What would you expect someone who works as a data scientist for a company which does mass mailing say? Sure, Mail Chimp isn't a spamming service (through requiring double-opt-in) but a central part of its service is including trackers in e-mail to check if you're opening it. I'd be more dubious if it was a data scientist from doubleclick, but not necessary much more.
Have you ever tried following a GPS based just on listening to it? It's much harder than you might think (although that probably depends on the specific GPS unit because of the varied detail of instructions).
They will benefit from Wikipedia adding H.264 support to the same extent everyone else will, because WebM and OGG will remain the reference formats, and content will be automatically transcoded.
It would certainly be advantageous for all devices to have WebM and OGG support, but not having H.264 on Wikipedia isn't going to strongarm Apple into supporting WebM and OGG.
I don't like proprietary formats, but when talking about automatic transcoding for device support it is something that I think is necessary and worthwhile.
A good idea, but the journal no longer appears to exist. Their old site is still hosted over at Hostgator. Well, maybe it is their old site. It contains 'Lorem ipsum' text. The last cache from Archive.org was September 2013.
Totally. Citation 1: a lot of people have been vaccinated Citation 2: it has cost lost of monies Citation 3: it cost the US some monies too Citation 4: oh, and some of Bill's monies also Citation 5: Rotary too Citation 6: new WHO name-and-shame policy Citation 7, 8: an acronym exists which no-one knows the origin of... Citation 22: Bill really, really wants polio gone. Seriously, he's been campaigning.... Citation 25: the first kind of relevant one to their claims, but doesn't actually seem to say what they say it does Citation 26: Provides alternative explanation for their interpretation of Citation 25 Citation 27-28: Don't actually speak to the possible relationship and vaccine at all, but rather say that NPAFP is more dangerous than polio (loosely) Citation 29: my personal favorite. Data which shows that in regions with number of doses, and cases of NPAFP. The winning characteristic is certainly that the claimed result is true, if you cherry-pick the regions for which it is true. i.e. if you look over all the regions and across times then you do find what they claim in two regions: the ones they present.
I'm winding it up there. The first of the 40 citations which is really relevant to the claimed connection between the vaccine and NPAFP is citation 29. Citations 31+ likewise appear to not actually lend any support to the claim of an association between the vaccine and NPAFP, but rather point out that India has high rates of NPAFP (which is consistent with some of these being caused by enteroviruses spread via the fecal-oral route).
In summary: the paper remains bollocks, and virtually all of the 40 citations actually have 3/8 of FA to do with supporting their claim.
It was an unrelated qualitative study, designed to "We conducted a qualitative research to explore care and support for children with AFP after their diagnosis."
I'm aware of that. I wasn't claiming that was the focus of the paper. The point was that the paper provided information about the coincident testing for NPAFP and vaccination, and thus the fact that they would occur together is not evidence for NPAFP causing NPAFP. Which would be why that quoted part didn't include such a claim and was on another line. Just for fun, though, we have non-polio enteroviruses detected in numerous stool samples of those experiencing AFP and such enteroviruses can be associated with NPAFP. Seems like an possible cause for some of those cases. There is also this article in 'The Hindi':
The non-polio AFP rate was not correlated with the number of oral vaccine doses that were administered, countered the WHO Country Office in its response. The largest number of oral vaccine doses given in India was in 2004, which had the lowest non-polio AFP rate in the last eight years. Moreover, although the number of oral vaccine doses given in the country had shown a continuous decline since 2007, the non-polio AFP rate had increased during the same period. In Bihar and U.P. too, there were similar trends of reduced oral vaccine doses and rising AFP rates during 2007-2011.
Maybe I'm not making this clear about the paper you're citing. It is a paper that makes big claims and provides no evidence. It's opinion. It's opinion, and an opinion that I have not seen replicated anywhere else, and that I have never seen supported by any other paper, ever. The comment to The Hindi by the WHO country office is in direct contradiction to the claims made in that paper (and for good reason: they were rebutting the paper).
Another interesting quote from the same paper [1] p. 116:
We have seen how polio, that was not a priority for public health in India, was made the target for attempted eradication with a token donation of $ 0.02 billion. The Government of India nally had to fund this hugely expensive programme, which cost the country 100 times more than the value of the initial grant.
It could have cost 40 bazillion times the value of the original grant, and that wouldn't make one iota of difference to the relationship between the polio vaccine and NPAFP.
