Slashdot Mirror

"Why Most Published Research Findings Are False"
John P. A. Ioannidis

https://www.ncbi.nlm.nih.gov/p...

Further reading:

"There is increasing concern that most current published research findings are false. The probability that a research claim is true may depend on study power and bias, the number of other studies on the same question, and, importantly, the ratio of true to no relationships among the relationships probed in each scientific field. In this framework, a research finding is less likely to be true when the studies conducted in a field are smaller; when effect sizes are smaller; when there is a greater number and lesser preselection of tested relationships; where there is greater flexibility in designs, definitions, outcomes, and analytical modes; when there is greater financial and other interest and prejudice; and when more teams are involved in a scientific field in chase of statistical significance. Simulations show that for most study designs and settings, it is more likely for a research claim to be false than true. Moreover, for many current scientific fields, claimed research findings may often be simply accurate measures of the prevailing bias".
- Dr John Ioannidis (“Why Most Published Research Findings Are False”) August 30, 2005 http://journals.plos.org/plosm...

"It is simply no longer possible to believe much of the clinical research that is published, or to rely on the judgment of trusted physicians or authoritative medical guidelines. I take no pleasure in this conclusion, which I reached slowly and reluctantly over my two decades as an editor of The New England Journal of Medicine".
- Dr. Marcia Angell, New York Review of Books January 15, 2009. http://www.nybooks.com/article...

"The case against science is straightforward: much of the scientific literature, perhaps half, may simply be untrue.
Afflicted by studies with small sample sizes, tiny effects, invalid exploratory analyses, and flagrant conflicts of interest, together with an obsession for pursuing fashionable trends of dubious importance, science has taken a turn towards darkness".
- Richard Horton, Editor, “The Lancet” April 11th 2015 http://www.thelancet.com/pdfs/...

"Scientists these days, especially but not only in such blatantly corrupt fields as pharmaceutical research, face a lose-lose choice between basing their own investigations on invalid studies, on the one hand, or having to distrust any experimental results they don’t replicate themselves, on the other. Meanwhile the consumers of the products of scientific research—yes, that would be all of us—have to contend with the fact that we have no way of knowing whether any given claim about the result of research is the product of valid science or not".
- John Michael Greer
http://thearchdruidreport.blog...

Vinyl obviously can only be used in stationary systems.

I beg to differ!

I assume you're referring to Apple's iVinyl player?

https://www.youtube.com/watch?v=12bZiWf6zZc

Vinyl obviously can only be used in stationary systems.

I beg to differ!

https://www.reddit.com/r/TheRe...

https://pukeko.net.nz/blog/201...

https://voxday.blogspot.co.uk/...

Then you weren't looking hard enough.

Naked Japanese Orchestra plays The Nutcracker march

I didn't know this was done. To expand on the parent, here's a link to an article as to why venting for fuel is done, with the photos.

https://sattrackcam.blogspot.c...

Chinese companies just put in backdoors for the Chinese government, organised crime, your Chinese competitors and so on.

https://thehackernews.com/2015...

http://www.zdnet.com/article/f...

http://www.securityweek.com/ap...

http://www.businessinsider.com...

https://tvnewswatch.blogspot.c...

Spectre is a red herring - there is no known way it can be exploited.

Google has exploited it. Look at Google Project Zero's write-up of these bugs. Spectre corresponds to "Variant 1 and Variant 2" in that blog post. You'll see that they successfuly exploit both, the second from a KVM guest.

It is true that Google cheat a little here, by using Linux's eBPF JIT engine (which, I hear, is normally disabled by default). From the blog post:

To be able to actually use this behavior for an attack, an attacker needs to be able to cause the execution of such a vulnerable code pattern in the targeted context with an out-of-bounds index. For this, the vulnerable code pattern must either be present in existing code, or there must be an interpreter or JIT engine that can be used to generate the vulnerable code pattern. So far, we have not actually identified any existing, exploitable instances of the vulnerable code pattern; the PoC for leaking kernel memory using variant 1 uses the eBPF interpreter or the eBPF JIT engine, which are built into the kernel and accessible to normal users.

