The actual heartbleed bug is an issue of reading. It's validation: it allocates 10 bytes because the payload is that big; then it reads from that buffer 10000 bytes because the payload says it's that big. It's not a double-free or an out-of-bounds write, both of which we can readily detect.
To detect out-of-bounds read, you have to allocate in 4k blocks with malloc(), then right-align so that the buffer ends with the block, and keep the block after that unallocated. If some monkey mmap()s the following block that breaks this scheme, but that's extremely unlikely. So in normal operation, you read past the end and there is no physical RAM for that address and the system faults.
This scheme is highly expensive. Every allocation is rounded up to 4K of memory usage. That means the millions of tiny things allocated are multiplied by their average proportion to 4k. Allocated a binary tree of hundreds of thousands of vectors in a 3D rendering engine? Congrats: now all of these 80 byte elements each require 4096 bytes, about 500x as much RAM. Because of this kind of inflation (which on average isn't 500x), most allocators don't do this. I would not be surprised to see most workloads using only 10%-30% more RAM under this scheme, but a 10% increase is considered insane and a 1% decrease is considered an excellent and important optimization to most allocator designers.
The point is that this code would feed you broken output if you ever fed it broken user input, and it would feed you correct output and have no behavioral flaws if you just gave it correct input. The protections above would trigger if you fed this code broken input; but if you tested for that, you'd already be looking for this kind of bounds issue, and you wouldn't need a system crash to tell you that you just sent a 4 byte payload and got a 10 byte payload back.
This bug was missed because it works normally when not fed broken data, and nobody thought to test it with broken data.
In the Open Source concept, when any random joe sees a security bug, they file it with upstream quietly. It gets repeated behind closed doors to all the distro maintainers, and then they all have packages ready to go when the patch is published.
In the closed model, it takes binary analysis or other stuff to see it. There are far fewer people just stumbling around in the code going, "Whoa, this looks really weird." A lot of security holes are found and fixed by programmers who were doing something in that block and realized what they were looking at was buggy to horrendous results.
Uh, no. The heartbleed bug isn't a result of OpenSSL breakage in the way it allocates memory; it's actually a result of incorrectly handling memory allocated properly. That OpenSSL can't work when compiled against normal malloc() implies other issues unrelated to this one.
If OpenSSL had been compiled to properly work with glibc malloc() or freebsd malloc(), this bug would still stand.
A specific security feature of malloc() available as an optional security enhancement on OpenBSD has the ability to crash the program in the event of an exploit of this particular bug.
This feature isn't available on most of the installations of software using SSL, and wouldn't be triggered by OpenSSL unless it was exploited.
Therefor, if OpenSSL had correctly used malloc() to take advantage of this feature, the situation would be--in reality--no different, except we could say that theoretically the attacks on servers running OpenBSD wouldn't work.
The reason nobody would have caught it is simple: you'd have to intentionally fuzz the TLS heartbeat feature looking for exploits. You'd only do that when searching for exploits, you'd be analyzing responses, and you'd catch it anyway. It almost certainly would have been caught exactly as fast; and even if it was caught sooner, the impact would be "oh shit everybody in the world change your SSL keys"--i.e. the current situation.
The allocator, as a single segment, already has a 50% or higher overhead. We're talking about changes that could turn into hundreds of megabytes of waste. There are literally hundreds of thousands of allocations actively in use in some workloads such as Web browsers or Word processors. Think about every pointer being 4KB at the very least--an array of 10 things of 100 bytes each is 1KB, but as a linked list it's 40KB. Expand 1KB = 40KB to the 1800MB RAM usage crap of Web browsers and OpenOffice.org and modern desktop environments.
The problem is it would have crashed on OpenBSD if someone would have tested this exploit on OpenBSD, meaning someone would have to be looking for the exploit, meaning someone would have found a bunch of data coming back anyway and gone "oh lol wtf?".
If someone crashed your server trying to exploit it, you would probably not notice; since there aren't many OpenBSD servers, probably nobody would notice that these attacks were happening and gone, "Whoa! A wild 0-day exploit!" And even if they had, there's all these non-OpenBSD servers that are getting hacked and nobody can say if they're hacked or not, so we just get ourselves into this exact situation sooner. We don't come away with smaller collateral damage; EVERY SSL CERTIFICATE EVER ISSUED IS NOW INVALID.