So, the way it works is that Gates buys pharma stocks, then bribes few officials in India for $0.02 billion to make their country spend 100 times more on the program. Of course, the pharma makes big bucks not only on the vaccines, but far more on life-long "management" of the diseases they caused, all the while Bill's pharma stocks go up. Having been scammed of intellectual property by Microsoft in mid-1990s, I can see that Bill Gates hasn't changed his "ethics" one bit after moving into the "charity" business. It's same old Bill Gates.
And thus, he caught the bus to crazy-town.
NPAFP is a genuine problem, but it is a genuine problem that would be better addressed by addressing NPAFP rather than hanging off the words of one paper by two doctors in one country-specific medical ethics journal with no supporting evidence.
We are safe only as long as the virus does not mutate beyond our current vaccines...
(From my understand) a key part of making sure that it doesn't mutate is having everyone properly vaccinated. If people catch it and thus provide a place to replicate, it gives it more opportunity to mutate. That said, I'm not a virologist.
Yeah, I knew someone would bring up that one guy who wrote a paper in the Indian medical ethics journal which contained no data to substantiate the claims. Of course, you could look at another paper discussing polio vaccination and surveillance in India which says that "[t]he programme [of polio vaccination] includes surveillance of acute flaccid paralysis (AFP) to detect and diagnose cases of polio at early stage. Under this surveillance, over 40,000 cases of AFP are reported annually since 2007 regardless of the number of actual polio cases". Could it be that perhaps the correlation between vaccination and NPAFP was because the surveillance was part of the vaccination programme and the temporal relationship was not inherently vaccination -> NFAFP.
So maybe it is time to, as the paper suggests, move the fuck on.
Apparently a similar problem exists for motorcycle helmets, which led to things like the ATR-1 helmets being built. They basically have two different ways of absorbing force, one for low-energy impact and one for high-energy impact.
In summary (and partially concordant with the person I initially criticised): On a community-wide level, requiring people wear helmets may not reduce head injuries, but on an individual level if you are cycling and can add a helmet to your cycling without changing your behaviour, you are probably safer with the helmet.
(This requires a bit of reading into the paper, and a couple of assumptions: Assumptions are: drivers don't suddenly start being dickheads around you because you're wearing a helmet, and you don't start being a dickhead because you put on a helmet. If those two hold, then the case-control rather than community-wide studies are more applicable to the individual choosing whether or not to wear a helmet).
I'm not sure I communicated my position. I don't trust cyclehelmets.org, which I think is anti-mandatory-helmet-wearing, to present balanced information, in the same way I don't trust WUWT, which variously seems to deny either climate change or the anthropogenic aspect of climate change, depending on the line de jour. I absolutely acknowledge that car-cyclist collisions are only one of many types of serious accidents. I personally do wear a bicycle helmet, and have smashed up several helmets through: being hit by a car (x1), sliding on oil on the road (x2), catching on tram tracks (x2).
Mainly, what I was saying is that many of the arguments levelled against having mandatory helmet wearing (or indeed helmet-wearing at all) are not actually about the effectiveness of helmets per se, but about the supposed broader effects of wearing helmets. I also think they're mostly, though not universally, bullshit arguments.
I should point out: I'm in Victoria, Australia, which has both mandatory helmet wearing and mandatory seatbelt wearing. There is a bit of a movement in Victoria to eliminate the requirement to wear helmets, but it isn't one I care about either way.
I hate to say it, but my impression is that linking to http://cyclehelmets.org/ for issues of helmets is like linking to WUWT for issues on climate change. It has a particular position, and runs with it (whether that is intentional or not). They are by no means unique in this, and are also not the only position in the discussion to do it. That said: 1. Dumb cyclists will be dumb, and if someone rides less cautiously because they think a helmet will protect them they are dumb 2. Dumb drivers will be dumb, and if a driver is really driving less cautiously around a cyclist on the basis that a helmet will protect the cyclist they are not only dumb but outright dangeous 3. Crossing the threshold with 100% of the force is still probably going to be more damaging than crossing it with 50% of the force (if 50% is absorbed by the helmet) 4. And many are caused by non-rotational impacts, which helmets reduce 5. Dumb cyclists are dumb, and if the pool of cyclists is largely made up of dumb cyclists then that doesn't mean helmets reduce safety, just that if a bunch of less dumb cyclists were added to the pool they would dilute the apparent stupidity of the group overall. Not saying cyclists are stupid, but rather that the number of stupid cyclists is the same irrespective of whether it is 100 stupid cyclists in 101 total cyclists, or 100 stupid cyclists in 1000 total cyclists. 6. If #5 is in fact true (and there is little agreement on it) then this is true, and indeed having more cyclists on the road very likely does make it safer for all cyclists.
