TFA was not intended to be a HOWTO. Articles that come in glossy-coated magazines never are. The reason it was posted to slashdot was, I think that it garnered some big-time attention, and the particular attack hasn't been mentioned anywhere on slashdot before. I think the slashdot crowd can engineer ways to do the exploit, and defend against it, and we'll all get rich no matter which side of the fence we decide to play.
As for a HOWTO, it depends on the situation. If we make the assumption that user file sharing is on, as TFA says (and you assumed away in your initial post), there are quite a few avenues.
I believe the implicit assumption from TFA is that "Filesharing enabled" means that some directory is read+write to the public. This isn't that uncommon for home computers. Users don't want their kids to have to remember passwords. "After all, we only use filesharing on the home network." Heck, the last time I installed Windows XP it created a password-less administrator accounts during the install process. Anyway, here's your howto:
1) Drop your payload in the shared folder. There are a lot of ways to get the user to execute the payload: 2) a web proxy that does meta-refresh to file:///path/to/file might work (not 100% sure if that would work? I haven't actually used Windows for any great length of time in years). 2 [alternate 1]) Web proxy that says, "[path] is standard Windows software that allows you to use Free Wi-Fi service. Please run [path] in order to connect to the internet. [link]. [optional: As the software is already installed on your computer, security is guaranteed!]" 99% of the idiots that have filesharing on will do what the browser tells them in order to get their precious free Wi-Fi. 2 [alternate]) If that won't work, there are a lot of other ways to get a user to open something. Even just putting it there could be enough. Average user will see the file some day and say "hey, I haven't seen that before, I wonder what it does [double-click]." The payload doesn't have to deploy right away, perhaps it takes time. 3) ??? [alternate: make computer into a zombie] 4) Profit!
The interesting thing about using this method to deploy a zombie program is that it is very very very difficult to track down. If the initial injection of malware is done using a remote attack, forensics people have a reasonable shot at tracking the source (or at least tracking the next link in the chain, and eventually finding the source).
Assuming the attacker gets the zombie software on even 10 computers this way, (s)he now has 10 computers that can be used to launch zero-days against yet other PCs, remotely. Forensics folks won't have any meaningful logfiles to analyze to look back at the initial injection vector. Assuming the malware does nothing to clean its tracks and the computer logs everything, all they'll find is that the payload was put there by a wireless device with [forged mac address] at some date and time. Not much to go on when looking for a perp. I'm sure there were a lot of people at the airport that day, and a lot of people watching in the observation deck/waiting outside for a loved one/using a pringles can antenna in their car. The only other avenue they'll have for tracking is to find the controller. And if the controller uses TOR or something, good luck:).
There are probably better ways to get a user to execute an already-installed-executable that I don't know about. Others can probably chime in.
It's hard for an article to explain anything if you don't read it.
From TFA:
In addition, because you've directly connected to the attack PC on a peer-to-peer basis, if you've set up your PC to allow file sharing [emphasis mine], the attacker can have complete run of your PC, stealing files and data and planting malware on it.
You can't actually see any of this happening, so you'd be none the wiser. The hacker steals what he wants to or plants malware, such as zombie software, then leaves, and you have no way of tracking him down.
Much less chance the people we are shooting at will get cancer 20 years from now.
Sure it's true that the lab mice don't get cancer 20 years from now after being shot in the face. Mouse physiology is quite different from ours, though.
In short, I don't think we've done enough carefully controlled human trials with bullets to make your claim. I'd suggest some form of double-blind experiment, shooting several thousand subjects from various socioeconomic classes with blanks and with bullets, and see what the effect on cancer rate is. I'll volunteer for the control group, which doesn't get shot at all. Providing a baseline for the population is probably the hardest job, as it takes the longest amount of time.
I just filed a paypal dispute (seller "shipped" but I never received anything). The seller never responded to the dispute in the 30 days they had, and paypal ruled thusly:
"We have decided in your favor, however, we were unable to recover any funds from the seller's account. As stated in the PayPal User Agreement, recovery of funds associated with a Buyer Complaint cannot be guaranteed."
