The law is supposed to make some sort of common sense. The fact is there are so many laws that nobody can possibly know them all.
I do agree in principle. This is mostly a problem of recent times, where politicians need to show "activity" to the media, and they do that by passing new laws and more laws. There are still quite a few old laws around that are very clear, straightforward and basically just codify common sense.
The fact is, most people just do what seems right and hope they never end up in court. It's really all they can practically do.
True.
I've got an AUP in use that includes the clause that "in case of dispute over interpretation, common sense interpretations trump legalese interpretations". I have no idea if it would stand up in court (untested so far), but basically contracts are meant to put the intent of the parties into writing, so I'd hope it would have at least that effect.
I've had 6 years of business experience working very closely with the legal department and yes, part of my job was to prepare corporate contracts. Over time, the amount of changes legal suggests drops, because - surprise, surprise - if you're not a total buffon, you actually learn what you're doing.
Frankly, the fact alone that you're posting such a bullshit about someone you know nothing about shows what's wrong with Internet comment systems.
Ok, it's cold, polar vortex and all, but has hell frozen over? The Republicans doing something that makes sense? And (so far) it's not loaded with riders to push creationism in schools and cut government spending on welfare programs? Wow.
They just might've taken the last exit on the road to insignificance they were travelling down at top speed.
The state has butted in as a 3rd party and has nullified that agreement for it's own interests.
And a lawyer could've told them that this could potentially happen and how to avoid it.
The problem is that the proper API is often undocumented or is only documented in a language that is practically unreadable to anyone but a lawyer.
Yes and no. I've worked with legal texts in my profession for years. It does have its own language, but you can learn to read it without getting a law degree. It's not that much different from, say, RFCs where specific words like COULD, SHOULD, MUST have very specific meanings.
With several years of experience, I actually find legal texts to be quite readable and clear, precisely because it uses a well-defined language that leaves less room for ambiguity than day-to-day talk.
But yes, it might've costed them something if nobody had an insurance that would cover it (and I don't know what rates, etc. are in the US, but for me over here in Europe I can only recommend having an insurance for legal costs, I know mine pays for itself because it allows me to consult lawyers on all kinds of matters and it's covered).
There's no such thing as a free market, except in economics theory. Every real-world market is either regulated, or massively manipulated, or largely intransparent, or in the hands of an oligarchy, or any combination of those.
Besides, you are not proposing a free-market-decision, you are just proposing a different, more complex and more difficult to enforce regulation.
If you would ever let your software be used by for-profit interests, you are not part of the community
That's wrong. Even RMS is ok with software being used for-profit. What he's not ok with is giving for-profit interested software for free with no obligation on their part to share equally.
Proprietary software has it's place and, in a free market, people will choose whatever is best for them.
There's your false assumption.
We don't have a free market. That's only a strawman of those who are against any regulations because they profit from the status quo. The market is massively manipulated on all levels, and is very, very far from the core assumptions of free market theory.
You can write your own contract, but you should know what you're doing - just like everywhere else in life.
I've written many contracts that the lawyers cross-checking them had no changes to. But I got some training in the subject and the relevant laws before doing that.
The other woman explicitly chose to be a parent, thus the burden should be her responsibility. Why aren't they? Perhaps because this guy has more income so he's the guy they can extract money from, or perhaps they just think the law is written heteronormatively enough that this will work better.
My money is on the 2nd, even without reading the law in question.
Almost certainly, the law is written with biological parenthood in mind, so by law the sperm donor is the father and the woman's partner is nowhere even near a parent-child relation but, legally speaking, a stranger.
Yes, minus the "get their cut" conspiracy theory nonsense.
When you do things in the real world with considerable consequences, make sure you are doing them properly. If this had been a rental agreement, or a purchase contract for a company, or whatever, the result would have been similar if the parties involved did things without the correct paperwork.
Maybe it's a burden, but it's there to regulate our society. Law is very much like a computer. You can go the bureaucratic way and change your data using the correct API with all the filesystem or database overhead and the requirement to use a particular format or language. Or you can just flip a few bits in memory or on the hard drive and get the same result. Except that it might break data integrity, invalidate the sector because of a checksum violation or whatever else.
Also don't forget that the interested party in this case was not some clinic or medical association, but the government, which has apparently paid quite a bit of money in child support and - thanks to all of us complaining all the time that the government is wasting money - was probably obliged by some deficit limit law to check if it can't get that money back from the father.