There in another arguments for not requiring helmets, also based on the idea that requiring helmets reduces the number of cyclists: even if helmets do reduce the likelihood of death or brain injury in an accident, the advantage of improvement in overall community health as a result of more cyclists offsets the disadvantage of a subset of these being dead or brain injured.
I don't expect people to even wait weeks. I just expect someone to make at least a modest effort to make sure his single email sent on a public holiday during a major holiday period was seen rather than making step 2 'contact newspaper'. If he had, in that week, emailed twice and called on the phone once and been ignored then contacting a newspaper prior to the problem being addresses wouldn't be so nuts, but that isn't what happened.
He hasn't been arrested. The company called the police. Big deal.
Now can we talk about 'responsible disclosure'? He was a kid, so it isn't surprising that he would go about some things in a bit of a silly way, but he identifies as a white hat so he really needs to get his head around it if he doesn't want to get arrested at some point in the future. What happened: 1. He e-mailed the company about the issue on boxing day, in the middle of the Christmas holiday period. Which e-mail address? (i.e. security, webmaster, customer support, who knows; writing content, who knows). 2. He didn't get a response for [i]more than a week[/i], so he contacted a newspaper 3. The newspaper contacted the company, gave them time to fix the problem, and then published. Publication was on 8/01/2014 - 14 days after the kid sent the original email.
Maybe I'm a bit odd, but in my head the step right after 'not receive response to e-mail that I sent about security problem in the middle of the holiday period' is not 'contact newspaper'. It is 'send another email, and specifically request a response when received and that it be forwarded onto IT staff'. Followed by 'make a phone call to customer support'. Sure, maybe if there is no response from the company in a couple of weeks then e-mail again and say 'If I don't receive a response, I will be passing this on to the newspaper', but that isn't step 2 of responsible disclosure.
This isn't to absolve PTV (the company) of responsibility. They should have processes in place such that an e-mail about a security issue will find its way to the right people as a matter of priority, and they should respond immediately to at least confirm receipt of the e-mail. If that didn't happen, then PTV needs to look at why and how to make sure it doesn't happen in the future.
The kid is a kid, so it is understandable that he didn't really follow a good procedure for disclosure. However, can we at least acknowledge that contacting a newspaper because you haven't had a response to your (one) e-mail in just over a week (sent during a major holiday period) isn't responsible disclosure?
So what would differentiate a 'good PR stunt' from 'good transparency practices'?
If that police department engages in other anti-transparency behaviour which indicate that any apparent transparency efforts are actually cynical PR smokescreens then sure, calling this a PR stunt is a reasonable. However, if the PD is not engaged in other anti-transparency behaviour, and this particular effort to be more transparent is dismissed out of hand as cynical PR activity then it doesn't encourage others to follow suit.
You're absolutely right: I somehow misread the article to imply it was a very weak processor, which it doesn't say at all. It certainly has the potential to be vulnerable to side-channel attacks, which is a significant concern if it is plugged into an untrusted machine (which would be the whole point), and tools would need to be written to minimise these risks (much as they are for more ordinary machines). I don't see any particular reason it would be vulnerable to a replay attack, though (assuming you are using an external device to confirm encryption/decryption or password providing operations; otherwise there is no protection from just requesting passwords for every site, etc).
Having a sub-computer separated from the main system could be very useful for when you want to be able to perform operations without some of the data required to perform them being on the host machine. The main example I can think of for that would be password management or encryption, where you don't necessarily want either your password database or your encryption keys on the host computer but you want to be able to easily retrieve passwords or perform encryption.
If you really wanted to, then you could use a trusted connection over the Bluetooth to require a phone to approve/deny encryption operations and/or password requests. That way, a bad app on your computer couldn't steal all your passwords without you knowing.
Of course, this particular computer is not going to be powerful enough to perform encryption/decryption but it is an interesting direction.
Having someone stand behind you and make you vote a certain way could be a problem - especially if employers started coercing employees to vote a particular way in the office (which no employer may ever do, who knows, but there is a power difference and proximity).
The bigger problem is vote buying. If you can prove to someone that you've voted one way rather than another then suddenly vote-buying becomes possible. (In contrast, there is currently no way to prove which way you voted to someone else. As such, if someone pays you to vote a certain way they are basically limited to hoping you follow-through on your promise. They can't check.) Considering the amount of money being spent on election advertising, outright buying of votes could be quite a low-cost way of winning an election. If it was $100 per vote, then the election could have been turned by spending under $500m in a few key states, and frankly I suspect you could probably convince a non-voter to vote your way from the comfort of their own home for less than $100.