No they haven't been exploited, they have been proven. There is still nothing really useful gathered from using it that makes it a security risk.

Spectre is a red herring - there is no known way it can be exploited.

Google has exploited it. Look at Google Project Zero's write-up of these bugs. Spectre corresponds to "Variant 1 and Variant 2" in that blog post. You'll see that they successfuly exploit both, the second from a KVM guest.

It is true that Google cheat a little here, by using Linux's eBPF JIT engine (which, I hear, is normally disabled by default). From the blog post:

To be able to actually use this behavior for an attack, an attacker needs to be able to cause the execution of such a vulnerable code pattern in the targeted context with an out-of-bounds index. For this, the vulnerable code pattern must either be present in existing code, or there must be an interpreter or JIT engine that can be used to generate the vulnerable code pattern. So far, we have not actually identified any existing, exploitable instances of the vulnerable code pattern; the PoC for leaking kernel memory using variant 1 uses the eBPF interpreter or the eBPF JIT engine, which are built into the kernel and accessible to normal users.

Whoops, wrong link. I meant this one: https://googleprojectzero.blog...

There:

https://commandcenter.blogspot...

Basically he's throwing a bit of a strop because C++ programmers didn't flock to go.

EU is just as capable as Turkey at controlling their border so if Turkey tried EU would just close the border to Turkey and then Turkey is fucked.

EU countries all signed up to the ECHR which says

1) They can't just shoot migrants arriving

2) They're not allowed to return them because that would violate the principle of 'non-refoulement'

https://eulawanalysis.blogspot...

Basically, the dogmatic point of departure is simple: the EU principle of non-refoulement is anchored in Article 19(2) of the Charter of Fundamental Rights of the EU, which contains a prohibition to remove, expel or extradite any person to a State where there is a serious risk that he or she would be subjected to the death penalty, torture or other inhuman or degrading treatment or punishment. The Charter should govern the uniform interpretation of the principle of non-refoulement in Union law, both in the Treaties and in secondary legislation (like the Returns Directive and the Qualification Directive). As the prohibition of refoulement is absolute in the ECHR, it should universally be interpreted to be absolute regardless of the legal context of EU law in which it appears. Article 19(2) of the Charter corresponds to Article 3 ECHR, and so must be interpreted the same way (Article 52(3) of the Charter). See the ECtHR ruling in Chahal, and more case law in Kees Wouters, International Legal Standards for the Protection from Refoulement, Intersentia, 2009, p. 307 - 314. The Court of Justice has recognized the absolute nature of the rule in its judgment in Aranyosi (paras 85-87).

https://www.hrw.org/news/2014/...

https://www.yahoo.com/news/eu-...

3) Inside the EU the migrants can claim asylum and even if they are refused they're unlikely to be deported

https://www.express.co.uk/news...

4) The numbers of asylum seekers who are likely to find work is minimal. Of the million plus migrants who arrived in 2016 only 54 found a job

http://www.breitbart.com/londo...

In a survey by the Frankfurter Allgemeiner Zeitung, however, most of the top 30 companies on the German stock exchange (DAX) said they were unable to employ any of the new arrivals. The companies said migrants lacked the necessary qualifications needed to fill any of their roles.

Although the companies surveyed employ four million workers, FAZ reported that between them, they had only hired 54 migrants.

Fifty of these are employed by the German post office, and the vast majority of top German companies hired none at all. Software giant SAP reported having two migrants working for them, and pharmaceutical manufacturer Merck also said they had hired two.

I.e. if Turkey or Libya open the floodgates then there's nothing the EU can do legally to stop large numbers of people being dependent on benefits in the EU indefinitely.

"2017 seems to have had an unusually rich supply of software flaws that fouled up major products -- from Twitter to iOS 11 to the Google Pixel 2 .. Google's Play Services software for Android ..

Something missing from that story, just on the tip of my tongue, is it any wonder this has become known as the Microsoft Slashdot.

Two Bytes to $951M

https://warnewsupdates.blogspo...