Nothing Theo suggested changes the situation. Implementing malloc() protection everywhere might; but if you can show any ability to beat that protection a percentage of the time, then we're also in the same situation. We're talking about reads, so canaries aren't it. If you're crashing out on reads, then every malloc(1) that crashes if you read 2 requires 4096 bytes of real RAM to store 1 byte of data--we get into costs.
I can see his point; however he's still wrong. Mostly because he's Theo, though I'll credit he seems to have quietly accepted some of the things he was wrong about in the past.
So then a bug shows up which leaks the content of memory mishandled by
that layer. If the memoory had been properly returned via free, it
would likely have been handed to munmap, and triggered a daemon crash
instead of leaking your keys.
And then the five servers in the world running OpenBSD would be safe.
The moment the bug was discovered, we were all fucked. The bug would have gone out readily. This particular abuse wasn't tested, obviously, or someone would have gone, "Wow look at that! It gave back a chunk of data LOL! Let's fix that before relase!" So if they would have satisfied Theo, OpenSSL still wouldn't have been tested and wouldn't have crashed, and would be released vulnerable.
That release gets on every SSL-enabled server, including into products like SonicWall VPN and firewalls. These are vulnerable--I've tested them here, the exploit actually works. FortiNet's products--FortiMail, FortiGate--these are vulnerable. CentOS 6 is vulnerable. Debian is vulnerable. Ubuntu since forever is vulnerable. Fedora is vulnerable. SuSE is vulnerable. A bunch of shit on Windows is vulnerable.
Then we realize there's a bug.
Let's talk about someone else who's wrong: the OpenSSL team. The OpenSSL developers are pissed off because of the full disclosure practice that put this bug out there before a patch was released. They think responsible disclosure would be better. So you disclose responsibly, and the patches come out. Some hackers see new OpenSSL release, and look into it. They see malloc() fixes in networking code, or you put up a big "THIS IS A SECURITY PATCH" notice.
Start your engines, motherfuckers.
Distros start rebuilding immediately because there's an automatic trigger, and because they know already: there's a huge network nobody knows about made up of distro maintainers and upstream programmers all sharing security and bugfix information. Ubuntu's devs were ready for this shit before it was released, and probably would have had packages built before the source went out. Debian, RedHat, SuSE.
Twelve hours later, sysadmins start noticing.
By then, someone has reverse-engineered the patches. The moment packages start propagating, the source files are up--SRPMs are out. By the time you can see and react, someone sees "SECURITY FIX", reads the diff, the best ones can do an exploit in half an hour for something like this. You might be hacked before you notice the patch.
So it would be better with responsible disclosure. The problem is this isn't a hack you'd see: you don't know if you're hacked. You wake up and your security is now handled by Schrodinger's Cat: your SSL keys are secure or not secure, and you don't know until you shake down the blackhats who have your keys, and maybe they bury the information when you do that so you still don't know. Not only that, but maybe blackhats secretly had the hack before it was noticed by a security researcher--that's rather common.
The moment this thing went out, it was too late. Your security is broken. And most people aren't on OpenBSD, so they'd get hacked even with OpenSSL using the system malloc(). They'd get hacked even with OpenBSD's protections, because OpenSSL is running almost always on Linux and OpenBSD's protections aren't on Linux. They'd get hacked anyway. That means everyone.
So no, Theo. You're not helping. You didn't discover the keystone that would save us all. Maybe god damn EVERYONE should implement these protections everywhere; glibc has some, but long reads won't crash glibc unless you hit unmapped.
Black culture has escape clauses, as in so many subcultures. Becoming rich but still being a hood rat--assuming you live in an area where blacks are generally hood rats and not just people with darker skin--makes you a celebrity. You got a good job--a real one, not pimpin' or drug dealin'--that makes you a traitor; but if you got a good job, flash your cash around, get highly flashy suits, drive a pimped-out car, and blast rap music, you're that rich nigga down the street that stick it to da man!
We can see this again and again. Remember every fucking band that ever changed their music? All your songs sound the same, you suck. Oh shit look! Metallica changed the way their songs sound! THEY ARE SELL-OUTS TO THE RECORD COMPANY! I liked them before they were cool, but now they're just RIAA mafia shills.