This is not a security vulnerability or even criticism by any stretch. The bank‘s app is (arguably) more secure than Google Authenticator (which keeps secrets around in plaintext), and this article should be seen as praise for the bank’s app, which does things the right way by (mostly) adhering to the TOTP standard, and protects its data as well as technically possible.
Yes, because any TOTP app must be able to read the secrets to generate the OTP, it must have any encryption keys internally, so it can never really be safe from cloning (unless it relies on a hardware encryption component which the phones don't have). Still, storing in plaintext makes grabbing the token data particularly easy.
Re: parental control packages, I agree - they already exist.
Your second argument, though, is not so good. First, there is a large gap between "pure and innocent" from sex and viewing double-anal online. Similarly, because it is much easier to legislate rules on printed media, there are indeed print magazines full of naked women, but notably less printed magazines available with double-anal.
So, in summary. (Scale approximate) Pure and innocent Not pure and innocent Printed nudie mags Dual-arse-fucking videos
far right maybe too hardcore for kids?
Note: not supporting Internet censorship; just pointing out problems with your argument.
Sure, this is easy. I think it's ok for someone to make a filter so parent can block their own children from "free access to information".
I think it would be kind of lame for a parent to use that to block access to a wikipedia. I think it would be completely understandable for a parent to try to use that to block hardcore pornography. That is, for a parent to try to block access for their own children.
The filtering problem in that context (parent blocking access by child) is that the filters are inaccurate and ineffective, not that filters exist as such. In fact, when my child is starting to use the Internet, I'd be quite happy if I could actually block porn, and only porn. You call it censorship? I call it parenting.
Slashdot Mirror
What would you expect someone who works as a data scientist for a company which does mass mailing say? Sure, Mail Chimp isn't a spamming service (through requiring double-opt-in) but a central part of its service is including trackers in e-mail to check if you're opening it.
I'd be more dubious if it was a data scientist from doubleclick, but not necessary much more.
Have you ever tried following a GPS based just on listening to it?
It's much harder than you might think (although that probably depends on the specific GPS unit because of the varied detail of instructions).
s/wikipedia/wikimedia
They will benefit from Wikipedia adding H.264 support to the same extent everyone else will, because WebM and OGG will remain the reference formats, and content will be automatically transcoded.
It would certainly be advantageous for all devices to have WebM and OGG support, but not having H.264 on Wikipedia isn't going to strongarm Apple into supporting WebM and OGG.
I don't like proprietary formats, but when talking about automatic transcoding for device support it is something that I think is necessary and worthwhile.
What, like Java?
Maybe you need to take a class on how to use Google. I found the real journal in about 10 seconds
Actually, the problem is that domain name doesn't resolve for me, even on the authoritative name server (see dig output below).
(instead of your suspicious, bare IP, possibly set to collect visitors' IPs).
Yeah, because I want your IP address so I can... something?
Dig output: ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15395 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available
# ; <<>> DiG 9.8.3-P1 <<>> @NS1.SITELUTIONS.COM www.issuesinmedicalethics.org.
# ; (1 server found)
#
#
#
#
#
# ;; QUESTION SECTION: ;www.issuesinmedicalethics.org. IN A
#
# ;; ANSWER SECTION:
# www.issuesinmedicalethics.org. 86400 IN CNAME issuesinmedicalethics.org.
# ;; AUTHORITY SECTION:
# issuesinmedicalethics.org. 1 IN SOA ns1.sitelutions.com. drjessy.lycos.com. 16 28000 7200 604800 1
# ;; Query time: 259 msec ;; SERVER: 67.208.74.19#53(67.208.74.19) ;; WHEN: Tue Jan 14 10:59:31 2014 ;; MSG SIZE rcvd: 130
#
#
#
# ; <<>> DiG 9.8.3-P1 <<>> @NS1.SITELUTIONS.COM issuesinmedicalethics.org. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62497 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available
# ; (1 server found)
#
#
#
#
#
# ;; QUESTION SECTION: ;issuesinmedicalethics.org. IN A
#
# ;; AUTHORITY SECTION:
# issuesinmedicalethics.org. 1 IN SOA ns1.sitelutions.com. drjessy.lycos.com. 16 28000 7200 604800 1
# ;; Query time: 259 msec ;; SERVER: 67.208.74.19#53(67.208.74.19) ;; WHEN: Tue Jan 14 10:59:53 2014 ;; MSG SIZE rcvd: 112
#
#
#
A good idea, but the journal no longer appears to exist.