That sure is some great buyer protection they have. Thank goodness my credit card company is actually a bank, and I can do a chargeback against Paypal:).
I drive a diesel (VW Jetta) and it is awesome. No cold weather starting problems, either, even when I lived in central new york, where the temperature was regularly in the single digits. Most fuel sellers put additives in their diesel in the winter to prevent the fuel from gelling, and engines have very good glow plugs these days. The motors are even quiet and soot-free these days (unless you really floor the gas pedal)...every time I've told a passenger in my car that it's diesel, they've been surprised and/or didn't believe me.
It's also zippy as heck. The motor produces a ton of torque at really low RPMs so it feels a lot faster than it really is, but the feeling makes it a ton of fun to drive.
The biggest reason that more diesels aren't sold in the states is that California banned the sale of new ones. Several other states adopted California's emissions laws (New York and most of the northeastern states). Consequently not many car companies are interested in investing the time, effort (replace previous two words with 'money') to bring diesels to the US -- it's illegal to sell them in many states so it would be a lot of money spent for not much return in sales revenue.
You can buy used diesel passenger vehicles in any of those states, but it's hard to find them (since they were never sold as new there in the first place) and they fetch a premium. Case in point: I bought mine *used* for $19,500 in New Jersey (where new diesels are actually legal to sell), and it had 42k miles on it at the time. New, the car's sticker price was about $22,000. Now it has 60k miles on it and my car will fetch $21,000 without too much trouble (I live in California these days). It's kind of a shame they aren't more common, as the mileage is good (36 city/50 highway is my real-world driving).
Before people call me a diesel zealot, I'll definitely mention the bad things: they are bad in that they create more particulate in their exhaust, which has been shown in studies to be a carcinogen. Old-skool diesel fuel sold in the US also contained lots of sulfur, which created sulfur dioxide in the exhaust, which in turn created acid rain. The sulfur also prevented good catalytic converters from being used, so diesels create way more NOx. Now that we have low-sulfur diesel in the US, I think diesel cars will become quite a bit better...but the reputation they garnered as smoking, smelly, sooty, bad-for-the-environment cars through the 70s and 80s will probably hurt their chance at widespread adoption in the US.
Diesel is also interestingly becoming more expensive than gasoline where I live. I find it funny, because diesel fuel is a lot easier to produce than gasoline, or so my fuel engineer friend tells me. Still, mile for mile diesel fuel is cheaper, since I get about the double the mileage that I would in a similar gasoline vehicle...
Thank you. A few years ago I got flamed on slashdot for suggesting that patent encumbrance could be an issue for the GPL. This deal is making people "get it." Yay!
I recommend taking the GPL Quiz for anyone that questions anyone else's understanding of copyright and patent issues. It's a great starting point to understand some of the issues, and slashdot would be a better place for it.
I've seen this one before, and before. I'm pretty sure the story was confirmed each time, though, but that the affected range is quite small (within a few miles of the base, depending on geography).
I'm still not sure whether I believe it, of course, as I'm not being affected (nor do I know anyone that is). If you've got some articles pointing out to the urban legendness of the stories, I'm all ears. Er, eyes.
What I don't get is, why the double-standard on communication? I think congress should enact legislation recording all communication within such companies. We should have microphones in every room and every hallway, to record every word spoken in such a company, just in case people do something wrong. We should probably also have video cameras, in case the would-be lawbreakers decide to write paper notes, and every paper shredder should have a scanner with OCR in line with it, so that the letters are stored for possible litigation.
C'mon, if your company isn't doing anything wrong, you don't have anything to worry about. The recordings will only be used if you're doing something illegal.
Okay the subject is funny, but does WayneCorp focus on one product? Hardly.
Actually, try this experiment:
Take two pieces of toast Spread peanut butter on one of them Leave the other one plain Drop a couple of nice new crisp dollar bills on both slices pick them both up and turn them upside down which one has money on it?