Remember gays? Those people? I had a gay friend once. There was a pride parade on campus, he went. He came back almost immediately, bitched about how they were marching into classrooms half-naked and screaming at people taking tests, and acting like militants (i.e. not-gay people are the enemy). In gay pride parades, they've historically been hostile or passive-aggressive to bisexuals. He came back with all this new information from his first participation in a gay event, and also with the experience of people shouting at him and getting angry when he said maybe they shouldn't be such assholes. Gay traitor.
Try being in IT and going into management. For that matter, try being an IT guy and going into infosec. Holy living hell, do IT muggles hate security engineers! These dudes used to be your crew, now you are a fucking traitor.
They actually do. They try to make it somewhat scientific, and try to stretch in the same direction continuously. Warp plasma conduits do not magically do different things in different episodes; and when they do, it's usually reasonable to assume they do these things in addition to or because of a property of warp plasma conduits already established. There's a lot of stretching and head scratch, but not a lot of "oh hell no, this is retarded" going on.
The earth IS the center of the universe. To say any other point in the universe is the center of the universe is equally as dumb, if not more so.
We can observe from here that the earth is the center of the universe. If we measure the expansion of the universe, EVERY SINGLE THING IN THE FUCKING UNIVERSE IS MOVING AWAY FROM THE EARTH AT ALMOST PRECISELY THE SAME RATE AS EVERY OTHER THING. This is because the universe is expanding.
Allow me to illustrate. This is what it looks like from Earth. If point A is Earth, and point A is where you are, that's what the universe looks like. See?
Because we have this retarded idea that there aren't enough girls doing something because of discrimination. Maybe girls don't want to be mechanics, or computer programmers. Maybe they want to be customer service reps, PR reps, project managers (there are a LOT of women in project management--turns out they're decent at herding men), teachers, cashiers, waitresses, cheerleaders, etc.
In my school, a lot of guys played football, and a lot of guys played lacrosse; but a lot of girls played lacross, too. There's a lot of coed soccer. Offering girl's football tends to not get a lot of turn-out. Women love volleyball; men are into it, but more casually; and you will not find nearly as many men playing badminton because the physiological construction of the female pelvis allows for motions which make the game much easier.
To me it's like trying to encourage more girls to go down on other girls. Maybe girls don't like to do that. Maybe they'd rather suck dick. Oh sure there's a few, but did it ever occur to you that a LOT of girls just really prefer riding cocks? Maybe they just don't have whatever mental defect leads someone to become a computer programmer; or maybe it expresses itself as a tendency to date abusive boyfriends who give them black eyes and lock them in the house for weeks at a time.
Except that having a job as CEO of a company is not a requirement to participating in the political process. I am not denied my right to participate in politics if my wife threatens to divorce me if I donate to prop 8.
You really don't understand how the world works, do you?
Let me ask you something: why is it illegal in my state for landlords with more than 3 units to refuse to rent to black people? Shouldn't they be allowed to deny blacks, gays, and jews the right to housing? The landlords are not government.
Why can't companies decide not to hire gay people? Companies are not the government. If you voted to strike down Proposition 8, shouldn't it be legal to deny you employment for participating in the business process?
How is any of this different from groups of people making a lot of noise and causing harm to businesses in order to pressure people out of high-profile positions? How is this different really from your wife divorcing you over voting for John Kerry?
Your ideal world is that we create a strawman rule--that you are "legally allowed to do this without repercussion"--and then don't call it "denying your rights" if a lynch mob comes to punish you for exercising your legal rights, as long as they don't violate any specific laws while going about it. As long as they don't destroy your property or harm you physically, they can harass you into not exercising your legal rights. If they find a way to create a physical threat that doesn't violate any laws--for example, if the whole town decides to deny to sell you food, as vendors can deny business with anyone for any reason--they can do that.
This is not how free society works. This is how mob rule works.
You accuse me of improper logic, while you abuse logical fallacies and warp definitions to no longer resemble the English language. Your form of debate relies on falsehood and corrupt reasoning. Also it is clear you have a strong desire to personally attack Eich, as you invest a visible level of emotion and make use of twisted logic to attack his character.
