Variety – Timestamps
00:00 – Intro
01:49 – Factoids
09:34 – A history of peeing in Space
16:00 – Mitch’s Cybersecurity corner DDOS and the Slow Loris attack
56:29 – How much of the universe can we hope to explore?
1:03:13 – Were dinosaurs aquatic?
1:07:48 – Thank you for listening and mid-season break plans
1:10:26 – Outro
You can listen to The Conduct Science Podcast by using the player above, searching for “The Conduct Science Podcast” on any place you listen to your podcasts, using any of the links below or you can download it HERE!
Links from the show:
Welcome to the Conduct Science Podcast variety show! This week we don’t have a topic and are answering questions that we found interesting and intriguing. Tom takes you through the history of space waste, how much humanity could hope to explore the universe and whether the T-rex was actually aquatic! While Mitch brings you into his world of cybersecurity exploring denial of service and the slow loris attacks. Music by: Joakim Karud – https://soundcloud.com/joakimkarud.
Thanks for Listening!
Feel free to share your thoughts on our Twitter here: @ConductScience
Use #ConductScience on twitter to:
- Suggest a guest
- Suggest a topic
- Ask a question we can answer on the show
- Or to just get in touch!
Learn about our products:
Tom: Hello ladies and gentlemen and welcome to the Conduct Science Podcast where today we are going to be soaring majestically as an eagle flying a blimp. If you want to check out all the latest goings on, you’re going have to conduct science.com. You can find us on Facebook and Twitter by searching @conductscience. If you want to get in touch, ask a question, suggest to guests, anything of the sort, please use the #ConductScience. I am your host Tom Jenks. I’m back from his performance at the royal variety show with the Queen is Mitchell gatting.
Tom: And today’s topic is, well we don’t have one. We are going to be doing a variety show. And you know, last week we asked for some questions and you know, so many of you messaged in that we really just couldn’t decide which questions to answer. So we went with our own. It was just so overwhelming, you know, there’s just so many of you there. And so, so that was the only choice we had to, we had to go for it.
Mitch: Forced our hands people, forced our hands.
Tom: Yeah. It’s the outpouring of love is incredible. I hope someone got the, the reference at the beginning. Did you Mitch?
Tom: Thank God.
Mitch: Cos variety and then the variety. Yeah?
Tom: Nah about the Eagle and the blimp. Do you know where that’s from?
Tom: Portal 2 man.
Mitch: Okay. Yeah.
Tom: Great game.
Mitch: Been a while since I’ve played that, so I don’t know.
Tom: Anyway, factoids. Yes, we do those. So we didn’t really have anything to go for. Like normally when you have a topic you can kind of, you can find, you could find factoids that make some sense. But mine are just all over the place. I saw a video on Imgur. Of this guy holding up a rock to the sun and the changed color and I was like, oh, that’s really interesting. And it turns out there are some rocks and minerals that change color when they’re exposed to light and it’s called photochromism. And it’s used in like sunglasses. You know, some people walk out doors and their sunglasses go dark. Have you seen that?
Mitch: Yeah, yeah, yeah.
Tom: Uh so that’s how they do this and it’s defined as a reversible transformation of a chemical species between two forms and what happens is the, it absorbs the sunlight and it causes it to change form and the different form absorbs light, at a different, a different place on the spectrum. So it puts out a different color than before and I’ll put a link to a video in the on our site so go watch this guy who make photochromic gummy bears. It’s just really interesting and I ended up watching out for about three hours and I was meant to research these.
Mitch: Good use of time.
Tom: Oh, fantastic use of time. My next one, this happened two days ago. NASA is investigating the first crime in outer space.
Mitch: Oh, I did see this. Yeah, I did see this. Yeah, I followed this.
Tom: What happened was Anne McLain, Colonel Anne McClain, I don’t know if I need to clarify. Basically she accessed her ex wife who was Summer Worden bank account. Using NASA computers from the International Space Station. And this is potentially the first ever crime in space. If it turns out that it is the proceedings are obviously still going on and her ex wife found out because during an argument McLain mentioned very specific purchases that she wouldn’t have known about unless she was looking at her bank account. So I mean that was pretty stupid of her. And then I was reading a bit more about the article and it gets very Jeremy Kyle like because her ex wife’s parents are blaming her of manipulating the situation so she could get custody of her ex wife son. And I was like, okay, this is okay. Thisspiraling. But yeah, my last factoid…
Mitch: Wait, before you do that, I’d like to say it’s a cybercrime. I’ll come on to later,, my stuff this week to do cyber crimes and that sort of thing.
Tom: Which, I don’t know a lot about it, so I’ll be very interested to to learn more about that. Actually. My last factoid is a sexual dimorphism and we see it a lot in humans, very slightly and lots of animals throughout the nature. And obviously I studied mammals, marine mammals, and I’ve done a lot of that over the past few years. So I wanted to get something in there to do with that. So if you’re looking at seals, pinnipeds, you’ll often see that the males are lot larger than the females. And people often wonder why and it comes down to two reasons. Firstly, the males put a lot less energy into gamete production. Sperm is very easy to produce, whereas for females, eggs quite expensive. So a lot of energy goes into producing that. And also if the males are bigger, it means they can dive deeper. And because seals are colony based, they are from the same area, they always returned to the same home. If they both exploited the same food source, it would run out very quickly. So males can dive deeper and exploit a different niche. So it means that they don’t just kind of die of starvation all the time. And that’s what I’ve got for factoids.
Mitch: Oh, okay. I’ve got some facts. Just random facts though, if you want, if you’re ready for them.
Tom: Yeah, I’m super ready.
Mitch: Yeah. Okay. So if you didn’t know hard boiled egg will spin, but a soft boiled one won’t.
Tom: What do you mean will spin?
Mitch: Like you’ve put it down on the desk between you on your forefinger and then span it a hardboiled egg would continue to spin, but a soft boiled egg would like peter out pretty quick.
Tom: Okay. I wonder why that is. Is that because like the, like the viscosity?
Mitch: Yeah. Yeah. It would absorb some of the spin. Okay. That makes sense. The energy. Yeah.
Tom: Good fact.
Mitch: Yeah. Okay. A call, another one visit. I’m trying to find, I just read it and it was just like this is, this is good. You breathe on average about 8.4 million times a year and now that you’re super aware of that, you’re now breathing more than you would normally or you’re more aware of it.
Tom: Yeah, I am. I’m trying not to like breathe on the mic. . Um is that like, is that like a breath cycle? Or is that in and out?
Mitch: Um I would say a cycle.
Tom: Yeah. Sorry, I’m asking really like obscure questions. It’s just,
Mitch: It’s fair I think cause you, cause you breathe in and you breathe out. So surely take a breath. You need to do both.
Tom: Yeah. Okay. Yeah, that makes sense. That’s okay.
Mitch: Um second one human thigh bone is stronger than concrete again.
Tom: Okay. I’m gonna ask another weird question.
Mitch: Go for it.
Tom: Stronger than the concrete in the shape of a thigh bone or stronger than like a slab of concrete or?
Mitch: I think it’s like if you took the same amount of both and then put them in the same sort of shape. Okay. You would find that it’s stronger.