Google definitely offers a peanut-butter style (whatever that even means) technology strategy, and it seems to work. Actually, for a technology company, diversity is probably the best thing you can do. Technology is topsy-turvy. Your competitor can come out with a new widget that puts everything you've done for your entire company's history to ruin if all you do is make an inferior version of the widget. If you diversify, and your competitor comes out with a new widget, you'll still be around. You just have to keep some agility.
I mean it has a built in firewall that is actually semi decent
OS X's built-in firewall sucks. And I'm a mac user. Through the interface, click all the security options (and go into Advanced and check stealth mode, etc). Type in 'ipfw show' at the command prompt. Wow! Stealth mode blocks ICMP echo requests! The firewall *still* allows all UDP traffic in, so long as the UDP traffic *comes from* a specific port. In short, the firewall assumes nobody is spoofing packets to get through it, which is retarded. A firewall that makes that assumption may as well be turned off.
Wouldnt that mean that OSX has been for a long time shutting out companies like this?
Mac OS doesn't shut people out. It offers a free SDK, and (mostly) follows published standards. Bastille Linux is a fine example of a hardening system/firewall enhancer for OS X. Check it out.
I hope they annoyingly patented what they did (though I don't get how to you specifically patent selective breeding), or the first two owners of frisky felines will put them out of business.
Parent is probably the best summary of the case here.
The Sovereign State of California set standards for what it determined to be healthy levels of pollution from automobiles. It then enforced those standards and required auto makers to meet the requirements, allowing them to do business in the state when they did. Now it is suing the auto makers because...?
In reality, it should be the People vs. the State for determining the incorrect levels of pollution that are deemed 'healthy.' There might actually be a case, there, too, now that the State of California, by way of this suit, is admitting that its own standards are/have been inadequate. All the citizen-folk have to do is search through public records for proof that the state knew this and refused to act on it.
Sometimes it's better to not put a fence around a pit because doing so only shows that you knew the danger and didn't do enough to fix it.
People try to make everything a technical problem, which is really the wrong approach. This ain't something you're gonna fix with fancy access control and slick hardware. No matter what you do (separation of duties, cryptography, trusted operating systems), all you'll succeed in doing is making life more annoying for your regular users, and demonstrate a huge lack of trust of your employees.
If you really want a solution, it's got to be as much policy as it is technology. I'd start with, oh, making your employees sign an NDA, and making sure they're aware of what is a company secret (most companies like Apple, Sun, IBM, etc, have classifications just like the government, e.g. "Apple Secret", "Sun Top Secret"). Make sure they know what those secrets mean, e.g. "Our documents labelled Top Secret will probably cause us to lose our dominant position in the market if leaked." Then, you implement auditing on your data storage. If your IT guys start reading company business strategy memos off the file server, you probably won't catch them when it happens. But if it becomes obvious that those memos were leaked, you can go back through the audit logs and see if anyone read them that shouldn't have, and act appropriately (though don't just assume that that person leaked the info).
Bear in mind that the technical part of this 'solution' will probably fail. What you're trying to do is paradoxical. You're saying, "I ultimately trust these guys with the security of all of my information, but I don't completely trust them with the security of all of my information."
Scientists are like other people: they seek the good opinion of their peers. It seems unlikely to me that scientists are more immune than I am to the desire to be thought smart.
This is a good point. Some scientists will always lie (just as some people will always lie) so that people think better of them. The argument falls apart for scientists a little bit, though -- scientific papers have to stand the test of time. Liars and fakers in this field will all be caught eventually, and being caught lying once will taint people's opinion on the rest of a scientist's work. I think lying scientists are definitely in the minority for this reason: being a somebody today (for lying) is not worth the price of being a nobody for the rest of your life (when people catch it).
The only problem is. The oil industry / Polluters are also applying the same logic, but for their means.
This makes a funny point, as well.
What do scientists have to gain by claiming global warming is happening/refusing the oil industry? A salary, at best. Climatologists and research scientists definitely don't make big bucks (maybe decent money on writing books, but hardly billions), relying mostly on NSF grants to do their research. Lying for a meager living is not something most people are willing to do.