Perhaps he should take a look at the Dr Who Fan Orchestra and try something like that http://doctorwhofanorchestra.b...

Having to slice the adhesive securing the screen to the housing, remove the power supply, hard drive, and fan, and tilt out the logic board to swap memory modules isn't exactly user-friendly. It still gets only a 3/10 for repair-ability.

Reminds me of the guy who upgraded the SSD in his Surface Pro 3 by cutting a SDD sized hole in the metal case with a Dremel based on pictures he'd seen of a teardown. The SP3 has a standard upgradable SSD, but it wasn't exactly user friendly either.

http://surfacepro3ssdupgrade.b...

these awful cutbacks

The ones that include continually rising NHS spending, even in real terms? https://www.kingsfund.org.uk/p...

Is that why wards, services and even hospitals are being cut to ribbons all over?

These are the 19 hospitals, including five major acute hospitals, that are marked for closure as the NHS faces its biggest shake up in a generation to plug a £22bn black hole in funding, according to an investigation by i.

Acute hospitals closing or at risk of closure:
:: South West London – one of five sites proposed to close – St Helier, St George’s, Epsom, Croydon, Kingston
:: North West London – future of Ealing Hospital in doubt
:: Leicestershire – one of three acute hospital sites proposed to close
:: Black Country – merger of two general hospitals to a single site
:: Dorset – merger of Royal Bournemouth and Poole Hospital Community hospitals facing closure or redesignation:
:: Alston, Cumbria **
:: Maryport, Cumbria **
:: Wigton, Cumbria **
:: Hinkley and District Hospital, Leicestershire
:: Rutland Memorial Hospital, Leicestershire
:: Bolsover Local Hospital, Derbyshire
:: Newholme Hospital, Derbyshire
:: St Leonards, Dorset
:: Alderney, Dorset :: Westhaven, Dorset
:: Ashburton, Devon *
:: Bovey Tracey, Devon *
:: Dartmouth, Devon *
:: Paignton, Devon *
(* To be replaced by health and well-being centres) (** Closure of all beds under consideration)
Read more at: https://inews.co.uk/essentials...

And that's just the tip of it. The fact is the tories want it privatised, like they want everything privatised. They are dealing death by 1000 cuts (quite literally this time) by degrading services slowly and often enough that pretty soon health insurance will look like a good idea, then more and more people will get it to cover the short fall of the nhs, pretty soon gov can mandate everyone needs it to access nhs then the nhs is gone or exists in name only.

You only need to look at brexit, one of the big claims was the £350m a week for the nhs. Ok that was never a real pledge and no one actually expected them to get anything like that, but what happened? Oh, no new money at all for the nhs and here, have some more cuts. You can't believe a word the tories say, especially about funding public services.

If you want to vote tory fine, but at least have the fucking balls to admit that you're for cuts to hospitals, schools, services and everything else they can get their hands on. Don't insult the rest of us by pretending they do good things.

Can you take the tory challenge?

http://anotherangryvoice.blogs...

Oh I forgot this:

https://cluborlov.blogspot.co....

and this:

https://www.youtube.com/watch?...

That's cute, but have you heard about Russian propaganda about the US?

No, I haven't. What I have seen is a good deal of truthful facts and opinion about the US government and its policies. Some of it comes from Russia, some from Europe, some from the UK, Australia and Canada - and quite a lot of it comes from the USA itself.

Read the following (or as much of it as you can absorb) and see if what you learn is a little different from what the mainstream media are telling their audiences day after day.

http://russia-insider.com/en/o...
http://russia-insider.com/en/p...
http://www.strategic-culture.o...
http://www.paulcraigroberts.or...
http://awdnews.com/top-news/ru...
https://www.rt.com/news/387798...
http://michael-hudson.com/2017...
http://russia-insider.com/en/p...
http://kunstler.com/clusterfuc...
https://thearchdruidreport.blo...
https://irrussianality.wordpre...
http://johnhelmer.net/malaysia...
https://irrussianality.wordpre...

What I'm most curious about is why Slashdot is running a submission that links to this "BetaNews" site almost every day.