Tom: Wow. That’s interesting. You don’t, you don’t think about how attuned your body is and how strong it can be. I guess you don’t hear people breaking their thighs much do you?
Mitch: No. Well, yeah. Like it’s your femur isn’t it? You always hear like when you break your femur it’s like, oh dear, that’s, that’s that’s like what did he do to do that? Or She, what did they do to do that? Because it takes a lot cause obviously he’s stronger than concrete. The final disgusting walnut stuff cold, which I quite liked. It was during your lifetime you will produce enough saliva to fill two swimming pools.
Tom: Imagine swimming in that. Imagine like getting to the end of your life and being like, oh well there you go. You have to, you have to swim in it now victory lap.
Mitch: Could you swim in it? It’s not like water though is it?
Tom: Cause it’s like it would be, it would be so it’s not like a thick, as thick as honey, obviously. And it’s not as viscous is water. So you presume it’d be easier to swimming, but it would be a bit like disgusting.
Mitch: But when, okay. When you mean easy to swim, do you mean like you’d be able to float better?
Tom: Okay. Yeah. It might be easier to float but harder to get through. If that makes sense?
Mitch: Yeah. So flotation would be better but harder to actually pull yourself through cause of the resistance.
Tom: It’s like the Black Sea. That’s the one that’s really salty.
Mitch: Yeah. But that’s not hard to swim in though.
Tom: No it’s not… It just reminded me of that. Have you seen An idiot abroad?
Tom: Have you seen the one where he goes there and gets a belly button full of spit. . Oh God, disgusting.
Mitch: And my final scientific fact. A jiffy is a scientific name for 100th of a second. So let’s say someone says a back in a Jiffy. They mean 100th of a second.
Tom: Oh, I didn’t realize they had given a scientific because I knew it was like an actual undisclosed amount of time. I didn’t realize that given a specific amount of time. Ah, there you go. Useful information.
Mitch: So, 10 milliseconds is a Jiff.
Tom: . One jiff. Is it a jiff or a jiffy? And what’s the plural?
Mitch: It’s a jiffy, it’s Jiffy.
Tom: What’s the plural of that? Jiffies?
Mitch: Yeah. Jiffies J. I. F. F. I. E. S. Jiffies.
Tom: Okay. This is information I’ll take forward with me. I remember more about these little factoids than I do about the rest of the show sometimes. I have a, the quick little story that’s kind of disgusting, kind of fits. A few episodes ago, you mentioned how they pee in space by using like a condom sort of sheath kind of thing.
Mitch: Yeah, the cone.
Tom: The cone. Right. So I came across a story about the history of peeing in space. I thought it was incredibly kind of weird but interesting.
Mitch: All right. Okay. Before, before. Yeah. What was their first iteration like a sponge? They, they peed into. If I were to guess, I would say that they pee’d into a sponge and then like pulled it out, like not like squeezed it out.
Tom: But that would have a, yeah, I’m trying to think. I can see you, you’re thinking, but then also you’d have to squeeze a sponge full of your own pee.
Mitch: Yeah. But it’s barely trying to like catch it, isn’t it? Is there something like floating round and you’ve got a net that you need to like?
Tom: . Well that’s true. All right. So my question is if this was peeing in space: a history and I’ll nod a thanks to Mary Kowal from the New York Times who wrote about this in a series of tweets, they were highly entertaining. So basically in the mercury program when they were first sending Americans to space, they didn’t know if it was possible to even pee in space or even to swallow as such. They kind of planned for, you know, a short amount of time. They planned to send Alan Shepard up who’s the first American to go to space for 15 minutes as such. They never allotted for there to be toilet time. But because of delays on the landing pad he, he needed to go super badly and asked for permission just to pee in his suit. So the, the doctors and the scientists kind of thought about it and they went okay. Yeah. So he peed himself and then went to space for 15 minutes. So, if that’s not glamorous, I don’t know what it is. You know, they, they tell you about space travel, but they don’t tell you about peeing yourself.
Mitch: Wait, so he pee’d…
Tom: He just pee’d in his suit, there was nothing to catch it or anything. He just peed down his leg.
Mitch: If the suit wasn’t like segmenting properly, if he like flowed up to his face inside the mask, it would have drowned in piss. Because there’d be literally no way for him to get it off of him.
Tom: Yeah. But he didn’t, he didn’t drown in his own piss or he could have had to drink it to save his life. That would have been a, yeah. So the first man who went space. He was American, Pete himself as he did it. And then along came the sheath kind of thing that you were talking about. Or I thought you were speaking about, it’s basically like a condom that you would put over it and you were time the air vacuum to catch it right. And in testing it was absolutely perfect. Now this was a time where only men were going into space, but in reality it didn’t work at all. It hardly worked. They either ended up with it floating around the cabin with them or you know, it’s sucking a bit too hard on their manhood cause it’s the vacuum of space. And then they realized why this was happening. So they asked the astronauts what size they would like for this condom right?
Tom: And it came in small, medium or large, and every single one asked for a large. So obviously that wasn’t the case. And so they ended up pissing themselves because they were too proud to say what their real size was. So once they figured this out, they changed the sizes to extra large, immense and unbelievable instead of small, medium, and large. And this fixed the problem after that for longer missions. . You come to the Gemini and mercury programs and they were like, okay, so how do we figure out the problem of pooing in space? So what they did is they got plastic bags and they just sellotaped it to their butt. And you know, they were like, this is fine, but it smells of poo like badly. So for the Apollo missions, they tried to kind of change it a bit and they didn’t quite fix the poo bag scenario, but they had turned these like condom things into the pee that can go straight into space. So instead of being in a bag or anything it goes evacuates straight into space and they’re like, oh, this is great because you can see out the window, it catches the light of the sun. It looks pretty. This is what the astronauts said. And Fun little fact Buzz Aldrin was the second man on the moon, but the first one to pee there, then it came to Apollo 13 which I think, have you seen the movie right?
Tom: Yeah. Everyone knows Apollo 13 is probably one of the most famous missions apart from Apollo 11 and a lot of people who’ve seen the movie knew that Fred Haise got sick. But no one really knows actually why. And this is because after the accident that occurred during the mission, the astronauts couldn’t use the alternate or regular pee event. So they said they had to stop dumping pee outside. But this was meant to be like a temporary measure and the astronauts thought they meant for the rest of the journey. So they were storing pee in bags everywhere and anywhere that they could find. And the quickest option was for them just to leave. The pea and the collection bags within their suits. So Haise got a urinary tract infection and a kidney infection because he was basically bathing in his own pee for a few days.
Tom: So that’s nice. And then they kind of 10 years later when they started to send women up into space, they’re like, okay, now we need a solution. And they created MAGs: maximum absorbency garments, which is just a very fancy word for a nappy, just super absorbent nappies.
Mitch: That’s what I said with my sponge, my sponge idea!
Tom: Yeah, yeah. So what you, what you started with is what they ended at..
Tom: Um and to solve the poo problem on the ISS they have the zero-G toilets. Which the astronauts have quoted says involves fans, suction and a lot of luck because poop doesn’t break off. You kind of have to use gloves to in zero-G and they have portable pee containers like the, shewee now, so yeah, I thought I’d start with that going off the disgusting kind of factoid you had there, because that was a roller coaster of just interesting, disgustingness I thought but that very interesting to see the evolution of a waste in space.