What does the oil industry have to gain by refuting the scientists? Lots and lots and lots of money. Lying for a few billion dollars is something that even I would consider. Everybody has a selling point.
I've owned an ibook g4 for a long time (~3 years now). It has the same kind of discoloration. Before that, I owned an ibook g3. Same 'problem'. The problem stems from dirty-handed programmers -- I would spend 12-hour coding sessions on my ibooks, eating, drinking, etc all the while. I managed to 'wash' my g3 with dish soap and a rough dish washing pad (be careful). It scratched up the area around the palm wrests a little bit, but made them look white again, at least. Jury is still out on whether it was worth it.
The short of it is, if we buy something that's bright white, be it a car, a shirt, or a computer, we should have a reasonable expectation that it will get dirty.
Imagine if we all whined that our white dress shirts were defective because they yellowed around the collar?
This isn't really an apple-can-do-no-wrong post, but if you want to keep your 'book white, you might try some plastic skin in the affected areas...
Is Ubuntu going to have selinux support that works at some point? I wonder if this is an attempt to split some of the larger linux community away from RedHat (Solaris 10 and RHEL5 will be fairly nice competitors because they both have MAC policies)...
I love Ubuntu but in the interest of free supersecurity this makes me a little nervous.
Will a new set of laws need to be created to cover hacking online currency? It's kind of a grey area -- what is the economic impact of diluting virtual currency that has an exchange rate in the real world? Doesn't seem like it'd fit into the 'normal' counterfeiting mold.
Slashdot Mirror
TFA was not intended to be a HOWTO. Articles that come in glossy-coated magazines never are. The reason it was posted to slashdot was, I think that it garnered some big-time attention, and the particular attack hasn't been mentioned anywhere on slashdot before. I think the slashdot crowd can engineer ways to do the exploit, and defend against it, and we'll all get rich no matter which side of the fence we decide to play.
:).
As for a HOWTO, it depends on the situation. If we make the assumption that user file sharing is on, as TFA says (and you assumed away in your initial post), there are quite a few avenues.
I believe the implicit assumption from TFA is that "Filesharing enabled" means that some directory is read+write to the public. This isn't that uncommon for home computers. Users don't want their kids to have to remember passwords. "After all, we only use filesharing on the home network." Heck, the last time I installed Windows XP it created a password-less administrator accounts during the install process. Anyway, here's your howto:
1) Drop your payload in the shared folder.
There are a lot of ways to get the user to execute the payload:
2) a web proxy that does meta-refresh to file:///path/to/file might work (not 100% sure if that would work? I haven't actually used Windows for any great length of time in years).
2 [alternate 1]) Web proxy that says, "[path] is standard Windows software that allows you to use Free Wi-Fi service. Please run [path] in order to connect to the internet. [link]. [optional: As the software is already installed on your computer, security is guaranteed!]" 99% of the idiots that have filesharing on will do what the browser tells them in order to get their precious free Wi-Fi.
2 [alternate]) If that won't work, there are a lot of other ways to get a user to open something. Even just putting it there could be enough. Average user will see the file some day and say "hey, I haven't seen that before, I wonder what it does [double-click]." The payload doesn't have to deploy right away, perhaps it takes time.
3) ??? [alternate: make computer into a zombie]
4) Profit!
The interesting thing about using this method to deploy a zombie program is that it is very very very difficult to track down. If the initial injection of malware is done using a remote attack, forensics people have a reasonable shot at tracking the source (or at least tracking the next link in the chain, and eventually finding the source).
Assuming the attacker gets the zombie software on even 10 computers this way, (s)he now has 10 computers that can be used to launch zero-days against yet other PCs, remotely. Forensics folks won't have any meaningful logfiles to analyze to look back at the initial injection vector. Assuming the malware does nothing to clean its tracks and the computer logs everything, all they'll find is that the payload was put there by a wireless device with [forged mac address] at some date and time. Not much to go on when looking for a perp. I'm sure there were a lot of people at the airport that day, and a lot of people watching in the observation deck/waiting outside for a loved one/using a pringles can antenna in their car. The only other avenue they'll have for tracking is to find the controller. And if the controller uses TOR or something, good luck
There are probably better ways to get a user to execute an already-installed-executable that I don't know about. Others can probably chime in.