Unintended consequences, anyone?
But yes, it'll make it more difficult, because lots of people don't want to use the proper API and fill out the proper paperwork and don't want to pay a lawyer to tell them what the proper paperwork is. For a one-night-stand, that's understandeable. For a child, less so.
But it will become a commodity. Instead of being the hip thing to go to, it'll just be there. It's part address book, part blog, part photo collection, part event manager, but with the excitement gone.
I'm sure when the first supermarket opened, it was a huge event and everyone was excited for a few weeks. All that stuff! In one place! wow!
And then the excitement went away and today we go to the supermarket and don't even actually look at it anymore.
And that last is the crucial part. When people stop spending half their life on FB and just use it for this and that, ad revenue is going to come crashing down. That, rather than everyone leaving, is probably going to seal its fate.
Thanks. I actually didn't know that, I've never seen these as food-replacements, but as dietary or complementary products. I'll check out what the equivalents available over here in Europe are.
The problem with password-strength assessments is that the math most people apply is basically x^y where x is the number of possible characters and y the length.
But that's not how real people work. If your password policy requires at least one number, then you have not actually increased x by +10 for 95% of your users. Most of them will simply add a number to the end, or to the beginning. Basically, instead of turning x^y into (x+10)^y, you've turned it into a little over 10*(x^y). That's a massive difference between the amount of additional strength you thought you'd get and what you actually get.
Not that I would want to live on it. I quite enjoy a good meal. However, there are also many days where I am absorbed in work or horribly busy or just not in the mood and meals are a necessity that I try to get done with as quickly as possible. Stuff like this would be perfect for those days and if it is what it claims to be, give me the peace of mind that I'm still eating nutritionally well.
I've given a keynote on this subject, and one of the points was that most password policies can be proven to result in less secure passwords. This is one of the reasons why.
mixed-case is a strawman. As a matter of fact, on any new applications I write, I always lowercase passwords in the backend, so if the user has caps-lock on, his password still works.
mixing cases does almost nothing to increase the security of the password of the average user, because any case changes will be in very easily predicted places (beginning, CamelCase, etc.) I've done the math on that once, with real-world assumptions and it's basically one order of magnitude that you gain. That's not worth the trouble of people not being able to log in because they have caps-lock on or forgot if it was "password" or "Password", etc.
It's that the average user is so dense that they cant understand the security professional and they're also so lazy that they wont learn or even take basic self preservation measures unless their forced to.
I think I want your bosses phone number, because I'd just love to get a consulting gig where I set you guys straight.
Lack of understanding for the actual user is the #1 security risk of our time.
I understand your sentiment. I've been there. 8 years ago I was on the expert panel of a security conference and one of the questions asked was which security risks we estimate will still be there 10 years down the road. We five experts quickly agreed and I was the one to tell it to the audience that "dumb users" was the primary answer. 3 years ago I went back to that conference as the keynote speaker and began my talk with "I was wrong".
Users aren't lazy, or stupid, or anything like that. Going into the discussion with that assumption is a basic logic flaw. As we all know from logic 101, if your assumption is wrong, your conclusion is worse then wrong, it's meaningless.
Your biggest problem are people and the fact they don't take security seriously.
Assumptions like this is what causes security to be so fucked up. It's a typical shifting-the-blame response.
I am advocating that every security problem is the result of some security professional fucking up. Every single one, including people choosing "123456" as their password. It might not be a technical fuck-up, but one of communication or design (that one is the elephant in the room most people overlook) or empathy.
Once you stop making other people responsible and check back to see if you could change anything to make this problem go away, you almost always find out that heck yes, you can.
I am a security professional myself. You know what my password is for 1/2 the sites I have accounts on? 1234. Why? Because I don't care.
You know what my passwords are for 80% of the sites I have accounts on? Something from a selection of fairly good passwords - because my browser remembers them for me. So yeah, that leaves one master password to crack, but we all have that anyways without realizing - it's the password to the email account that all those password reminders would be sent to.;-)
The solution is identity federation.
Or something else that doesn't require people to remember passwords, yes.
Loved this. And no, it's totally on topic, because it's the same thing. Voice-control active during gaming which includes team chat. Yeah, what could possibly go wrong?;-)
(loved the girls reaction. she was the only one with enough cool to laugh about it)
And exactly because of that we have poorer results, poorer ways to check those results, and can take much more modest conclusions from these results. That is unless you are an irresponsible alarmist.