Mitch: Yeah. Okay. So when we like discussed that we’d have like a variety hour and what we’d talk about, I thought about doing, sort of something that’s in my field. So something to do with cybersecurity and what I personally think is quite interesting and quite a a fun attack. If you can have fun attacks. That just sounds very nerdy of me that I have like a favorite fun attack. It’s a type of DDOS attack and it’s called the slow, slow Loris.
Tom: DDOS. You wanna break down the acronym?
Mitch: Yeah, I was go, I was gonna I was gonna start with what at actual DDOS attack is before I started diving into things cause it, it’s gonna happen a lot when I go through like this explanation.
Tom: I’m just gonna jump in with questions at some point if I don’t understand.
Mitch: Yeah. So this is, this is like a, an application layer attack and I’ll go further when I want to get into like the details about what the different layers are, what OSI is. Um there’s, there’s a whole bunch of things that like sub breakdowns of this and that we need to explain to be able to sort of describe how it works on a full. So a DDOS instead of just a, a DOS attack is a distributed denial of service attack that a questions so far?
Tom: No, I’m pretty good with that. Living on the Internet for a bit I’m quite familiar with DDOS attacks.
Mitch: . For those that haven’t been living on the Internet for a little bit isn’t a malicious attempt to disrupt all traffic of a targeted server. The server or service or a network by overwhelming that target or its surrounding infrastructure? With a flood of internet traffic.
Tom: Yeah. You just send lots of information to one server, don’t you?
Mitch: It can be one person sends through one channel a lot of information or you have what is called a Bot network where you have a, a fancy way of calling, like a puppeteer who controls that, that another name for them is zombies. And they will send out a control, like a command to these Zombie computers that are infected, but the people don’t know they’re infected. And then those PCs or servers will then throw information at this one place. So it doesn’t have to be one person. It can be coming from multiple sources into this one location. It’s how you would like the kind of effectiveness of a DDOS attack is by, you would use multiple machines because if you do using one server or machine, it will take a lot of sort of bandwidth and probably wouldn’t be enough to try and do it. So you need a lot.
Tom: And does that help with like retracing? If someone’s trying to hide where it comes from? They use lots of these sleeper pcs?
Mitch: So to trace it in that kind of sense, you’d have to go and trace to one the CPC and then work out from there what’s connecting in. But as these can be like people’s personal pcs that your like your parents could have up in their office, it’s hard for investigators to get access to that and then get sort of the networking logs off that PC to see what was going on. And what they can do sometimes is it’s called honey potting. And what that’ll be in like in police terms, what a honey pot is, is you set up something that seems too good to be true and it tries to entice robbers. Like you’d have a car that is unlocked as a nice car and that a robber would potentially try and break into and steal. And then when they break in and steal and try and steal that and the drive to try and drive off the door automatically locks behind them so they can’t get out. And then the engine cuts and then there’s a tracker on the car so the police can then jump in swarm and arrest the person. In cybersecurity terms, it’s a kind of undefended server that may not have, like won’t have patches that protect it. So if a hacker is looking to try and gain access, they will do so very easily. But there won’t be anything that they can gain on the server or be a bunch of fake information that looks like they are getting somewhere and getting information that they can sell on the dark web. But really they’re just getting fake information. And then once they’ve carried out reconnaissance and they’ve got like they’ve extract the information, then they’ll then set up this Zombie. So it just sits there and does nothing until they want to do something else. But what that means is when they then start the attack and then send out these commands, the honeypot will then notify the person that set it up to be like, okay, there’s this going on. You can trace this back or you can see what where it’s going and then notify them and then like s like sought it out.
Tom: So they try and get within that net or Zombie pcs so they can trace it back themselves?
Mitch: Yeah. So they kind of like, yeah, sit themselves in the middle is so it’s like, it sounds weird, but it’s a reverse man in the middle attack is kind of what it is. So a man in the middle attack is you have your information source and then you have, it’s like where it’s going. So say that you had a messaging system that was sending from A to B. You’ve got these two people. What a man in middle attack will do is he will then he, he or she, they all sit in the middle or try and get in a way so that they can sit in middle of it. So it goes from A to the man in the middle. Then you have to B so they can see what’s being passed through. It’s like that. But you’re using it for good.
Tom: Yeah, it’s using it to target A rather than B.
Mitch: Yeah. So you’re looking for the nefariousness of it and then thing. But it’s quite interesting how there’s always in cybersecurity there’s like a race between the bad guys and the good guys and what’ll happen is there’ll be a lot of copying between them. So a current thing you see now and like the sort of, if you’re selling exploits sort of section of the market, the bad guys market is you’d see hacking as a service and they’re directly copying that from the legit companies like Photoshop and Microsoft now do like products as a service or subscription services, the sort of the dark side of the Internet. They’re selling these hacks now. Do like they do hack packages but you pay monthly for it. So it’s as a sort of subscription service. So it’s like, it’s called like HAAS like hacking as a service. Like you have like Ias, which is Iris, which is like infrastructure as a service. But you have like now hacking as a service it’s quite interesting.
Tom: That’s insane, stuff you don’t think about or you would never actually come across if you weren’t either into that stuff yourself or doing that line of work.
Mitch: So from high level, what a DDOS attack is like is like a traffic jam clogging up a highway and preventing regular traffic from arriving as desire destination. So what happens when the zombies all sort of pile their network traffic into one server is that the legitimate people that need to get to the server can’t get in because the servers using too much resources, it’s going down and yeah, it just completely takes it offline. Or if it doesn’t take it offline, it uses up too much resources and no one else can connect. And this can be done for a range of reasons. Like, say that you’ve got a government who doesn’t want protestors being very safe about this. To contact a specific small messaging service which could be going on currently in the world. What the government can do because they have enough resources is pile traffic into that the messaging service that they currently use and take it down so the protesters don’t have any way of communicating.
Tom: And if we lose Mitchell in the next five minutes, we know exactly what happened. .
Mitch: . If I, if I just disappear, you can find me in a, some sort of Chinese camp .
Tom: . You’re being discrete now.
Mitch: Um well it’s, it’s kind of like the whole Hong Kong situation is what the Chinese can do is like the Chinese government, if they want to or have the inclination to break down their sort of communication, they have the ability to do it. Okay. So that is kind of what, on a very top scale, very quick, what a DDOS attack is. There are different types of DDOS attack. But I’m going to focus on one that’s called a Slow Loris and why it’s like my top two favorite is because it doesn’t use all these bots. It’s what is called like a low and slow attack.
Tom: Low and slow. That’s how we like it. .
Mitch: Low and slow. Yeah. So you don’t need a lot of resources to perpetrate this attack. It can be done very simply with a very simple python script.
Tom: Is this about to become like a guide to hacking?