For example: you refuse to acknowledge that if a person feels something is harmful to society, then that person is essentially correct in preventing that harm; you avoid this entire (correct) line of reasoning by refusing to acknowledge any possibility that Eich feels that gay marriage is harmful to society, instead responding by asserting that Eich hates gays and so wants to ban gay marriage as a form of spite to bring harm to gays.
It is an established fact that some people do, in fact, honestly believe that gay marriage would be harmful to society. They may be wrong, but they do believe that. Therefor they do the only thing that feels right: they prevent that harm.
It is extremely difficult to argue physical harm from not being able to get married, versus other kinds of harm from shifts in social dynamics throughout society; the most consistently used argument by anyone is that "marriage is the right to love", which tells me that love is a false emotion imagined by fools and affixed by a state institution. People also make legal arguments in which they forget about wills, living wills, and powers of attorney; and, when cited, they conveniently forget that marriage requires a license, legal paperwork, and other expensive bullshit on par with a simple legal agreement in cost but, of course, more difficult to implement in practice--marriage is a standard process, and nobody has created a boxed process for not-marriage.
As these things are of minimal harm, almost any perception of other harm to society immediately outweighs them. Anyone who perceives any such potential harm is thus morally obligated to oppose the legalization of gay marriage; there is nothing else they can do.
You can, really. But you also have to admit that behavior A is not behavior B. As I have said repeatedly: this has been an exercise in denying someone their inalienable right to participate in the political process. It's a lynching. Society, not the courts, have decided to string a man up for his thoughts and feelings and beliefs.
As I argue for basic income, it will become unfashionable in some circles as I argue for the partial revocation of government pensions and social security, or even for what amounts to partial wealth redistribution. Welfare as-is functions as partial wealth redistribution; these proposals I make are equivalent, yet simpler and less costly. Still, it looks an awful lot like socialism, and if I ever get a CEO position I'll quickly be removed--like Brendan--for trying to destroy America (which I think should happen anyway, but still).
So this mafia of vicious activists has a direct negative impact on my ability to participate in the political process for the good of society. Now society is weaker. These people have done more harm than we could ever pretend Brendan Eich would.
And again I can use your logic to show that banning sex with children or animals is bigotry.
Also, dictionary definitions have always been derived from analysis of how words are used in society and what their applied meaning appears to be. I have simply done the same work over using your statements as the source information, deriving an implied meaning for bigotry which falls outside the scope of the established definition of bigotry.
You keep using that word. I do not think you understand what it means.
Yeah sucks to be them. I've already patented using Vibranium to imbue water with the essence of arsenic by pulsing the natural molecular vibrations through the fluid.
I did this once. My problem was not understanding homeopathy.
What you say is valid, and probably why people buy into homeopathy. Boiling willow bark in vinegar, distilling milk thistle, or steeping ginger root will have great effects. Further, many medicines are concentrated forms of plants which are ineffective or contain toxic elements and thus cannot be taken as herbs; while, conversely, many medicines (LOVASTATIN) are hellaciously toxic in the purified form, but safe and effective in natural form.
Homeopathy is just water. It's water poisoned with something terrible, fractioned 2^1000 times, until not a single atom of the original impurity is likely to exist in the result. You get a jig and a bottle of pure water.
I support a system of government where, every once in a while, in extreme moderation, we get to precision invalidate due process and just nail those involved to a tree. It would take decades to crucify the dozen or so folks we need to cleanse the earth from, but this is an extremely dangerous tool which threatens our very existence every time it is wielded; fortunately a single mistake is small, while a single precision strike is massive.
It was implemented retardedly. Instead of having repeated tags per item, you give a parse string srcset="jumbo.jpg 1x, jumbo2.jpg 2x, jumbo4.jpg 4x". They may as well have implemented it with JSON.
The actual heartbleed bug is an issue of reading. It's validation: it allocates 10 bytes because the payload is that big; then it reads from that buffer 10000 bytes because the payload says it's that big. It's not a double-free or an out-of-bounds write, both of which we can readily detect.
To detect out-of-bounds read, you have to allocate in 4k blocks with malloc(), then right-align so that the buffer ends with the block, and keep the block after that unallocated. If some monkey mmap()s the following block that breaks this scheme, but that's extremely unlikely. So in normal operation, you read past the end and there is no physical RAM for that address and the system faults.
