where scientific findings are concerned, there will be biased, skewed science. Scientists are no less susceptible to bribes and threats, and no less prone to intellectual whoredom than regular people.
Pennys have only a thin copper coating; they're mostly nickel. I've had one on my keychain for so long that almost all of the copper has worn off.
They've been a ridiculous indulgence for years though. What the hell can you buy for a penny? Just round everything up to the nearest nickel and use the tax revenue to help lower the goddamn national debt or something. That they still make and distribute this worthless currency is beyond me.