Mitch: Oh No, no. I’m not gonna go like, Oh, you can do it by this. I’m going to explain how it works. I have, I have got a python script that does it, which I got it and had a root round and opened it up and realized I did kind of make one during my first year of uni by accident and I didn’t know it was called. But I’ll come back to that. So it’s a denial service attack program that kind of the attacker overwhelms the target server by opening up and maintaining simultaneous http connections. So what happens is if you’ve got say like a wordpress and you haven’t got like, it’s not like really big. You’ve paid for the lowest because you say that you’re a blogger and you’re starting out, you will have a basic package where only 20 people can connect to your server at once. You see where I’m going with it?
Tom: Yeah, yeah, yeah.
Mitch: So what happens is the one PC or open up 20 http connections to this wall thing so no one else can get to it and it doesn’t take much to be able to just do that. And you set it up and you kick it off and then it just keeps opening and closing connections to this one place. But normally the way that I’ll explain how http requests work is that if it doesn’t get a response or the responses pretty instant. Normally it’s called http handshake. And all connections within the world, they have this handshake, well, most of them have this handshake and it’s kind of like, hello, I’m here. Who are you? And the person says back, Oh, I’m this person are, do you want to acknowledge? And the person, the sender says, I’m acknowledge then send a hello than the certificate that gets sent in back. And then the person sends a certificate and their key to the server and then the key and the ciphered thing gets sent back in an application data, which is like the, I can see it and then they get sent forward and back. And that that happens in about 224 milliseconds. Like that’s how quick it is. It’s a very quick back and forth that pretty much states who they are. Here’s his key is a certificate that says like it’s a safe. So when you get the lock in the URL, the your sender which is you, the PC asks for the certificate and they go, oh here’s our certificate. We’re all good. We’re safe. Come to us. But just only works with http cause https automatically bypasses that by being super secure in like well compared to http it is super secure. So the way that the Slow Loris attack works is during this handshake period, it kind of utilizes how handshakes work. So the attack functions by it opens a connection to the target web server and then keeps, tries to keep it open as long as it can. Now the way that it does this, it sends a system knowledgement to the server with like, I think it’s like a broken header. And then what it keeps doing is it works out how long it doesn’t work, how it keeps sending like small pieces of pieces of data. Just like, oh hi, I’m still here. I’m just a really slow computer.
Tom: Like just enough to keep this handshake going but enough to let go.
Mitch: Yeah. So it, it just keeps, keeps sending a little bit at a time. And then like the server is like, okay, it’s just a really, really slow network or slow PC. So I’m not gonna, I’m not gonna, I’m not gonna cut him off. He’s just really slow and I just like, it’s just, this is genius. I just love it because it’s so, so utterly simple. You can set it up on your PC and just continue to do it and then you can still use the internet. Normally if you’re using a DDOS attack is going out, the PC that’s carrying out the DOS is sending all of its bandwidth. So you can’t do anything with that PC internet wise because it’s using up all the all your, all your, everything in your pipeline towards like the Internet. It completely takes up. But this is sends the like the least amount of like a very low amount of bandwidth to like just keep getting the responses…
New Speaker: It’s the lazy man’s DDOS attack.
Mitch: It’s pretty, pretty much is the lady, lazy man’s slow DDOS attack. That’s why it’s a low and slow. It’s because it’s low usage of resources and it’s just quite a slow kind of thing.
Tom: Okay. So how long would like, sorry if I was using say the Zombie PC method and at 12 o’clock I wanted to DDOS a site, say conduct science for example. How long would that take to happen? And then if I was using this low and slow method, how long would it take for that to make the site go down?
Mitch: It depends how sophisticated your code was for both. If you had many, many zombies, you could pretty much like trigger it and if you had no protections on the site. Say that that is hosted on most sites or hosting sites do now. They have to have automatic protections they put on Adidas will be instant. Okay. Like you’ll start up and then you like you’ll, well unless you’ve got a notification it will just go down until someone realizes and then you have to bring it back up. The slow Loris is a bit slower as you have to like keep connections, keep like keep opening them up. So if you had a maximum of a hundred it would have to open up the a hundred connections and then when it hits max it then works though it would take a bit longer. They both have pros and cons. If you’re looking at it from an nefarious point of view, the pro for the DDOS is it immediately takes down. So say there’s like a news broadcast going out and you want to take it down immediately, you can hit them and it will go down, but they know they’ve been hit in that situation. Like it’s, it’s not like a sneaky attack.
New Speaker: Undeniable this is what’s happened.
Mitch: Yeah. It is a very obvious like if you use like Spelunk and look at the network logs, there’ll be a big like, massive rise in the chart of incoming connections. And then it’ll like just you’ll get nothing going on throughout because it’ll cut off slow. Loris it’s a bit harder to detect because at the start of the attack looks like legitimate connections cause it just looks like people are using your server. And if you were a small blogger who’s like watching it in real time you’re like oh great, I’m getting real people that are looking at my stuff because it looks like their people are connecting from, well depends if you bounced the IP address, but you could be like oh look they’re coming from an IP address. This is good. And then you’d hit max and you’d be like oh I’ve hit max. I need to then buy some more connections. Almost like upgrade the server. But if they weren’t looking they would just like, you would just max it out and then they would just take over and it would work every now and then depending on how your program reconnects. Cause you could set it to like a five second delay on the reconnect. Cause when it connects all the way up and then if one does drop it then reconnects and it, it keeps trying to reconnect. If you set, it’s like try and reconnect with five seconds the person that’s checking or someone else could potentially get in and it looked like it was working.
New Speaker: That my next question actually was could you get on and make it look like… Yeah. Okay.
Mitch: So you could cause some like sporadic annoyances very easily. Or you could just like to try and hide that you were there and that you were doing this.
New Speaker: Yeah, but we only use these things for good. What would be, what would class as good? Is there an instance where your say a governmental agency attacking a hacker, like a counter attack. Who would that be an ethical way to use it or?
Mitch: Yeah. It’s exactly just the flip. So say that you had a server that was hosting malicious software that was selling it. So say like it was a storefront for malicious software. You could have a government agency that just keeps doing this to, to keep, to take, keep taking it down. But then you get, they would realize and they would put some things in place to stop it. Like you could potentially have some things that I’ll move on to when you come into, I’ll speak about like deterrence and uhow the slower hours can be mitigated. But yeah, so the Slow Loris is a application layer attack. And when we look at different layers, when we’re talking about the, OSI model, which is the open systems interconnection model, it was a model, a conceptual model created by the IOS standardization, which double IOS, Ims, which is the international organization of Standardization, which enables diverse communication systems to communicate using standard protocols. So the IOS got together and made a bunch of protocols so that every PC and server connections, that system could communicate with each other. Okay. I know there’s some use different ones, but there normally is the use, the OSI model, which has seven different layers that data goes through when it’s being sent somewhere or received. So if you’ll be, if you’re sending it, you go one to seven. If you’re receiving, you go seven to one. And you computer knows how to handle all this jazz. And so you have going from one to seven you have a your physical layer which transmits the raw data stream over a physical medium so that’s like your router. You have a data link layer which defines the data format on the network, which is like when you send it, what is it going to be? You have a network layer which decides the physical path that data will take. So how’s it getting to where it needs to go? You have a transport layer which transmits data using transmission protocols like TCP and UDP. Most traffic is done by these two are one is like TCP and pretty sure is how you send emails. And UDP is like a uninterrupted data, something or other the current currently remember. But one is like better for a constant connection like you would if you had a video link who wants better for like it doesn’t matter how it gets there as long as it gets there. So it can bounce it around different places. It doesn’t have to be have something go straight there. The next one, which is number five, you have a session layer and that maintains the connection and is responsible for controlling ports and sessions. So when you connect to different servers around the world, they have ports that they have open that the connection go through, go through like ships. If you imagine it like that, I’m pretty sure that’s where it like ports came from and you have to connect to a specific port if you’re using a specific protocol because most ports are configured in a way like port 80 is http. But I could be completely wrong about that. But you get what I mean, like specific ports have different things that they go through and that control that layer controls where they’re going. We’ll ports on the sessions. The presentation layer, which is them six that ensures that the data is usable in a usable format and that’s where the encryption occurs or decryption occurs. So that’s that section, which is a very important section, especially with cybersecurity. And then the seventh layer, which is the top, is the application layer, and that’s the human computer interaction layer where the applications can access the network services. And the slow Loris is an application layer attack. So it’s that top layer where there’s like a human computer interaction.