On March 31 this "BetaNews" site was linked to from two submissions, and on March 25 it was linked to from three!

The "BetaNews" articles really don't add anything of value, in my opinion. Often, like in this case, they just regurgitate the real announcement, and then add some useless filter babble around the quote they took from the original source.

Slashdot editors, please reconsider all of these submissions that link to "BetaNews". The quality just isn't sufficient, even by Slashdot's low standards. Remove the "BetaNews" links from such submissions, and just link to the original announcement or article instead. Or if you're too lazy to do that, just discard any submission that links to the "BetaNews" site.

I hope you mean the Guardian article not the Science article? I think that although we presented this pretty liberally we were also pretty open minded and clear about the fact that language communicates all associations, learning the associations is called "bias" in ML and bias is what you need, it's the signal you've found in all the noise of the universe. Read the Science paper? http://science.sciencemag.org/... Or otherwise, read the blog posts? https://joanna-bryson.blogspot...

There's all kinds of AI some of which is just programmed entirely by hand so can contain whatever its author wants, but anyway this was about science, about human language, not really about AI, and in this you are right -- sometimes science reflects things you don't want to see. https://joanna-bryson.blogspot...

I notice that nobody has bothered to try to rebut your statement, apparently they only want to suppress it. They have reasons for doing that, of course. The main one being, you're absolutely right.

The Diversity Tax

I've had them miss my car by an inch and I think what saved them was the slipstream created by the car.

Disregarding what you think happened, your observation is also compatible with the idea that birds are actually very good at judging distances and closing speeds and left themselves with whole inches of spare room when they only needed centimetres.

Let's put you and you your car into a comparable situation to a bird flying in a forest. Your car sprouts a wing about 5 times it's width (around 10 metres). The wing flaps up and down, so you need situational awareness of other vehicles, trees, branches and power lines overhead. Now drive through town at 30-50 km/hr. How far do you think you'd get before hitting something - and we haven't even added the issues of managing your aerodynamics to the mix. Or, indeed, of hunting for food. Or sex. Or food and sex. And then there are the predators - they really do want to eat your head. Or at least, your muscles.

Really, the number of birds that do get hit by traffic is remarkably low. The carnage that would result from humans taking to their flying cars in large numbers without some really powerful computer assistance would be hugely higher. Even without the predators. (Looks for story online ... doesn't seem to be online, but there is this review.)

I'm not sure that this really happened. However, in the 1980s we (myself and son) were messing around with Covox voice synthesis and input: http://nerdlypleasures.blogspo... of course, we did speculate about this. It was easily within the (rather limited) capabilities of the Covox products. Maybe this was the company?

Off-topic, we used it to read endless directory listings in a monotonous robotic voice. Those long winter evenings just flew by.

As the Bangladeshi hack revealed, SWIFT isn't vulnerable. What was hacked was the underlying Windows interface that allowed remote transactions and disabling of the Oracle database confirmation messages. The hack consisted of altering two bytes in a running Windows process.

That's a question of semantics, my friend. If an application runs on Windows and the underlying Windows is indeed vulnerable, then the application on top is vulnerable too. Maybe something really important like large money transfers shouldn't be running on Windows, but I can't say I'm surprised. I've got an IT support job that occasionally requires me to get with customer IT departments and a significant amount of our customers are still Windows only shops and they honestly don't know how to work with anything else.

"The messaging network in a Nov. 2 letter seen by Reuters warned banks of the escalating threat to their systems, according to the SWIFT letter. The attacks and new hacking tactics underscore the continuing vulnerability of the SWIFT messaging network"

As the Bangladeshi hack revealed, SWIFT isn't vulnerable. What was hacked was the underlying Windows interface that allowed remote transactions and disabling of the Oracle database confirmation messages. The hack consisted of altering two bytes in a running Windows process.

"some bank officials had knowingly created vulnerabilities in the bank's connection to the SWIFT system, used for global transactions."

I thought the vulnerabilities were introduced by emailing them malware that reprogrammed their Windows desktops to perform unauthrorzed transactions and prevented the Oracle database from printing out an acknowlegment of the transactions. The hack consisted of altering two bytes in a running Windows process.