This scheme is highly expensive. Every allocation is rounded up to 4K of memory usage. That means the millions of tiny things allocated are multiplied by their average proportion to 4k. Allocated a binary tree of hundreds of thousands of vectors in a 3D rendering engine? Congrats: now all of these 80 byte elements each require 4096 bytes, about 500x as much RAM. Because of this kind of inflation (which on average isn't 500x), most allocators don't do this. I would not be surprised to see most workloads using only 10%-30% more RAM under this scheme, but a 10% increase is considered insane and a 1% decrease is considered an excellent and important optimization to most allocator designers.
The point is that this code would feed you broken output if you ever fed it broken user input, and it would feed you correct output and have no behavioral flaws if you just gave it correct input. The protections above would trigger if you fed this code broken input; but if you tested for that, you'd already be looking for this kind of bounds issue, and you wouldn't need a system crash to tell you that you just sent a 4 byte payload and got a 10 byte payload back.
This bug was missed because it works normally when not fed broken data, and nobody thought to test it with broken data.
In the Open Source concept, when any random joe sees a security bug, they file it with upstream quietly. It gets repeated behind closed doors to all the distro maintainers, and then they all have packages ready to go when the patch is published.
In the closed model, it takes binary analysis or other stuff to see it. There are far fewer people just stumbling around in the code going, "Whoa, this looks really weird." A lot of security holes are found and fixed by programmers who were doing something in that block and realized what they were looking at was buggy to horrendous results.
Uh, no. The heartbleed bug isn't a result of OpenSSL breakage in the way it allocates memory; it's actually a result of incorrectly handling memory allocated properly. That OpenSSL can't work when compiled against normal malloc() implies other issues unrelated to this one.
If OpenSSL had been compiled to properly work with glibc malloc() or freebsd malloc(), this bug would still stand.
How is he spot on?
A specific security feature of malloc() available as an optional security enhancement on OpenBSD has the ability to crash the program in the event of an exploit of this particular bug.
This feature isn't available on most of the installations of software using SSL, and wouldn't be triggered by OpenSSL unless it was exploited.
Therefor, if OpenSSL had correctly used malloc() to take advantage of this feature, the situation would be--in reality--no different, except we could say that theoretically the attacks on servers running OpenBSD wouldn't work.
The reason nobody would have caught it is simple: you'd have to intentionally fuzz the TLS heartbeat feature looking for exploits. You'd only do that when searching for exploits, you'd be analyzing responses, and you'd catch it anyway. It almost certainly would have been caught exactly as fast; and even if it was caught sooner, the impact would be "oh shit everybody in the world change your SSL keys"--i.e. the current situation.
If you make 1000 allocations, that's 4MB.
The allocator, as a single segment, already has a 50% or higher overhead. We're talking about changes that could turn into hundreds of megabytes of waste. There are literally hundreds of thousands of allocations actively in use in some workloads such as Web browsers or Word processors. Think about every pointer being 4KB at the very least--an array of 10 things of 100 bytes each is 1KB, but as a linked list it's 40KB. Expand 1KB = 40KB to the 1800MB RAM usage crap of Web browsers and OpenOffice.org and modern desktop environments.
The problem is it would have crashed on OpenBSD if someone would have tested this exploit on OpenBSD, meaning someone would have to be looking for the exploit, meaning someone would have found a bunch of data coming back anyway and gone "oh lol wtf?".
If someone crashed your server trying to exploit it, you would probably not notice; since there aren't many OpenBSD servers, probably nobody would notice that these attacks were happening and gone, "Whoa! A wild 0-day exploit!" And even if they had, there's all these non-OpenBSD servers that are getting hacked and nobody can say if they're hacked or not, so we just get ourselves into this exact situation sooner. We don't come away with smaller collateral damage; EVERY SSL CERTIFICATE EVER ISSUED IS NOW INVALID.
Nothing Theo suggested changes the situation. Implementing malloc() protection everywhere might; but if you can show any ability to beat that protection a percentage of the time, then we're also in the same situation. We're talking about reads, so canaries aren't it. If you're crashing out on reads, then every malloc(1) that crashes if you read 2 requires 4096 bytes of real RAM to store 1 byte of data--we get into costs.