New Speaker: So it completely ignores all the underneath layers and is purely there to attack the service of us being able to interface with a computer, or the sites?
Mitch: Yeah. So if you were trying to access a server that was suffering from a Slow Loris attack, you could, couldn’t even get past the seventh layer because there’d be no way of connecting to it. There’s no where there’s no way of accessing that network services.
New Speaker: Yeah. Okay. That’s cool.
Mitch: A little bit more detailed, but I’ll break down those levers for a definitive steps to a slow heart attack. I’ll break them down. The first is that the attacker opens multiple connections to the target server by sending multiple partial http request headers. Now they have to be partial because if that full it will come, it’ll come all go straight through. If it’s partial, that’s like the little bit that the computers go like, oh it’s just slow. The other half is being sent via Germany and it’s going to take some time coming in here so I’ll keep occupied. Open. The second, second step is the target then opens a thread for each incoming request with the intent of closing the thread once the connection is completed.
New Speaker: Okay. So that’s basically saying that if all the information does come through in the connection, does complete it’ll drop it straight away and an attempt to pick it back up later?
Mitch: Yeah, so the server that’s picking up these partial http requests has the intent of closing them once the connection is complete. But can’t because of the reasons. Normally if that connection takes too long with salvo will time out because you set these sort of like configurations and the policies like timeout policies, so it frees up threads for the next request. But to prevent that from happening and it timing out, the attacker will periodically send partial request headers to the target saying, in essence I’m still here, I’m just slow. Please wait for me. So then the fourth step is at the target server is never able to release any of the partial connections or waiting for the termination request and then once all the available threads are in, use the server unable to respond to anybody else and that’s it. Pretty much.
New Speaker: That’s very cool because, well first I don’t know much about this anyway, the thing that’s a very interesting way to go about it because as you say, it’s the, well this is the lazy man’s way to do it. You can do it as you’re doing stuff. It’s not too resource intensive and it’s also kind of half tricks the person whose website it might be that if they can get on that is not fully broke. Maybe that something’s just having a meltdown somewhere.
Mitch: Yeah. And my story that I have is up by, I kind of accidentally did this, this attack in my first year of university, we had to, for a programming module, there was a Raspberry Pi that was set up in the network that we had to connect to and get the data from or that we could then work on a, create a python script to parse through and get the information out and then use it. Problem being, is that the whole year, like I think there was like 75 of us were trying to connect this one Raspberry Pi and it only had I think two or three open connections that you could have at one time.
New Speaker: They really thought that through. .
Mitch: Yeah. Which was, I think they didn’t expect and expect people to be like constantly using it and I was trying to do my work. I was trying to automate it all so I could go from the start to the project to the end of the project in one in one in one setting to like do the eight different steps. It would move some data around, do this decryption thing, and then spit out what the secret message was at the end, which I really enjoyed. But the problem I was having is that I couldn’t run my, my script because other people were taking up the connections. So I wrote a python script, well actually I wrote two python scripts. I realized there was a much efficient way of doing it. Now by the time I was new to python, so I was like, okay, this is, this is what this will work. All it did was those two python scripts that you kicked one off. And then, oh no there’s full this full python script and they went rounds in like a circle. You have to think about this. So you kick the primary script off and then that activated two scripts that went up and connected and then it kept the connection open and then would close the connection and then switch to two other connections. And it would go round in like these two connection circles constantly taking all of the the threads for this Raspberry Pi. So no one else could get it to it…
New Speaker: But you could?
Mitch: But if I wanted to use it, I could pause the scripts and then get the information and then kick it off again. And realized now how utterly annoying they could have been for the other people in my course. . But yeah, it was, it was like there was some, it was like the first module that we had, there was a bunch of people in the course. A few of them were like better cybersecurity than others and had like knew how to nmap and scan servers and finds passwords cause that that’s what we, there was two servers and you had to find the password in the first over and take it in. Then a mock the second server. But what someone did was they used a hacking tool that’s quite well known to brute force attack, which means that you, you just fire words at the like the password box and see what sticks. Used this method to get in and find the password and he got told off privately then in front of everybody, they may have had to make a statement like what you had, what this person did and everybody knew who it was but it wasn’t said what this person did was illegal as he was doing it to a private server. So we’re now going to have a lecture about the laws of Cybersecurity and people signing ethic code saying they’re not going to break them. Cause it was pretty much summed up as like if we wanted to, we could go to the police, we have the information that we’ve got and we can get this guy arrested. On your course, because what he did was like broke many laws, like many data protection laws.
New Speaker: I was going to say but like get, if they didn’t say… If they asked them to do it but they didn’t say a way not to do it, that kind of gives him a free pass in that circumstance. But at the same time I understand why it really wouldn’t.
Mitch: I think most things are given with the assumption that you’re not going to break the law to do them at uni.
New Speaker: Yeah, that’s fair. . Very interesting though.
Mitch: I’m going to talk about some mitigations for these kind of attacks because there’s a few that people can use. So for Web servers that aren’t configured correctly and are vulnerable to a Slow Loris and othersort of DDOS attacks, there are kind of mitigation options that are available and they kind of like broken up into like three sort of sections. The first one is you can increase the server availability. Seems like a band aid to this situation cause you’re trying to outpace the person that’s attacking you so you, your sort of like gauging that the person attacking you can only take up 20 connections at once. So you up how much your server can take to 50 so you’ll always have 30 open. So there’s like there’ll be a cat and mouse with each, each like person in the situation and keep upping their resources until it gets stupid. The second one is you can a rate limit incoming requests. So you kind of like limit the maximum number of connections from a single IP address. So you would need what’s called kind of like a reverse proxy, which I’ll explain what proxies are not in the sense of like a proxy server, like a VPN Belica a different proxy bell. Explain what it is in a second. You can identify what the IP address and if it’s all coming from one, you can just cut that off so they can’t connect. Or, you can use like a cloud-based protection service, which is like security as a service like SAAS, which you kind of, everything goes through it. So you route all your connections through this cloud based service and they deal with everything like cloudflare for example. They’re, they’re a really good service provider for this kind of thing. And what will they does is you route the traffic through that before it gets to you. And then if anything seems amiss, they automatically pocket for you and tell you that something’s going down. So audio is a proxy. Well. Well it was a reverse proxy. So reverse proxy is the opposite to a forwarding proxy. So a forwarding proxy, which is…
New Speaker: Can i guess?