Reid
It's hard for an article to explain anything if you don't read it.
From TFA:
In addition, because you've directly connected to the attack PC on a peer-to-peer basis, if you've set up your PC to allow file sharing [emphasis mine], the attacker can have complete run of your PC, stealing files and data and planting malware on it.
You can't actually see any of this happening, so you'd be none the wiser. The hacker steals what he wants to or plants malware, such as zombie software, then leaves, and you have no way of tracking him down.
Reid
Much less chance the people we are shooting at will get cancer 20 years from now.
Sure it's true that the lab mice don't get cancer 20 years from now after being shot in the face. Mouse physiology is quite different from ours, though.
In short, I don't think we've done enough carefully controlled human trials with bullets to make your claim. I'd suggest some form of double-blind experiment, shooting several thousand subjects from various socioeconomic classes with blanks and with bullets, and see what the effect on cancer rate is. I'll volunteer for the control group, which doesn't get shot at all. Providing a baseline for the population is probably the hardest job, as it takes the longest amount of time.
Reid
Thank you.
:).
Please vote to give this article the scientificmethodcantproveonlydisprove tag
Cheers,
Reid
For anybody that never heard of this, it was a fun counter-prank to a scam attempt on ebay: http://www.zug.com/pranks/powerbook/
Reid
Hear hear.
:).
I just filed a paypal dispute (seller "shipped" but I never received anything). The seller never responded to the dispute in the 30 days they had, and paypal ruled thusly:
"We have decided in your favor, however, we were unable to recover any funds
from the seller's account. As stated in the PayPal User Agreement, recovery
of funds associated with a Buyer Complaint cannot be guaranteed."
That sure is some great buyer protection they have. Thank goodness my credit card company is actually a bank, and I can do a chargeback against Paypal
I drive a diesel (VW Jetta) and it is awesome. No cold weather starting problems, either, even when I lived in central new york, where the temperature was regularly in the single digits. Most fuel sellers put additives in their diesel in the winter to prevent the fuel from gelling, and engines have very good glow plugs these days. The motors are even quiet and soot-free these days (unless you really floor the gas pedal)...every time I've told a passenger in my car that it's diesel, they've been surprised and/or didn't believe me.
It's also zippy as heck. The motor produces a ton of torque at really low RPMs so it feels a lot faster than it really is, but the feeling makes it a ton of fun to drive.
The biggest reason that more diesels aren't sold in the states is that California banned the sale of new ones. Several other states adopted California's emissions laws (New York and most of the northeastern states). Consequently not many car companies are interested in investing the time, effort (replace previous two words with 'money') to bring diesels to the US -- it's illegal to sell them in many states so it would be a lot of money spent for not much return in sales revenue.
You can buy used diesel passenger vehicles in any of those states, but it's hard to find them (since they were never sold as new there in the first place) and they fetch a premium. Case in point: I bought mine *used* for $19,500 in New Jersey (where new diesels are actually legal to sell), and it had 42k miles on it at the time. New, the car's sticker price was about $22,000. Now it has 60k miles on it and my car will fetch $21,000 without too much trouble (I live in California these days). It's kind of a shame they aren't more common, as the mileage is good (36 city/50 highway is my real-world driving).
Before people call me a diesel zealot, I'll definitely mention the bad things: they are bad in that they create more particulate in their exhaust, which has been shown in studies to be a carcinogen. Old-skool diesel fuel sold in the US also contained lots of sulfur, which created sulfur dioxide in the exhaust, which in turn created acid rain. The sulfur also prevented good catalytic converters from being used, so diesels create way more NOx. Now that we have low-sulfur diesel in the US, I think diesel cars will become quite a bit better...but the reputation they garnered as smoking, smelly, sooty, bad-for-the-environment cars through the 70s and 80s will probably hurt their chance at widespread adoption in the US.