Rob Pike is hardly a kid.

No, but he is astonishingly arrogant, see for example:

https://commandcenter.blogspot...

He even admits to not knowing C++ well yet comes to the conclusion that go is not all that popular among C++ programmers because it's too awesome and anyway C++ programmers totally suck amirite etc etc.

And you know what? Rob Pike will sink into obscurity long before Carl Linnaeus.

I think the first time I saw this in action was in The Dead Pool (the Dirty Harry movie, not Deadpool). It was just an RC car with explosives, but the only difference here is that the "drones" are capable of flight. I'm sure it's been done in other works of fiction as well.

It was done in real life during WW2. The drones were four engine B24 or B17 bombers packed with high explosives and crashed into high value targets. Pilots would fly the aircraft for takeoff, bail out, and the drone would be radio controlled with the help of primitive TVs from another aircraft.

The Germans had remote controlled weapons in WW2, the 'Mistel' being the most famous. It was intended mainly as an anti-ship weapon to be used against Allied shipping mainly in the English Channel and North Sea.

The Mistel weapons that actually saw deployment and use consisted of either the Focke-Wulf FW-190 A-8 or F-8 model or Bf-109 F-4 model single-engine fighter (stripped of weapons and loaded with control equipment) attached by explosive bolts atop a twin-engine Junkers Ju-88 A-4 or G-1 model bomber modified for control-by-wire and loaded with a specially-designed, shaped-charge warhead weighing close to two tons.

Control inputs to the released Ju-88 by the pilot in the fighter aircraft were transmitted by a set of very thin and long wires. The weapon proved not to be very effective as accuracy was an issue. The pilot must simultaneously fly his own aircraft (usually under heavy AAA fire) and guide the Ju-88 visually from his aircraft while staying within the range the control wires allow, which would be an extremely difficult task even for a seasoned pilot who is not under fire.

https://en.wikipedia.org/wiki/...

The Germans also used the 'Goliath' wire-controlled mobile mine on a set of small tracks in both electric and gasoline-powered versions.

https://en.wikipedia.org/wiki/...

I have to wonder if this story is being put out there as a part of government-directed PR/propaganda groundwork as a prelude to passing far more strict US consumer drone regulations in the near future.

Strat

The Nazi Germans also had glide bombs:

https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/...

Some of the Henschel bombs hand TV guidance and there was a B&V model under development that was radar homing.

The Allies had Glide bombs too most prominent being the American 'Aeronca' GB series and the Azon:

https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/...

However, the fun really started during WWI when the allies developed a primitive cruise missile and the Germans developed a wire guided gliding torpedo dropped from Zeppelin air ships and heavy bomber aircraft:

http://warnepieces.blogspot.co...
http://gizmodo.com/this-flying...

The cruise missile was a bit of a failure but the glide torpedo was tested and might have become a successful operational weapon.

The article neglected to mention that the SWIFT hack only works on an Oracle database running on top of Microsoft Windows and consisted of replacing two bytes in a running process.

Ash-Fox: is this you?

You'll probably prefer the pictures on this blog, more dynamic use of HDR and exposure effects.

'The malware enumerates all processes, and if a process has the module liboradb.dll loaded in it, it will patch 2 bytes in its memory at a specific offset. The patch will replace 2 bytes 0x75 and 0x04 with the bytes 0x90 and 0x90.'

He missed another, Whatsapp uses FreeBSD. Jan Koum even donated USD 1 million to the FreeBSD Foundation to thank them for all their work. https://freebsdfoundation.blog...

But the correlation in recent times between CO2 concentration and temperature changes just doesn't track very well.

Source for the figures you're basing that on?

Any "expert", upon seeing this amazing result, should quickly have realized it means both atmospheres must absorb the same fraction of the incident solar radiation, and be warmed only by that fraction.

Ah good, I see you're still pasting the same copypasta as before.

Now then, here's the thing...