Mitch: Oh go for it. Go. Yes.
New Speaker: So the only kind of time I’ve ever used a proxy site, so I’m gunna guess it’s similar to that is when we are at school and you wants to play on miniclip and game websites during PC class, you go onto a website that would take you around the schools like blocker. So is a proxy something that will get you to the same destination via an alternate route to get you around some kind of security system?
Mitch: That is using a virtual private network. A VPN. And while that pretty much does is it creates sort of a hidden tunnel attempt through those servers, through those proxy servers. So what a proxy server, is it like, is a server that sits in front of a group of machines like you would have at your school. Like, so therefore wedding proxy at school was the one that stopped you from playing on the Games.
New Speaker: Okay. So it would block the path of the IP address from getting there?
Mitch: Yeah, pretty much. So when those computers make their requests to like sites and services on the Internet, the proxy server intercepts those requests and then communicates with the web servers on behalf of the clients, like a middle man. So it’s like that man in the middle attack apart from the man in the middle of this time is your forward proxy that you’ve installed. Yeah. So it goes something like…
New Speaker: Man in the middle prevention.
Mitch: Yeah. So it’s like using this like this back and forth that there’s constantly between the bad guys and good guys in there’s lot of copying like this. These forward proxies are like, yeah, a good man in the middle attack. So on the left side you have a user’s device such as like my home PC and then all that sort of the connections that I’m trying to make out to the Internet. They first go through a forward proxy, which sits as Iike a boundary between me and the Internet. And then that forward proxy then talks to the Internet and tries to get the information for me. And then what you can then do is on that forward proxy you can set up rules like block, anything that has games in the word and that kind of stuff.
Tom: Okay. That makes sense. It’s like an outpost PC almost?
Mitch: Yeah it’s like a bastion kind of thing. Well a bastion server is something different, but it’s kind of, it’s kind of like that. And the recent, like you said, reasons why you’d want this is if you say you an organization that wants to block access to certain content, you can set up if you want to protect your identity online. It’s a really good sort of situation. Say a lot of these things are like if, if you live in a place where your government, it can impose serious consequences for political dissidents like criticizing the government in web forums or on social media. If you had a web proxy or forward proxy, you could hide your IP address as, it wouldn’t be the IP address of your machine because it’s going through a forward proxy and you Could Ping it’s elsewhere before it gets, so they won’t be able to track you.
New Speaker: And also it’s fantastic if you want to watch American Netflix, but you’re not in America.
Mitch: So that again, that is a VPN. And not a forward proxy .
New Speaker: Ah yeah damn it .
Mitch: I’ll talk… A VPN is a virtual private network is essentially your configuring a network to look like a LAN that connects all the way to America. So your Internet connection, instead of going anywhere first we’ll connect straight, it has to go via places, but where it spits out will be America and then, well essentially, yeah, it’s like a, it’s like a forward proxy, but your Ford proxy instead of being at your perimeter of your network is in America. So any, any, any internet things that connect to that forward proxy in America goes through that American forward proxy. So it thinks it’s there. So it would work. So if you’re trying to create like get to American Netflix, if you went through that it would work. So it’s a way of avoiding institutional restrictions, government restrictions, that kind of thing. And good for protecting. But that’s not what you use to protect against Slow Loris attacks is you use a reverse proxy, which is this same idea but completely reversed.
New Speaker: So instead of going outgoing, it works on incoming traffic.
Mitch: Yeah. So a forward proxy is kind of like use it if your the user side, a reverse proxy is if you’re the server side, so you switch is connected you first. So a reverse proxy is a sower that sits in front of, or one or more of your web servers and intercepts the requirement requests from clients in that kind of like situation. So it’s like, imagine a bouncer in front of a club is essentially is a reverse proxy and you have users that will say like try and get in. And I’d be like, Whoa, Whoa, whoa. Where are you from? Who? Who is you? . And do you have associations? Like, do you have any ID? Is I one of you? Is there many of you I can only let in one of you from one of that IP address. Okay. And it’s pretty much like the exact same as a forward proxy but flipped on its head on the serverside. It can benefit this over in like a few different ways. So normally if you’ve got one reverse proxy and you’ve got multiple servers behind it, you can use load balancing. So what happens is with like a DDOS, you’re chucking all your sort of resources at one server. But if you’ve got a reverse proxy in front affair, which has load balancing on it, it can split like the resources that it needs to multiple servers to balance the load of the requests. So it would take so much more resources to DDOS it because it’s like like a smart way of designating where traffic’s going.
Tom: Almost too much. The single person might be able to have to carry out the attack.
Mitch: It protects from attacks. Obviously, this is what we’re talking about, but in a way that all the original servers and you find this a lot in education come like I’ve just had to my placement from a years like I’ve been, I’ve seen some of this is that it hides the IP address behind the server. So if, if you’re attacking, normally you attack an IP address directly is a lot more efficient. But if you’re hiding behind a reverse proxy is a lot more difficult to find the IP address because all, all data is rooted into that reverse proxy.
New Speaker: Okay. So you wouldn’t be able to target specifically a bit of a more general?
Mitch: Yeah. So you pretty much just like, oh, fire out that reverse proxy and we’ll see what happens. Caching is a thing that you can do with reverse proxies. So it’s a faster performance, which a lot of people like. Well, just from a user point of view is what they need, it means that you’re not having to constantly like update it, like sits there and has like the data on it or a bit of the data on it. So if someone is wanting to create a quick request, it can just Ping, ping it back pretty quickly. And finally you can have SSL encryption with it, a secure socket layers, which is a, a standard security technology for establishing it an encryption link between the web server and the browser, which with a reverse proxy you can set up, which gives an extra layer of communication security as the communication between those two points is encrypted. So you can’t see what’s being sent.
New Speaker: There’s like, like a shield protection for what you’re sending out the information.
Mitch: Yeah, it’s like a, in a funny way, it’s like a bubble machine. So you get, you get your information and you throw it at your reverse proxy and the reverse proxy goes, oh ha, bubbles it right. And protects it, messes it up a bit, and then sends it on.
New Speaker: Okay. Sothen reconfigures it back and the other side or?
Mitch: Yeah, and it’ll send, I’m not getting into public keys and private keys and how decryption works, but yeah, that’ll, it’ll send it with a, with a key. And then the person on the other end who’s got the correct half of their key can decrypt it.
New Speaker: Okay. Wow. Interesting insight into cyber security right there. Would I be able to take your course now? .
Mitch: . No.Sadly as there’s a lot where this is like was one modulation. This is this. This is two different sections from two different modules, essentially. So you got cyber security fundamentals in here but then application layers and stuff is another, another module.
New Speaker: It’s like I have absolutely zero clue how this kind of stuff works so when I see that my page is timed out I’m just sat there like kill me now. But now I know why.