I can see his point; however he's still wrong. Mostly because he's Theo, though I'll credit he seems to have quietly accepted some of the things he was wrong about in the past.
So then a bug shows up which leaks the content of memory mishandled by that layer. If the memoory had been properly returned via free, it would likely have been handed to munmap, and triggered a daemon crash instead of leaking your keys.
And then the five servers in the world running OpenBSD would be safe.
The moment the bug was discovered, we were all fucked. The bug would have gone out readily. This particular abuse wasn't tested, obviously, or someone would have gone, "Wow look at that! It gave back a chunk of data LOL! Let's fix that before relase!" So if they would have satisfied Theo, OpenSSL still wouldn't have been tested and wouldn't have crashed, and would be released vulnerable.
That release gets on every SSL-enabled server, including into products like SonicWall VPN and firewalls. These are vulnerable--I've tested them here, the exploit actually works. FortiNet's products--FortiMail, FortiGate--these are vulnerable. CentOS 6 is vulnerable. Debian is vulnerable. Ubuntu since forever is vulnerable. Fedora is vulnerable. SuSE is vulnerable. A bunch of shit on Windows is vulnerable.
Then we realize there's a bug.
Let's talk about someone else who's wrong: the OpenSSL team. The OpenSSL developers are pissed off because of the full disclosure practice that put this bug out there before a patch was released. They think responsible disclosure would be better. So you disclose responsibly, and the patches come out. Some hackers see new OpenSSL release, and look into it. They see malloc() fixes in networking code, or you put up a big "THIS IS A SECURITY PATCH" notice.
Start your engines, motherfuckers.
Distros start rebuilding immediately because there's an automatic trigger, and because they know already: there's a huge network nobody knows about made up of distro maintainers and upstream programmers all sharing security and bugfix information. Ubuntu's devs were ready for this shit before it was released, and probably would have had packages built before the source went out. Debian, RedHat, SuSE.
Twelve hours later, sysadmins start noticing.
By then, someone has reverse-engineered the patches. The moment packages start propagating, the source files are up--SRPMs are out. By the time you can see and react, someone sees "SECURITY FIX", reads the diff, the best ones can do an exploit in half an hour for something like this. You might be hacked before you notice the patch.
So it would be better with responsible disclosure. The problem is this isn't a hack you'd see: you don't know if you're hacked. You wake up and your security is now handled by Schrodinger's Cat: your SSL keys are secure or not secure, and you don't know until you shake down the blackhats who have your keys, and maybe they bury the information when you do that so you still don't know. Not only that, but maybe blackhats secretly had the hack before it was noticed by a security researcher--that's rather common.
The moment this thing went out, it was too late. Your security is broken. And most people aren't on OpenBSD, so they'd get hacked even with OpenSSL using the system malloc(). They'd get hacked even with OpenBSD's protections, because OpenSSL is running almost always on Linux and OpenBSD's protections aren't on Linux. They'd get hacked anyway. That means everyone.
So no, Theo. You're not helping. You didn't discover the keystone that would save us all. Maybe god damn EVERYONE should implement these protections everywhere; glibc has some, but long reads won't crash glibc unless you hit unmapped.
Congrats Theo, your reputation continues.
Only small children laugh as they play. I stay as far away from that as I can. I hope they get crushed by a truck.
It takes 1/100 of 1 second for a deaf person to wake up when a smoke alarm injects aerosol wasabi into the air.
Yeah but the thing about pissing off deaf people is they are really shitty about sneaking up behind you quietly.
Black culture has escape clauses, as in so many subcultures. Becoming rich but still being a hood rat--assuming you live in an area where blacks are generally hood rats and not just people with darker skin--makes you a celebrity. You got a good job--a real one, not pimpin' or drug dealin'--that makes you a traitor; but if you got a good job, flash your cash around, get highly flashy suits, drive a pimped-out car, and blast rap music, you're that rich nigga down the street that stick it to da man!
We can see this again and again. Remember every fucking band that ever changed their music? All your songs sound the same, you suck. Oh shit look! Metallica changed the way their songs sound! THEY ARE SELL-OUTS TO THE RECORD COMPANY! I liked them before they were cool, but now they're just RIAA mafia shills.