Their old site is still hosted over at Hostgator. Well, maybe it is their old site. It contains 'Lorem ipsum' text.
The last cache from Archive.org was September 2013.
Totally. ... ...
Citation 1: a lot of people have been vaccinated
Citation 2: it has cost lost of monies
Citation 3: it cost the US some monies too
Citation 4: oh, and some of Bill's monies also
Citation 5: Rotary too
Citation 6: new WHO name-and-shame policy
Citation 7, 8: an acronym exists which no-one knows the origin of
Citation 22: Bill really, really wants polio gone. Seriously, he's been campaigning.
Citation 25: the first kind of relevant one to their claims, but doesn't actually seem to say what they say it does
Citation 26: Provides alternative explanation for their interpretation of Citation 25
Citation 27-28: Don't actually speak to the possible relationship and vaccine at all, but rather say that NPAFP is more dangerous than polio (loosely)
Citation 29: my personal favorite. Data which shows that in regions with number of doses, and cases of NPAFP. The winning characteristic is certainly that the claimed result is true, if you cherry-pick the regions for which it is true. i.e. if you look over all the regions and across times then you do find what they claim in two regions: the ones they present.
I'm winding it up there. The first of the 40 citations which is really relevant to the claimed connection between the vaccine and NPAFP is citation 29.
Citations 31+ likewise appear to not actually lend any support to the claim of an association between the vaccine and NPAFP, but rather point out that India has high rates of NPAFP (which is consistent with some of these being caused by enteroviruses spread via the fecal-oral route).
In summary: the paper remains bollocks, and virtually all of the 40 citations actually have 3/8 of FA to do with supporting their claim.
It was an unrelated qualitative study, designed to "We conducted a qualitative research to explore care and support for children with AFP after their diagnosis."
I'm aware of that. I wasn't claiming that was the focus of the paper. The point was that the paper provided information about the coincident testing for NPAFP and vaccination, and thus the fact that they would occur together is not evidence for NPAFP causing NPAFP. Which would be why that quoted part didn't include such a claim and was on another line.
Just for fun, though, we have non-polio enteroviruses detected in numerous stool samples of those experiencing AFP and such enteroviruses can be associated with NPAFP. Seems like an possible cause for some of those cases.
There is also this article in 'The Hindi':
The non-polio AFP rate was not correlated with the number of oral vaccine doses that were administered, countered the WHO Country Office in its response. The largest number of oral vaccine doses given in India was in 2004, which had the lowest non-polio AFP rate in the last eight years. Moreover, although the number of oral vaccine doses given in the country had shown a continuous decline since 2007, the non-polio AFP rate had increased during the same period. In Bihar and U.P. too, there were similar trends of reduced oral vaccine doses and rising AFP rates during 2007-2011.
Maybe I'm not making this clear about the paper you're citing. It is a paper that makes big claims and provides no evidence. It's opinion. It's opinion, and an opinion that I have not seen replicated anywhere else, and that I have never seen supported by any other paper, ever. The comment to The Hindi by the WHO country office is in direct contradiction to the claims made in that paper (and for good reason: they were rebutting the paper).
Another interesting quote from the same paper [1] p. 116:
We have seen how polio, that was not a priority for public health in India, was made the target for attempted eradication with a token donation of $ 0.02 billion. The Government of India nally had to fund this hugely expensive programme, which cost the country 100 times more than the value of the initial grant.
It could have cost 40 bazillion times the value of the original grant, and that wouldn't make one iota of difference to the relationship between the polio vaccine and NPAFP.
So, the way it works is that Gates buys pharma stocks, then bribes few officials in India for $0.02 billion to make their country spend 100 times more on the program. Of course, the pharma makes big bucks not only on the vaccines, but far more on life-long "management" of the diseases they caused, all the while Bill's pharma stocks go up. Having been scammed of intellectual property by Microsoft in mid-1990s, I can see that Bill Gates hasn't changed his "ethics" one bit after moving into the "charity" business. It's same old Bill Gates.
And thus, he caught the bus to crazy-town.
NPAFP is a genuine problem, but it is a genuine problem that would be better addressed by addressing NPAFP rather than hanging off the words of one paper by two doctors in one country-specific medical ethics journal with no supporting evidence.
We are safe only as long as the virus does not mutate beyond our current vaccines...