Mitch: Yeah, so there can be a range of range of reasons. If you, if you want to find out properly why your connections knock on through. There’s programs like Wireshark, which is heavily used in the cybersecurity field that you started running and it records a network logs to from the connection. And then in that you’ll see like the thing that I talked about earlier is like sin Synak which is like sending requests, acknowledgement, that kind of stuff. But it will send back if what sort of error is, so http has a like, like a 500 or 400 or 404 eror which you’ve probably seen before a 404 error which is like page not found. There’s lot of those like from zero to 500 there’s different designations so you can work out why your page isn’t loaded. So if it comes back with like a 500 error, I think that’s like a, an internal error. Something’s broken inside their server and that’s the reason why you can’t connect.
New Speaker: Nice. The one you want isn’t like one is like the best thing you want to see and 500 is like the thing you want to see least?
Mitch: Yeah. If, if it starts with a one, it’s like information. If it starts with the two it’s successful. Three is, it’s been redirected four is there’s a client error owned, five is a server error. So 404 is not found. 401 is unauthorized. 304 is like re direction. That’s not been modified. 200 is okay. So if you have 200 come up in your status code like cool, it’s gone through there. Okay, cool. But if you yeah, if you see a bunch of five hundreds that means like if you see everything 500-ing in your, like your Wireshark log, it means like there could be a DDOS attack company.
New Speaker: Noice. Exactly what you want to see. .
Mitch: Yeah. Yeah. With dosses and DDOS attacks mostly nowadays are used as a smoke screen. So they’re, their intention won’t just be to take someone down. It will be as a, hey look, look at what’s happening over here. I’m doing something over here when you’ve got something else like coming like around something else. So what can someone can do is they can like pile in all their processing so everything gets taken down and then sort of implant something. So when the server reboots it reboots with say a backdoor open or they’ve installed something. So when it gonna reboots and go through their configuration files then allows their IP address in. So there’s, there’s lots of like smoke and mirrors going on with behind these kinds of attacks.
New Speaker: Okay. Well if I ever build a website and have to take care of it, I’m going to get someone to handle all that for me.
Mitch: Yeah, like trying to do it yourself is always like normally what I try and do. But to a certain level when it’s a very serious thing, you want a professional to do it. There’s a lot of configuration. Some things can easily go wrong. Like I recently was part of a project to update servers. I didn’t really realize how much effort and configuring needs to go into like updating the, like the most simple servers. So it really is worth gang like a professional to do it.
New Speaker: All right. Well that is kind of all we have time for. To be honest.
Mitch: Yea I’ve just realized I’ve spoken for 40 minutes straight about computer stuff .
New Speaker: Welcome to, this actually wasn’t a variety episode. This was Mitch’s computer corner episode.
Mitch: The Mitchell cybersecurity spin off corner, a new podcast series that we’re starting .
New Speaker: . For the sake of variety. I’m gonna speak about at least one more thing. See how long it takes. We are kind of planning for this to have a mid season break anyway, so if this is a bit longer, I’m not too upset with that. So we kind of ask a lot of the space things on this podcast and I’m very interested in it and I know we’ve been talking about space travel a little. Then I was wondering how far could we actually travel. So I started, that was my question for this little section is how far could humanity travel? And so firstly, let’s make the assumption that, the very unlikely assumption that we’re going to make it for another thousand years or millions of years, even into the future, I know it’s unrealistic, but bear with me. So as you know, the basic structure of the universe, you have the solar system, and then you have lots of solar systems, make galaxies. Ours is the Milky Way. Then lots of galaxies together make what’s called a local group. In our local group we have the Milky Way, the Andromeda and 50 dwarf galaxies. Then you have lots of local groups make up superclusters our local supercluster is the Laniakea supercluster. And then above that you have all the thousands of superclusters that make up the observable universe. Out of those groups, the galaxy, the local group, the supercluster or the observable universe, how far do you think you’d be, we’d be able to travel across?
Mitch: Um you know what, I have no idea.
New Speaker: So humans will never ever get beyond our local group. We are limited to a hundred billionth of a percent of the observable universe, which is kind of scary, but I mean, we’re kind of stuck on this planet for now anyway, so it doesn’t make too much sense to dream big. So we know the galaxy is expanding. Always has been. Always kind of seems like it will be and is accelerating in that expansion and each local group, so us Andromeda and the 50 other dwarf galaxies and everything in between are bound together by gravity very loosely. And other local groups are bound together very loosely by gravity. But these local groups are moving away from each other at speeds that are close to the speed of light, which means even if we left our local group and went to the next one, even the closest one it would take thousands and thousands of years of flight and we would just never actually get there. So we are forever bound to stay within this local group and all the stars in our galaxies and our local group in Andromeda and the 50 dwarf galaxies will eventually smash together and form one massive elliptical galaxy called the Milkdromeda very inventive as we know physicists are with their names…
Mitch: I prefer Andraway. .
Tom: Oh, Andraway. Yeah.
Mitch: Like it’s a road . Like it’s a by-road.
New Speaker: . I’m just gonna stop by Andraway. But this well, it’s both. Okay. Is very cool to know that, okay, we at least we have, you know, another galaxy and 50 dwarf galaxies to go, you know, look at. But future astronomists and cosmologists will look out from wherever they are and see nothing other than what is in our local group. So imagine looking at the stars, looking out at the sky at night and seeing 1% of the stars that are there now and knowing that they’re all within side the same galaxy, maybe even by that point. So it means they will not be able to look at the sky and measure that distance stars are moving away from them in other local groups, they will not have the constellations that we have. They will not have the cosmic background radiation. They will, it’ll be impossible for them to measure and understand the universe as we do today because they just simply won’t be able to measure it. They won’t know that the universe expanded. They won’t know about the big bang, anything like that. So this made me think of a few things. What if that’s already happened to some level? What if there’s stuff that we can’t measure now, so, and we’ll never be able to measure it because it’s already been lost in the 13.8 billion years the universe has been around. So maybe there are some stuff we’ll never understand because it’s come and gone and will only ever be able to speculate. Secondly, if we’re in this kind of golden age of cosmology, which obviously will go on for a few more million years, we kind of have the responsibility to understand it. You know, it comes on to the life thing we were talking about last week. Also, I kind of had this funny image. I have really weird daydreams and they’re quite vivid. I can imagine like a almost Doctor Who style, I think they, this was an episode of Doctor Who actually were like, they have like a planetary gathering and watch the last stars fade out as they know. They’ll never be seen again by the rest of their species. Was there doctor who episode where they lie. They watched like the stars go out? Or no they watched the earth die.
Mitch: Yeah, watched the Earth die from space. And then weird things happened.
New Speaker: Yeah, of course weird things happened.
Mitch: They also do go to the end of the universe.
New Speaker: Okay. Yeah, I didn’t make that up. And then this is another reason for you to read the foundation and if I can find it, I’m going to bring it over to your house because absolute fantastic book. But what if in the future, obviously they’ll only have our records of the space expanding and pictures of space and all of that, what if in the future science or the expansion of the universe becomes some sort of religion? Can you see like, because they have all this information, it’s kind of like the original Planet of the Apes, you know, they have all this from the previous spoilers but the film’s been out 50 years from the previous civilization, but they won’t know where it’s come from. Like the, the people in the community. So they in science may well become this religion that people maybe even stopped believing in.