Diesel is also interestingly becoming more expensive than gasoline where I live. I find it funny, because diesel fuel is a lot easier to produce than gasoline, or so my fuel engineer friend tells me. Still, mile for mile diesel fuel is cheaper, since I get about the double the mileage that I would in a similar gasoline vehicle...
Thank you. A few years ago I got flamed on slashdot for suggesting that patent encumbrance could be an issue for the GPL. This deal is making people "get it." Yay!
I recommend taking the GPL Quiz for anyone that questions anyone else's understanding of copyright and patent issues. It's a great starting point to understand some of the issues, and slashdot would be a better place for it.
I've seen this one before, and before. I'm pretty sure the story was confirmed each time, though, but that the affected range is quite small (within a few miles of the base, depending on geography).
I'm still not sure whether I believe it, of course, as I'm not being affected (nor do I know anyone that is). If you've got some articles pointing out to the urban legendness of the stories, I'm all ears. Er, eyes.
What I don't get is, why the double-standard on communication? I think congress should enact legislation recording all communication within such companies. We should have microphones in every room and every hallway, to record every word spoken in such a company, just in case people do something wrong. We should probably also have video cameras, in case the would-be lawbreakers decide to write paper notes, and every paper shredder should have a scanner with OCR in line with it, so that the letters are stored for possible litigation.
C'mon, if your company isn't doing anything wrong, you don't have anything to worry about. The recordings will only be used if you're doing something illegal.
Okay the subject is funny, but does WayneCorp focus on one product? Hardly.
Actually, try this experiment:
Take two pieces of toast
Spread peanut butter on one of them
Leave the other one plain
Drop a couple of nice new crisp dollar bills on both slices
pick them both up and turn them upside down
which one has money on it?
Google definitely offers a peanut-butter style (whatever that even means) technology strategy, and it seems to work. Actually, for a technology company, diversity is probably the best thing you can do. Technology is topsy-turvy. Your competitor can come out with a new widget that puts everything you've done for your entire company's history to ruin if all you do is make an inferior version of the widget. If you diversify, and your competitor comes out with a new widget, you'll still be around. You just have to keep some agility.
Sayonara yahoo!, it was fun while it lasted.
Well that's easy, we simply ask them to delete the log that records that we asked them to delete the log. Problem solved!
Nothing to see here, move along.
I mean it has a built in firewall that is actually semi decent
OS X's built-in firewall sucks. And I'm a mac user. Through the interface, click all the security options (and go into Advanced and check stealth mode, etc). Type in 'ipfw show' at the command prompt. Wow! Stealth mode blocks ICMP echo requests! The firewall *still* allows all UDP traffic in, so long as the UDP traffic *comes from* a specific port. In short, the firewall assumes nobody is spoofing packets to get through it, which is retarded. A firewall that makes that assumption may as well be turned off.
Wouldnt that mean that OSX has been for a long time shutting out companies like this?
Mac OS doesn't shut people out. It offers a free SDK, and (mostly) follows published standards. Bastille Linux is a fine example of a hardening system/firewall enhancer for OS X. Check it out.
I hope they annoyingly patented what they did (though I don't get how to you specifically patent selective breeding), or the first two owners of frisky felines will put them out of business.
Maybe they'll sell one gender of cat?
Parent is probably the best summary of the case here.
The Sovereign State of California set standards for what it determined to be healthy levels of pollution from automobiles. It then enforced those standards and required auto makers to meet the requirements, allowing them to do business in the state when they did. Now it is suing the auto makers because...?
In reality, it should be the People vs. the State for determining the incorrect levels of pollution that are deemed 'healthy.' There might actually be a case, there, too, now that the State of California, by way of this suit, is admitting that its own standards are/have been inadequate. All the citizen-folk have to do is search through public records for proof that the state knew this and refused to act on it.