Remember gays? Those people? I had a gay friend once. There was a pride parade on campus, he went. He came back almost immediately, bitched about how they were marching into classrooms half-naked and screaming at people taking tests, and acting like militants (i.e. not-gay people are the enemy). In gay pride parades, they've historically been hostile or passive-aggressive to bisexuals. He came back with all this new information from his first participation in a gay event, and also with the experience of people shouting at him and getting angry when he said maybe they shouldn't be such assholes. Gay traitor.
Try being in IT and going into management. For that matter, try being an IT guy and going into infosec. Holy living hell, do IT muggles hate security engineers! These dudes used to be your crew, now you are a fucking traitor.
Keep towing the party line.
They actually do. They try to make it somewhat scientific, and try to stretch in the same direction continuously. Warp plasma conduits do not magically do different things in different episodes; and when they do, it's usually reasonable to assume they do these things in addition to or because of a property of warp plasma conduits already established. There's a lot of stretching and head scratch, but not a lot of "oh hell no, this is retarded" going on.
Why are they dumb?
The earth IS the center of the universe. To say any other point in the universe is the center of the universe is equally as dumb, if not more so.
We can observe from here that the earth is the center of the universe. If we measure the expansion of the universe, EVERY SINGLE THING IN THE FUCKING UNIVERSE IS MOVING AWAY FROM THE EARTH AT ALMOST PRECISELY THE SAME RATE AS EVERY OTHER THING. This is because the universe is expanding.
Allow me to illustrate. This is what it looks like from Earth. If point A is Earth, and point A is where you are, that's what the universe looks like. See?
By contrast, This is what it looks like from Alpha Centauri Bb. If point B is Alpha Centauri Bb, and point B is where you are, this is what the universe looks like. See?
Because we are only able to measure from fairly close to "on the Earth", the only observable reality is that the Earth is the center of the universe.
Do you get it now? Or does a more compact diagram help?
Because we have this retarded idea that there aren't enough girls doing something because of discrimination. Maybe girls don't want to be mechanics, or computer programmers. Maybe they want to be customer service reps, PR reps, project managers (there are a LOT of women in project management--turns out they're decent at herding men), teachers, cashiers, waitresses, cheerleaders, etc.
In my school, a lot of guys played football, and a lot of guys played lacrosse; but a lot of girls played lacross, too. There's a lot of coed soccer. Offering girl's football tends to not get a lot of turn-out. Women love volleyball; men are into it, but more casually; and you will not find nearly as many men playing badminton because the physiological construction of the female pelvis allows for motions which make the game much easier.
To me it's like trying to encourage more girls to go down on other girls. Maybe girls don't like to do that. Maybe they'd rather suck dick. Oh sure there's a few, but did it ever occur to you that a LOT of girls just really prefer riding cocks? Maybe they just don't have whatever mental defect leads someone to become a computer programmer; or maybe it expresses itself as a tendency to date abusive boyfriends who give them black eyes and lock them in the house for weeks at a time.
Except that having a job as CEO of a company is not a requirement to participating in the political process. I am not denied my right to participate in politics if my wife threatens to divorce me if I donate to prop 8.
You really don't understand how the world works, do you?
Let me ask you something: why is it illegal in my state for landlords with more than 3 units to refuse to rent to black people? Shouldn't they be allowed to deny blacks, gays, and jews the right to housing? The landlords are not government.
Why can't companies decide not to hire gay people? Companies are not the government. If you voted to strike down Proposition 8, shouldn't it be legal to deny you employment for participating in the business process?
How is any of this different from groups of people making a lot of noise and causing harm to businesses in order to pressure people out of high-profile positions? How is this different really from your wife divorcing you over voting for John Kerry?
Your ideal world is that we create a strawman rule--that you are "legally allowed to do this without repercussion"--and then don't call it "denying your rights" if a lynch mob comes to punish you for exercising your legal rights, as long as they don't violate any specific laws while going about it. As long as they don't destroy your property or harm you physically, they can harass you into not exercising your legal rights. If they find a way to create a physical threat that doesn't violate any laws--for example, if the whole town decides to deny to sell you food, as vendors can deny business with anyone for any reason--they can do that.
This is not how free society works. This is how mob rule works.