Bullshit. All it means is that the methods must be different than in, say, elementary school physics where you can drop the ball 100 times and measure stuff.
There are many other fields that have low or zero repeatability. High-energy physics, for example, quite often runs a particle accelerator once and then works through the resulting TB of data for years. We also don't exactly have a hundred Mars rovers. And then there are the social and political sciences, where you study the real world that doesn't exactly repeat, ever.
Sorry, but the conclusions are jumped to, don`t necessarily follow the data, and are completely irresponsible, regardless of what you may believe with religious fervor.
You keep dishing out personal insults to someone you don't know as if they were an argument. You don't know if I'm an engineer or a climate scientist, or a buddhist monk or a stock broker. Your personal insults just discredit everything else you say.
That said, chaotic systems are very hard to model and any forecasting based on them is highly unreliable, because you can't control the variables and their effect in the real world.
Yes, that is what "chaotic system" means.
And yet, "chaotic" does not mean "completely random". We have achieved a > 90% accuracy with weather forecasts for up to 3 days into the future. I remember when in my childhood, the weather forecast for tomorrow used to be a 50/50 guess.
Yes, and without anything of the sort. It can happen even by chance. Someone can have an idea, make an equation and it can model perfectly some natural phenomena.
Until someone trashes it. Shortly before Einstein, respectable people thought that physics was pretty much over and done. A few details left to sort out and then we have it.
Many IT people actually try, but they have no understanding for what this looks like from a regular users perspective. I've given talks on and consulted on the subject - I think I get through to the techies, but it does take some explaining to do, and it probably only works because I am one myself.
I've worked in a large corporation with a 400 page security policy. The security and compliance departments were very proud of it. Some individuals within IT liked it a lot. Nobody else in the company that I met even knew it existed.
Giving microphone access to a complex piece of software that's primarily used to render, interpret and run code fetched from random places on the Internet... what could possibly go wrong?
I'm not a big fan of those auto-selecting-stories-we-think-you-will-like services. There's too much danger of them making a bubble around you, only showing you the news you agree with anyways, and shielding you from the different and strange and sometimes disagreeable reality.
One of the reasons (one, it's a complex topic) is that we, the security professionals, are too dense to properly explain things in a language the user understands correctly.
For example, we tell them their password should be difficult to guess. But "guess" is the entirely wrong word to use, because it implies something that's not happening in the real world. When you say "guess" to a normal person, his mental image is that of some attacker thinking there, trying a few different things. What we experts mean is that some script will do 10,000 login attempts with a dictionary attack, or some hacker will check your pilfered password hash against a rainbow table.
Quite a few regular users are seriously convinced that "123456" is a "hard to guess" password, because it wouldn't be their first or second guess for someone elses password.
Here's what you need to do, IMNSHO:
We've had several of these breaches with leaked passwords over the years. Collect them, take the top 10,000 or so passwords and put them into a list. Add that list to John with a simple (because you want to be fast) ruleset for permutations. When the user picks a password, run that in the background. And instead of telling him to use a "difficult to guess" password, tell him that you run the same program that some evil people use, and if it can crack his password, he needs to use a different one.
Tell him that John needed 0.0253 (or whatever) seconds to crack his password, and show him the rule so he understands (e.g. "passw0rd" is a permutation of "password", the #2 most often used password).
It'll take 20 minutes for him to find a password that works, and he'll have to write it down to remember it. Problem solv... oh, wait...
Maybe, you know, the problem is in the method. Passwords suck.
Unless you have a few hundred backup earths to run control experiments on, it's just in the nature of the field that there's no repeatability.
The rest of your argument is utter hogwash, because no matter how often the lie is repeated, the data is there, it's not vague (as an engineer, you should be familiar with errors of margin, measurement precision and all that), the conclusions aren't jumped to, but the results of very extensive analysis, and so on and so forth. It's simply a lie, repeated ad nauseam mostly by people with political interests, that there's no data or not enough data or no clear conclusions or any of that.
Yes, climate is a chaotic system. So is fluid dynamics. We've become pretty cool in making general predictions in both, even if individual particles behave chaotically.
Not necessarily. Even in science someone can come with an absolute right answer for something at some point. You can`t discard this possibility.
Slashdot Mirror
The law is supposed to make some sort of common sense. The fact is there are so many laws that nobody can possibly know them all.