Yes, given a sample size of 2 we've found a case where we have found a simple ratio that happens to match. Now, how does that prove there is a strong correlation between the single variable it's based on? Given a sample size of 2?

Next up the original author of that paragraph may not feel the need to even "consider albedo", but albedo is not some theoretical atmospheric model, it is an actual, measurable value. The total amount of electromagnetic radiation being scattered away from Venus has been measured to be 75%. The total amount of electromagnetic radiation being scattered away from Earth has been measured to be 30%. The fact that this radiation has been scattered away into space means that it, by definition, cannot be being absorbed by the atmosphere.

Now I can't see any answer to that in the post you're sourcing from, so you might have to actually answer that one yourself

Yeah about that....then WTF was it doing in a HOME OS, care to answer me that?

Because it's one distribution and the features are dictated by your license level.

Last I checked Windows Insiders are NOT testing Enterprise Products

They're also not testing that windowssubscription.exe yet there it is! How 'bout that.

remember "The Kinect is an integral part of the Xbox One, we can't just flip a switch" until they did exactly that?

They caved to public pressure and found a way to make it happen, yes it required some work and they couldnt' just "flip a switch" but they did that work and you're trying to paint that as a bad thing?! Apple said the same thing about deleting pre-installed apps, yet now they've backflipped. Hey they also said their products would never have a stylus, yet now they've backflipped. Microsoft said Linux was a cancer and now they've backflipped and started supporting and contributing to it.

Companies often say things and then later decide "hey that wasn't the best thing for our customers so we need to find a way around it". If they came out and said they were going to make all Windows versions subscription only would you believe them? Or would you say they were lying and going to backflip?

I'm sorry but this past year with all the underhanded shit we have seen with Win 10 has proven to just about everybody that they simply cannot be trusted anymore

Then switch to another operating system and be done with it. This "microsoft can't be trusted" rhetoric has been ongoing for the better part of the last 2 decades yet ultimately nobody cares.

BTW for those that want to lock in the "free upgrade" in case the hackers figure out a way to kill all the spying? Here is a tutorial on how to lock in the upgrade without actually installing win 10 which is a hell of a lot quicker than having to install then roll back to a decent version.

Holy fucking shit, on the one hand you're bitching about Microsoft not being able to be trusted and then on the other hand, instead of advocating for a non-Microsoft system like OSX or Linux or FreeBSD you're advocating a path to keep them on Microsoft products.

Yeah about that....then WTF was it doing in a HOME OS, care to answer me that? Last I checked Windows Insiders are NOT testing Enterprise Products, all the Insiders get is the Home/Pro version.

That's easy. It's one ISO. There's been a progression over the last few OS generations that one image is used for multiple different editions. You unlock Home/Pro/Enterprise by supplying the appropriate key. Same thing for many server products.

And please do not forget it won't have been the first time MSFT has lied to our faces, remember "The Kinect is an integral part of the Xbox One, we can't just flip a switch" until they did exactly that?

Something something Occam. Last week it's "this executable is regarding Enterprise subscriptions" and this week it's "hey, we're announcing Enterprise subscriptions", and you think it's more likely both events are evidence that Home/Pro is (in the immediate future) going subscription than they are... exactly what they are?

I repeat, there are marketing trends that are valid as evidence that Windows will at some point gain "value-add" software-as-a-disservice un-features. The ass-tonnes of money being made by O365 are pretty weighty, evidence-wise. There's a huge incentive. But the executable from last week and the announcement that Enterprise is now available on a monthly basis in addition to via Volume License subscriptions... not evidence that that end.

I'm sorry but this past year with all the underhanded shit we have seen with Win 10 has proven to just about everybody that they simply cannot be trusted anymore, hell they have made Windows Update into a risk because "no means no" is something nobody has taught to MSFT. The sad part is I NEVER thought I'd see the day where I would actually miss Steve Ballmer but Nutella and all his underhanded crap pushing Windows 10 makes me actually miss the big sweaty monkey.

New word: rantagraph. Thank you for inspiring me.

BTW for those that want to lock in the "free upgrade" in case the hackers figure out a way to kill all the spying? Here is a tutorial on how to lock in the upgrade without actually installing win 10 which is a hell of a lot quicker than having to install then roll back to a decent version.