Mitch: If they can’t prove it then yeah, I guess cause they would.
New Speaker: Cause they would have no way of proving it and they could just say, well the government’s made it all up.
Mitch: Yeah. For certain things I would say, yeah, probably if you can’t prove like space stuff, but you can’t say like, all science. Because you can prove like poles shifting, like compasses and things like that sort of stuff. Yeah.
New Speaker: Yeah, like physics may may become like a old fashioned and they, they wouldn’t think, oh well in terms of space yet correctly as you say. And that’s a really interesting thing to think about if not scary. I’d also, oh, I have lots. I have so much that I researched here, but no way we’re gonna be able to get into it. One more thing that is very funny, I’m not going to explain in full detail, but it’s too funny not to, don’t put in. Ever since the sixties really has been debated whether dinosaurs actually aquatic. Have you heard of this?
New Speaker: Recently a paper came out about the T-rex being more of like an alligator rather than a terrestrial animal. This was because you know they have shortened forelimbs, which don’t make sense if it was a terrestrial animal because if you look at elephants, rhinos and all of the other dinosaurs, all of their limbs are load bearing and the evolution pressure is against the shortening of the limbs. So it wouldn’t make sense in that like scenario. Also if the animals were bipedal, the weight would be so much that you would expect them to sink in mud. Whereas we’re looking at their fossils and they, it doesn’t look like they have sunk that far. And also the nostrils are on the top of a flat head, much like an alligator or a crocodile. It’s a very sort of similar structure. Now there is actually tons of counter evidence for this, but I got sucked into this because it’s such a heated debate that paleontologists and biologists all over the world write articles, throwing shade at each other. Yeah, and I’ll send you some after the show, but they are absolutely hilarious. So this one guy, the most famous one for saying that the t rex was aquatic was called Dr. Ford. I think Mr. Ford, something like that. And what it is like, I’m going to say arch nemesis paleontologist like secretly goes to his seminars just to like slate him and he just writes articles every time he goes to a seminar. And I’ve got a couple of quotes which are, they just have me absolutely crying. So he absolutely just threw Ford under the bus because he says, you know, they’re not water adapted because you would expect them to have web fee to see where and a lot of the sauropod bones, 89% air, meaning if they were in water, they would just float, tip over and drown also from the teeth and the isotope analysis taken from their teeth. We can see that they ate terrestrial based plants and yeah, so basically that’s a very quick rundown of why they are actually terrestrial and it’s a load of . But it was interesting to run into anyway. However, some quotes that I’ve taken out, let’s see, via bizarre and unexpected circumstances. I recently found myself secretly and furtively attending a lecture by Brian J. Ford, alas, I was specifically invited to produce a response and eventually decided is damaged limitation exercise to do so. So he basically complaining that he had to attend a lecture because this guy is so awful at spreading misinformation that he was required to produce damage, limitation response for the rest of the world. And Ford, who the guy who says the animal dinosaurs are water-based, gets such hate mail from the other paleontologists that he’s been, like death threatened. And he said in the middle of a seminar how surprised he was at the venomosity and the aggression contained in the Paleontological community because he just gets hated on every single day in, in the mail, in emails. He gets phone calls just telling him what he is. UI was just going through some of these articles that absolute tears because you read one article and you’ll go to the next one and you’ll see these paleontologists just bickering at each other. It’s such a weird like scenario, like society in science… It just made me laught to be honest. I’m just imagining all these old men that look like, is it Richard Hammond from Jurassic Park? But that was his character. Yeah. I would imagine loads of them sat at their computer just like emailing each other like death threats and stuff. UOh that was a funny image for me.
Mitch: So I now know how to like trigger a group of paleontologists if I ever need to.
New Speaker: Yeah. If you find any at uni just walked past in, drop the phrase sauropods or aquatic changed my mind and then just run away and just watch them descend into a, yeah, whatever it is. But yeah, I’ll link some articles cause they’re there actually… I had an interesting read anyway, another two hours wasted online. I was also going to talk about the anthropic principle. Do you know what that is?
Mitch: Not named like that.
New Speaker: I’m not going to talk about it cause it would take me literally half an hour to explain a bit about string theory and the multiverse and everything like that. Basically the anthropic principle states that why do we exist in a universe that is so finely tuned to our needs. And the reason for that is because consciousness has to arise to perceive it. And it basically goes through string theory and the multiverse and everything like that. But obviously I don’t have time to go through that. However, that would be something very interesting to debate on a, on a two person show.
Mitch: Yeah it would be indeed cause yeah…
New Speaker: Okay. I’ll save that for I’ll say that for our first episode back after the after our mid season break.
Mitch: Well, mid season slash going back to uni break. Cause you know there is a reason for, I don’t want to be like we’re just stopping for a mid-season break. We are both moving back to uni for some reason or other.
New Speaker: Yeah. I’m actually moving country technically.
Mitch: Oh yeah you’re going… You’re gonna up north.
Tom: Yeah. I’m going north of the wall. So I’m actually technically moving country, but I guess not, but…
Mitch: I’m just just popping up the coast is all I am.
New Speaker: Give us a couple weeks to get things sorted. But we will be back and I’m sure the response will be overwhelming again. We’ll have so many questions to answer when we come back.
Mitch: I’m sure there’ll be an outcry for why there isn’t an episode next week. It’ll all just come flooding in. .
New Speaker: I know . Well, we amuse ourselves at least, but yeah, so I know we’ve done a bit longer episode this week depending how the editing goes. It may end up being a bit lot shorter than it is now, but yeah. Thank you for joining us and especially over the past, what, 15…14 weeks is it now? It’s been a while. It’s been a long journey actually. Yeah, I’m a good time to reflect on what we’ve done. I’m very excited with how lots of these episodes have turned out and it’s very interesting work.
Mitch: And the kind of response that you’ve got from some of the episodes and what some episodes which have done better than others. Yeah, it gives a good indication of from what’s going on.
New Speaker: Yeah, exactly. And considering, I mean this is the first time I’ve done any podcasting and editing and anything like that. It’s a good learning experience and we’re nearly at like 600 views now. I think so that’s a, that’s pretty cool to be honest. So thank you to everyone out there who is listening, sharing, liking, commenting and all the good stuff.
Mitch: It’ll all counts, so thank you for that.
New Speaker: Yeah, massively, absolutely, massively. But thank you guys for listening. That is all we have time for this week. If you want to check out all the latest goings on, you can head to conductscience.com you can find us on Facebook and Twitter by searching @conductscience. If you’d like to get in touch with us over this break, we will still be building attention to the #ConductScience on Twitter. So yeah, please do that. If you want to get in touch, ask a question, suggest a guest, anything, just have a conversation. That’s what this show is all about. On Friday, I am releasing The Method Section. What happens when we get to Mars? We’re going to be covering laws, like what flag do they have? The mental health effects of going out there, being the first people there and everything. That kind of follows that. Yeah, but as I say, next week we’re going to be taking one or two weeks mid-season break and yeah, we’ll come back with an episode after. Thank you very much for listening. We’ll see you guyyssss… A-Next tiiiiiime.
Mitch: Ciao for now.