I do agree in principle. This is mostly a problem of recent times, where politicians need to show "activity" to the media, and they do that by passing new laws and more laws. There are still quite a few old laws around that are very clear, straightforward and basically just codify common sense.
The fact is, most people just do what seems right and hope they never end up in court. It's really all they can practically do.
True.
I've got an AUP in use that includes the clause that "in case of dispute over interpretation, common sense interpretations trump legalese interpretations". I have no idea if it would stand up in court (untested so far), but basically contracts are meant to put the intent of the parties into writing, so I'd hope it would have at least that effect.
I've had 6 years of business experience working very closely with the legal department and yes, part of my job was to prepare corporate contracts. Over time, the amount of changes legal suggests drops, because - surprise, surprise - if you're not a total buffon, you actually learn what you're doing.
Frankly, the fact alone that you're posting such a bullshit about someone you know nothing about shows what's wrong with Internet comment systems.
Ok, it's cold, polar vortex and all, but has hell frozen over? The Republicans doing something that makes sense? And (so far) it's not loaded with riders to push creationism in schools and cut government spending on welfare programs? Wow.
They just might've taken the last exit on the road to insignificance they were travelling down at top speed.
The state has butted in as a 3rd party and has nullified that agreement for it's own interests.
And a lawyer could've told them that this could potentially happen and how to avoid it.
The problem is that the proper API is often undocumented or is only documented in a language that is practically unreadable to anyone but a lawyer.
Yes and no. I've worked with legal texts in my profession for years. It does have its own language, but you can learn to read it without getting a law degree. It's not that much different from, say, RFCs where specific words like COULD, SHOULD, MUST have very specific meanings.
With several years of experience, I actually find legal texts to be quite readable and clear, precisely because it uses a well-defined language that leaves less room for ambiguity than day-to-day talk.
But yes, it might've costed them something if nobody had an insurance that would cover it (and I don't know what rates, etc. are in the US, but for me over here in Europe I can only recommend having an insurance for legal costs, I know mine pays for itself because it allows me to consult lawyers on all kinds of matters and it's covered).
Let the free market decide.
There's no such thing as a free market, except in economics theory. Every real-world market is either regulated, or massively manipulated, or largely intransparent, or in the hands of an oligarchy, or any combination of those.
Besides, you are not proposing a free-market-decision, you are just proposing a different, more complex and more difficult to enforce regulation.
If you would ever let your software be used by for-profit interests, you are not part of the community
That's wrong. Even RMS is ok with software being used for-profit. What he's not ok with is giving for-profit interested software for free with no obligation on their part to share equally.
Proprietary software has it's place and, in a free market, people will choose whatever is best for them.
There's your false assumption.
We don't have a free market. That's only a strawman of those who are against any regulations because they profit from the status quo. The market is massively manipulated on all levels, and is very, very far from the core assumptions of free market theory.
You can write your own contract, but you should know what you're doing - just like everywhere else in life.
I've written many contracts that the lawyers cross-checking them had no changes to. But I got some training in the subject and the relevant laws before doing that.
The other woman explicitly chose to be a parent, thus the burden should be her responsibility. Why aren't they? Perhaps because this guy has more income so he's the guy they can extract money from, or perhaps they just think the law is written heteronormatively enough that this will work better.
My money is on the 2nd, even without reading the law in question.
Almost certainly, the law is written with biological parenthood in mind, so by law the sperm donor is the father and the woman's partner is nowhere even near a parent-child relation but, legally speaking, a stranger.
Yes, minus the "get their cut" conspiracy theory nonsense.
When you do things in the real world with considerable consequences, make sure you are doing them properly. If this had been a rental agreement, or a purchase contract for a company, or whatever, the result would have been similar if the parties involved did things without the correct paperwork.
Maybe it's a burden, but it's there to regulate our society. Law is very much like a computer. You can go the bureaucratic way and change your data using the correct API with all the filesystem or database overhead and the requirement to use a particular format or language. Or you can just flip a few bits in memory or on the hard drive and get the same result. Except that it might break data integrity, invalidate the sector because of a checksum violation or whatever else.
Also don't forget that the interested party in this case was not some clinic or medical association, but the government, which has apparently paid quite a bit of money in child support and - thanks to all of us complaining all the time that the government is wasting money - was probably obliged by some deficit limit law to check if it can't get that money back from the father.
Unintended consequences, anyone?