"Like last week's "revelation" that the latest Win10 build includes some SUBSCRIPTIONTHING.EXE and folks like you coming out of the woodwork to say "I told you so", despite Microsoft very, very clearly explaining that the file had nothing to do with Pro/Home installs and was purely for Enterprise"

Yeah about that....then WTF was it doing in a HOME OS, care to answer me that? Last I checked Windows Insiders are NOT testing Enterprise Products, all the Insiders get is the Home/Pro version. And please do not forget it won't have been the first time MSFT has lied to our faces, remember "The Kinect is an integral part of the Xbox One, we can't just flip a switch" until they did exactly that?

I'm sorry but this past year with all the underhanded shit we have seen with Win 10 has proven to just about everybody that they simply cannot be trusted anymore, hell they have made Windows Update into a risk because "no means no" is something nobody has taught to MSFT. The sad part is I NEVER thought I'd see the day where I would actually miss Steve Ballmer but Nutella and all his underhanded crap pushing Windows 10 makes me actually miss the big sweaty monkey.

BTW for those that want to lock in the "free upgrade" in case the hackers figure out a way to kill all the spying? Here is a tutorial on how to lock in the upgrade without actually installing win 10 which is a hell of a lot quicker than having to install then roll back to a decent version.

Those attacks would not change the rules of the old network, which was my original point. Also, there is defense. However, even if that defense fails, then all that means is that the attacks will damage faith in both the old and new networks. After all, if the old network can be attacked successfully, who is to say the same thing won't happen to the new network in the future when there is another disagreement? This uncertainty lowers the value of bitcoin as a whole, which means these attacks would be suicidal from a financial perspective. So, the question isn't how evil they want to be; it's how much money they're willing to burn to destroy their own wealth.

It's useless if you don't have a data plan on your phone.

Google is actually letting you choose from several different methods including " tapping a Security Key, by entering a verification code sent to their phone or, starting today, by approving a prompt like the one below that will pop up on their phone." So they are not requiring a data connection.

Ref: http://googleappsupdates.blogs...

I like the current setup as it does not require my phone to have a data connection. Not everywhere I have a computer connected to the internet do I have wifi available. The app generating a code seems more flexible in my opinion.

Google is actually letting you choose from several different methods including " tapping a Security Key, by entering a verification code sent to their phone or, starting today, by approving a prompt like the one below that will pop up on their phone." So they are not requiring a data connection.

Ref: http://googleappsupdates.blogs...

Arguably the most stomach-churning food I've ever seen came from the Americans:- Pork brains in milk gravy (More here).

It's the pink-coloured "milk gravy" that makes this truly nauseating. :-6

I mean, really? And you have the nerve to get squeamish about haggis, FFS?!

Never mind the fact that hot dogs are probably as bad (in terms of what they contain) as haggis, if not far worse. Of course, *they* have the advantage of being ludicrously processed to the extent that there's no sign of their origins for ignorance-is-bliss Americans who like to argue about whether ketchup or mustard is the preferred topping for their sausageful of ground-to-atomic-size pigs' lips and assholes...

Pork brains in milk gravy, though? So far ahead of either in the retch-inducing stakes it's not even funny.

Windows 10 is just best http://usaalluniversity.blogsp...

Wouldn't be the first time some fraud was trying to rustle up some free publicity. Remember Ken Starks and his issues with Karen of AISD who banned Linux from the classroom. Thing is AISD had no knowlege of the issue: Linux - Stop holding our kids back

Currently Starks is having issues with the 'Taylor Housing Authority', as in 2013 they refused permission for Starks to site a computer in one of their housing projects citing a lack of appliance inspection. Last Feb they contacted Starks requesting 125 for their residents: Be Careful of What You Wish For...No, Seriously

Wouldn't be the first time some fraud was trying to rustle up some free publicity. Remember Ken Starks and his issues with Karen of AISD who banned Linux from the classroom. Thing is AISD had no knowlege of the issue: Linux - Stop holding our kids back

Currently Starks is having issues with the 'Taylor Housing Authority', as in 2013 they refused permission for Starks to site a computer in one of their housing projects citing a lack of appliance inspection. Last Feb they contacted Starks requesting 125 for their residents: Be Careful of What You Wish For...No, Seriously

Reminds me of IPoAC

I refer you to here and here and here.