Sometimes it's better to not put a fence around a pit because doing so only shows that you knew the danger and didn't do enough to fix it.
Just set up a message board website that hides comments for everyone but those who can authenticate. Your address is now your URL.
Or is that cheating?
People try to make everything a technical problem, which is really the wrong approach. This ain't something you're gonna fix with fancy access control and slick hardware. No matter what you do (separation of duties, cryptography, trusted operating systems), all you'll succeed in doing is making life more annoying for your regular users, and demonstrate a huge lack of trust of your employees.
If you really want a solution, it's got to be as much policy as it is technology. I'd start with, oh, making your employees sign an NDA, and making sure they're aware of what is a company secret (most companies like Apple, Sun, IBM, etc, have classifications just like the government, e.g. "Apple Secret", "Sun Top Secret"). Make sure they know what those secrets mean, e.g. "Our documents labelled Top Secret will probably cause us to lose our dominant position in the market if leaked." Then, you implement auditing on your data storage. If your IT guys start reading company business strategy memos off the file server, you probably won't catch them when it happens. But if it becomes obvious that those memos were leaked, you can go back through the audit logs and see if anyone read them that shouldn't have, and act appropriately (though don't just assume that that person leaked the info).
Bear in mind that the technical part of this 'solution' will probably fail. What you're trying to do is paradoxical. You're saying, "I ultimately trust these guys with the security of all of my information, but I don't completely trust them with the security of all of my information."
Bill Hicks predicted the future:
*pshwhshswsh*
"What's that?"
"Musket repellant."
Scientists are like other people: they seek the good opinion of their peers. It seems unlikely to me that scientists are more immune than I am to the desire to be thought smart.
This is a good point. Some scientists will always lie (just as some people will always lie) so that people think better of them. The argument falls apart for scientists a little bit, though -- scientific papers have to stand the test of time. Liars and fakers in this field will all be caught eventually, and being caught lying once will taint people's opinion on the rest of a scientist's work. I think lying scientists are definitely in the minority for this reason: being a somebody today (for lying) is not worth the price of being a nobody for the rest of your life (when people catch it).
The only problem is. The oil industry / Polluters are also applying the same logic, but for their means.
This makes a funny point, as well.
What do scientists have to gain by claiming global warming is happening/refusing the oil industry? A salary, at best. Climatologists and research scientists definitely don't make big bucks (maybe decent money on writing books, but hardly billions), relying mostly on NSF grants to do their research. Lying for a meager living is not something most people are willing to do.
What does the oil industry have to gain by refuting the scientists? Lots and lots and lots of money. Lying for a few billion dollars is something that even I would consider. Everybody has a selling point.
I've owned an ibook g4 for a long time (~3 years now). It has the same kind of discoloration. Before that, I owned an ibook g3. Same 'problem'. The problem stems from dirty-handed programmers -- I would spend 12-hour coding sessions on my ibooks, eating, drinking, etc all the while. I managed to 'wash' my g3 with dish soap and a rough dish washing pad (be careful). It scratched up the area around the palm wrests a little bit, but made them look white again, at least. Jury is still out on whether it was worth it.
The short of it is, if we buy something that's bright white, be it a car, a shirt, or a computer, we should have a reasonable expectation that it will get dirty.
Imagine if we all whined that our white dress shirts were defective because they yellowed around the collar?
This isn't really an apple-can-do-no-wrong post, but if you want to keep your 'book white, you might try some plastic skin in the affected areas...
Google trends shows that there is no correlation between video games and being shot in the face. I rest my case.
Is Ubuntu going to have selinux support that works at some point? I wonder if this is an attempt to split some of the larger linux community away from RedHat (Solaris 10 and RHEL5 will be fairly nice competitors because they both have MAC policies)...
I love Ubuntu but in the interest of free supersecurity this makes me a little nervous.
Will a new set of laws need to be created to cover hacking online currency? It's kind of a grey area -- what is the economic impact of diluting virtual currency that has an exchange rate in the real world? Doesn't seem like it'd fit into the 'normal' counterfeiting mold.