But yes, it'll make it more difficult, because lots of people don't want to use the proper API and fill out the proper paperwork and don't want to pay a lawyer to tell them what the proper paperwork is. For a one-night-stand, that's understandeable. For a child, less so.
I don't think FB will vanish in a few years.
But it will become a commodity. Instead of being the hip thing to go to, it'll just be there. It's part address book, part blog, part photo collection, part event manager, but with the excitement gone.
I'm sure when the first supermarket opened, it was a huge event and everyone was excited for a few weeks. All that stuff! In one place! wow!
And then the excitement went away and today we go to the supermarket and don't even actually look at it anymore.
And that last is the crucial part. When people stop spending half their life on FB and just use it for this and that, ad revenue is going to come crashing down. That, rather than everyone leaving, is probably going to seal its fate.
Thanks. I actually didn't know that, I've never seen these as food-replacements, but as dietary or complementary products. I'll check out what the equivalents available over here in Europe are.
The problem with password-strength assessments is that the math most people apply is basically x^y where x is the number of possible characters and y the length.
But that's not how real people work. If your password policy requires at least one number, then you have not actually increased x by +10 for 95% of your users. Most of them will simply add a number to the end, or to the beginning. Basically, instead of turning x^y into (x+10)^y, you've turned it into a little over 10*(x^y). That's a massive difference between the amount of additional strength you thought you'd get and what you actually get.
I'm still intrigued by this one. Curious.
Not that I would want to live on it. I quite enjoy a good meal. However, there are also many days where I am absorbed in work or horribly busy or just not in the mood and meals are a necessity that I try to get done with as quickly as possible. Stuff like this would be perfect for those days and if it is what it claims to be, give me the peace of mind that I'm still eating nutritionally well.
Mod parent up, he's spot on.
I've given a keynote on this subject, and one of the points was that most password policies can be proven to result in less secure passwords. This is one of the reasons why.
+1 funny, but I'll give a serious answer anyways:
mixed-case is a strawman. As a matter of fact, on any new applications I write, I always lowercase passwords in the backend, so if the user has caps-lock on, his password still works.
mixing cases does almost nothing to increase the security of the password of the average user, because any case changes will be in very easily predicted places (beginning, CamelCase, etc.) I've done the math on that once, with real-world assumptions and it's basically one order of magnitude that you gain. That's not worth the trouble of people not being able to log in because they have caps-lock on or forgot if it was "password" or "Password", etc.
It's that the average user is so dense that they cant understand the security professional and they're also so lazy that they wont learn or even take basic self preservation measures unless their forced to.
I think I want your bosses phone number, because I'd just love to get a consulting gig where I set you guys straight.
Lack of understanding for the actual user is the #1 security risk of our time.
I understand your sentiment. I've been there. 8 years ago I was on the expert panel of a security conference and one of the questions asked was which security risks we estimate will still be there 10 years down the road. We five experts quickly agreed and I was the one to tell it to the audience that "dumb users" was the primary answer. 3 years ago I went back to that conference as the keynote speaker and began my talk with "I was wrong".
Users aren't lazy, or stupid, or anything like that. Going into the discussion with that assumption is a basic logic flaw. As we all know from logic 101, if your assumption is wrong, your conclusion is worse then wrong, it's meaningless.
Your biggest problem are people and the fact they don't take security seriously.
Assumptions like this is what causes security to be so fucked up. It's a typical shifting-the-blame response.
I am advocating that every security problem is the result of some security professional fucking up. Every single one, including people choosing "123456" as their password. It might not be a technical fuck-up, but one of communication or design (that one is the elephant in the room most people overlook) or empathy.
Once you stop making other people responsible and check back to see if you could change anything to make this problem go away, you almost always find out that heck yes, you can.
I am a security professional myself. You know what my password is for 1/2 the sites I have accounts on? 1234. Why? Because I don't care.
You know what my passwords are for 80% of the sites I have accounts on? Something from a selection of fairly good passwords - because my browser remembers them for me. So yeah, that leaves one master password to crack, but we all have that anyways without realizing - it's the password to the email account that all those password reminders would be sent to. ;-)
The solution is identity federation.
Or something else that doesn't require people to remember passwords, yes.
Loved this. And no, it's totally on topic, because it's the same thing. Voice-control active during gaming which includes team chat. Yeah, what could possibly go wrong? ;-)
(loved the girls reaction. she was the only one with enough cool to laugh about it)
And exactly because of that we have poorer results, poorer ways to check those results, and can take much more modest conclusions from these results. That is unless you are an irresponsible alarmist.