128GB micro SD cards being available at around the $50 mark, now how many could a single pigeon carry?, how many could a flock of these flying rats then carry?

(Captcha: phoenix, almost weirdly appropriate (and fine if you like your media a wee bit on the toasty side..))

decrypt iphone

Android 4.3 introduced support for this kind of hardware secure key storage. There is some detail here: http://nelenkov.blogspot.co.uk... [blogspot.co.uk]

Better link, reflecting the massive improvements in M: https://source.android.com/sec...

Note that until L there was no relationship between disk encryption and the hardware-backed keystore. In L we added a dependency on the keystore, though I think it's still not quite where it should be (even in M). We'll continue improving it, obviously.

Are you saying that Android on Qualcomm SoCs that have secure storage don't use it?

They don't use it for this, exactly. The usey bits of it for master keys used to derive keys that are used for this. I don't believe there's any equivalent of a TPM that in QC SoCs that requires presentation of a certain hash (or sequences of hashes) in a PCM or similar to unlock a key in secure storage.

Because if they do use it then what you say about being able to update the bootloader, boot image, system image etc, is all irrelevant. Go ahead, replace any of them, the SoC isn't going to give up the master key unless you present it with the right hash, and there is nothing you can do to reduce the delay between attempts or the maximum number of attempts per power cycle.

Yeah, that would be awesome wouldn't it? Unfortunately, no. The secure storage you're talking about is just storage. The software that manages it runs on the main CPU, is loaded from flash, etc. Various ARM features are used to keep this all completely walled off from Android and the Linux kernel, and largely even from the trusted OS and applications that use it. But they're still all loaded from flash.

This is why TPM on computers is secure. Obviously you can boot any OS image you like, or flash the BIOS any time you like. It doesn't matter, the TPM has its own processor and isn't giving up that key until you give it the right hash.

Right. To really do this you need a separate secure processor that has its own storage and its own code... ideally code that physically cannot be updated, though that assumes the code is perfect, which is never true so some tradeoffs have to be made. Apple has done this, I believe, though I don't know the details, with their Secure Enclave chip. Samsung has done something with KNOX. Nexus has no equivalent, and neither do most Android devices.

One interesting side note: Since Intel doesn't have any equivalent of the ARM TrustZone, the typical implementation of the hardware-backed keystore on Intel devices is to actually use a TPM chip. That has some nice properties, though TPMs are fixed-function devices and so cannot implement the access controls added to the hardware-backed keystore feature set in M.

Wow. Thanks for that, it's quite incredible... Can you please clarify some things.

Many Android devices include secure storage. Looking at the documentation for the Qualcomm SoC, it includes such storage. Like a TPM chip, once locked it can't be unlocked without a code (typically a hash of a password) and enforces its own security in terms of the maximum attempt rate and refusing to allow more attempts after a number of failures.

Android 4.3 introduced support for this kind of hardware secure key storage. There is some detail here: http://nelenkov.blogspot.co.uk...

Are you saying that Android on Qualcomm SoCs that have secure storage don't use it? Because if they do use it then what you say about being able to update the bootloader, boot image, system image etc, is all irrelevant. Go ahead, replace any of them, the SoC isn't going to give up the master key unless you present it with the right hash, and there is nothing you can do to reduce the delay between attempts or the maximum number of attempts per power cycle.

This is why TPM on computers is secure. Obviously you can boot any OS image you like, or flash the BIOS any time you like. It doesn't matter, the TPM has its own processor and isn't giving up that key until you give it the right hash. Naturally the TPM's firmware is, in every case I've ever seen, burned into ROM.

http://lance7xx.blogspot.co.uk...

3rd hit on Googling "htop android"

Fear my Google-Fu.