You accuse me of improper logic, while you abuse logical fallacies and warp definitions to no longer resemble the English language. Your form of debate relies on falsehood and corrupt reasoning. Also it is clear you have a strong desire to personally attack Eich, as you invest a visible level of emotion and make use of twisted logic to attack his character.
For example: you refuse to acknowledge that if a person feels something is harmful to society, then that person is essentially correct in preventing that harm; you avoid this entire (correct) line of reasoning by refusing to acknowledge any possibility that Eich feels that gay marriage is harmful to society, instead responding by asserting that Eich hates gays and so wants to ban gay marriage as a form of spite to bring harm to gays.
It is an established fact that some people do, in fact, honestly believe that gay marriage would be harmful to society. They may be wrong, but they do believe that. Therefor they do the only thing that feels right: they prevent that harm.
It is extremely difficult to argue physical harm from not being able to get married, versus other kinds of harm from shifts in social dynamics throughout society; the most consistently used argument by anyone is that "marriage is the right to love", which tells me that love is a false emotion imagined by fools and affixed by a state institution. People also make legal arguments in which they forget about wills, living wills, and powers of attorney; and, when cited, they conveniently forget that marriage requires a license, legal paperwork, and other expensive bullshit on par with a simple legal agreement in cost but, of course, more difficult to implement in practice--marriage is a standard process, and nobody has created a boxed process for not-marriage.
As these things are of minimal harm, almost any perception of other harm to society immediately outweighs them. Anyone who perceives any such potential harm is thus morally obligated to oppose the legalization of gay marriage; there is nothing else they can do.
You can, really. But you also have to admit that behavior A is not behavior B. As I have said repeatedly: this has been an exercise in denying someone their inalienable right to participate in the political process. It's a lynching. Society, not the courts, have decided to string a man up for his thoughts and feelings and beliefs.
As I argue for basic income, it will become unfashionable in some circles as I argue for the partial revocation of government pensions and social security, or even for what amounts to partial wealth redistribution. Welfare as-is functions as partial wealth redistribution; these proposals I make are equivalent, yet simpler and less costly. Still, it looks an awful lot like socialism, and if I ever get a CEO position I'll quickly be removed--like Brendan--for trying to destroy America (which I think should happen anyway, but still).
So this mafia of vicious activists has a direct negative impact on my ability to participate in the political process for the good of society. Now society is weaker. These people have done more harm than we could ever pretend Brendan Eich would.
And again I can use your logic to show that banning sex with children or animals is bigotry.
Also, dictionary definitions have always been derived from analysis of how words are used in society and what their applied meaning appears to be. I have simply done the same work over using your statements as the source information, deriving an implied meaning for bigotry which falls outside the scope of the established definition of bigotry.
You keep using that word. I do not think you understand what it means.
Yeah sucks to be them. I've already patented using Vibranium to imbue water with the essence of arsenic by pulsing the natural molecular vibrations through the fluid.
I did this once. My problem was not understanding homeopathy.
What you say is valid, and probably why people buy into homeopathy. Boiling willow bark in vinegar, distilling milk thistle, or steeping ginger root will have great effects. Further, many medicines are concentrated forms of plants which are ineffective or contain toxic elements and thus cannot be taken as herbs; while, conversely, many medicines (LOVASTATIN) are hellaciously toxic in the purified form, but safe and effective in natural form.
Homeopathy is just water. It's water poisoned with something terrible, fractioned 2^1000 times, until not a single atom of the original impurity is likely to exist in the result. You get a jig and a bottle of pure water.
I support a system of government where, every once in a while, in extreme moderation, we get to precision invalidate due process and just nail those involved to a tree. It would take decades to crucify the dozen or so folks we need to cleanse the earth from, but this is an extremely dangerous tool which threatens our very existence every time it is wielded; fortunately a single mistake is small, while a single precision strike is massive.
Let's start with Monsanto or Goldman.
In my experience, sociopaths find it extremely difficult to lie.
I grow bamboo, by the way. Would you like some in a pot?
32 bit supports up to 64GB of RAM.
It was implemented retardedly. Instead of having repeated tags per item, you give a parse string srcset="jumbo.jpg 1x, jumbo2.jpg 2x, jumbo4.jpg 4x". They may as well have implemented it with JSON.
It doesn't work by treating conditions. You're using it wrong. The first thing you need to do is stop expecting it to do anything.
Not the point.