Bullshit. All it means is that the methods must be different than in, say, elementary school physics where you can drop the ball 100 times and measure stuff.
There are many other fields that have low or zero repeatability. High-energy physics, for example, quite often runs a particle accelerator once and then works through the resulting TB of data for years. We also don't exactly have a hundred Mars rovers. And then there are the social and political sciences, where you study the real world that doesn't exactly repeat, ever.
Sorry, but the conclusions are jumped to, don`t necessarily follow the data, and are completely irresponsible, regardless of what you may believe with religious fervor.
You keep dishing out personal insults to someone you don't know as if they were an argument. You don't know if I'm an engineer or a climate scientist, or a buddhist monk or a stock broker. Your personal insults just discredit everything else you say.
That said, chaotic systems are very hard to model and any forecasting based on them is highly unreliable, because you can't control the variables and their effect in the real world.
Yes, that is what "chaotic system" means.
And yet, "chaotic" does not mean "completely random". We have achieved a > 90% accuracy with weather forecasts for up to 3 days into the future. I remember when in my childhood, the weather forecast for tomorrow used to be a 50/50 guess.
Yes, and without anything of the sort. It can happen even by chance. Someone can have an idea, make an equation and it can model perfectly some natural phenomena.
Until someone trashes it. Shortly before Einstein, respectable people thought that physics was pretty much over and done. A few details left to sort out and then we have it.
We won't be making that mistake again so easily.
No, stupidity.
Many IT people actually try, but they have no understanding for what this looks like from a regular users perspective. I've given talks on and consulted on the subject - I think I get through to the techies, but it does take some explaining to do, and it probably only works because I am one myself.
I've worked in a large corporation with a 400 page security policy. The security and compliance departments were very proud of it. Some individuals within IT liked it a lot. Nobody else in the company that I met even knew it existed.
Giving microphone access to a complex piece of software that's primarily used to render, interpret and run code fetched from random places on the Internet... what could possibly go wrong?
I'm not a big fan of those auto-selecting-stories-we-think-you-will-like services. There's too much danger of them making a bubble around you, only showing you the news you agree with anyways, and shielding you from the different and strange and sometimes disagreeable reality.
Of course they do. Anyone surprised?
One of the reasons (one, it's a complex topic) is that we, the security professionals, are too dense to properly explain things in a language the user understands correctly.
For example, we tell them their password should be difficult to guess. But "guess" is the entirely wrong word to use, because it implies something that's not happening in the real world. When you say "guess" to a normal person, his mental image is that of some attacker thinking there, trying a few different things. What we experts mean is that some script will do 10,000 login attempts with a dictionary attack, or some hacker will check your pilfered password hash against a rainbow table.
Quite a few regular users are seriously convinced that "123456" is a "hard to guess" password, because it wouldn't be their first or second guess for someone elses password.
Here's what you need to do, IMNSHO:
We've had several of these breaches with leaked passwords over the years. Collect them, take the top 10,000 or so passwords and put them into a list. Add that list to John with a simple (because you want to be fast) ruleset for permutations. When the user picks a password, run that in the background. And instead of telling him to use a "difficult to guess" password, tell him that you run the same program that some evil people use, and if it can crack his password, he needs to use a different one.
Tell him that John needed 0.0253 (or whatever) seconds to crack his password, and show him the rule so he understands (e.g. "passw0rd" is a permutation of "password", the #2 most often used password).
It'll take 20 minutes for him to find a password that works, and he'll have to write it down to remember it. Problem solv... oh, wait...
Maybe, you know, the problem is in the method. Passwords suck.
Unless you have a few hundred backup earths to run control experiments on, it's just in the nature of the field that there's no repeatability.
The rest of your argument is utter hogwash, because no matter how often the lie is repeated, the data is there, it's not vague (as an engineer, you should be familiar with errors of margin, measurement precision and all that), the conclusions aren't jumped to, but the results of very extensive analysis, and so on and so forth. It's simply a lie, repeated ad nauseam mostly by people with political interests, that there's no data or not enough data or no clear conclusions or any of that.
Yes, climate is a chaotic system. So is fluid dynamics. We've become pretty cool in making general predictions in both, even if individual particles behave chaotically.
Not necessarily. Even in science someone can come with an absolute right answer for something at some point. You can`t discard this possibility.
Not without a major paradigm shift in science.