(From my understand) a key part of making sure that it doesn't mutate is having everyone properly vaccinated. If people catch it and thus provide a place to replicate, it gives it more opportunity to mutate.
That said, I'm not a virologist.
Yeah, I knew someone would bring up that one guy who wrote a paper in the Indian medical ethics journal which contained no data to substantiate the claims.
Of course, you could look at another paper discussing polio vaccination and surveillance in India which says that "[t]he programme [of polio vaccination] includes surveillance of acute flaccid paralysis (AFP) to detect and diagnose cases of polio at early stage. Under this surveillance, over 40,000 cases of AFP are reported annually since 2007 regardless of the number of actual polio cases".
Could it be that perhaps the correlation between vaccination and NPAFP was because the surveillance was part of the vaccination programme and the temporal relationship was not inherently vaccination -> NFAFP.
So maybe it is time to, as the paper suggests, move the fuck on.
Apparently a similar problem exists for motorcycle helmets, which led to things like the ATR-1 helmets being built. They basically have two different ways of absorbing force, one for low-energy impact and one for high-energy impact.
Responding to oneself is generally bad form, but:
http://www.badscience.net/wp-content/uploads/Screenshot-2013-12-13-17.12.05.png
In summary (and partially concordant with the person I initially criticised): On a community-wide level, requiring people wear helmets may not reduce head injuries, but on an individual level if you are cycling and can add a helmet to your cycling without changing your behaviour, you are probably safer with the helmet.
(This requires a bit of reading into the paper, and a couple of assumptions: Assumptions are: drivers don't suddenly start being dickheads around you because you're wearing a helmet, and you don't start being a dickhead because you put on a helmet. If those two hold, then the case-control rather than community-wide studies are more applicable to the individual choosing whether or not to wear a helmet).
I'm not sure I communicated my position. I don't trust cyclehelmets.org, which I think is anti-mandatory-helmet-wearing, to present balanced information, in the same way I don't trust WUWT, which variously seems to deny either climate change or the anthropogenic aspect of climate change, depending on the line de jour.
I absolutely acknowledge that car-cyclist collisions are only one of many types of serious accidents. I personally do wear a bicycle helmet, and have smashed up several helmets through: being hit by a car (x1), sliding on oil on the road (x2), catching on tram tracks (x2).
Mainly, what I was saying is that many of the arguments levelled against having mandatory helmet wearing (or indeed helmet-wearing at all) are not actually about the effectiveness of helmets per se, but about the supposed broader effects of wearing helmets. I also think they're mostly, though not universally, bullshit arguments.
I should point out: I'm in Victoria, Australia, which has both mandatory helmet wearing and mandatory seatbelt wearing. There is a bit of a movement in Victoria to eliminate the requirement to wear helmets, but it isn't one I care about either way.
I hate to say it, but my impression is that linking to http://cyclehelmets.org/ for issues of helmets is like linking to WUWT for issues on climate change. It has a particular position, and runs with it (whether that is intentional or not). They are by no means unique in this, and are also not the only position in the discussion to do it.
That said:
1. Dumb cyclists will be dumb, and if someone rides less cautiously because they think a helmet will protect them they are dumb
2. Dumb drivers will be dumb, and if a driver is really driving less cautiously around a cyclist on the basis that a helmet will protect the cyclist they are not only dumb but outright dangeous
3. Crossing the threshold with 100% of the force is still probably going to be more damaging than crossing it with 50% of the force (if 50% is absorbed by the helmet)
4. And many are caused by non-rotational impacts, which helmets reduce
5. Dumb cyclists are dumb, and if the pool of cyclists is largely made up of dumb cyclists then that doesn't mean helmets reduce safety, just that if a bunch of less dumb cyclists were added to the pool they would dilute the apparent stupidity of the group overall. Not saying cyclists are stupid, but rather that the number of stupid cyclists is the same irrespective of whether it is 100 stupid cyclists in 101 total cyclists, or 100 stupid cyclists in 1000 total cyclists.
6. If #5 is in fact true (and there is little agreement on it) then this is true, and indeed having more cyclists on the road very likely does make it safer for all cyclists.
There in another arguments for not requiring helmets, also based on the idea that requiring helmets reduces the number of cyclists: even if helmets do reduce the likelihood of death or brain injury in an accident, the advantage of improvement in overall community health as a result of more cyclists offsets the disadvantage of a subset of these being dead or brain injured.
I don't expect people to even wait weeks. I just expect someone to make at least a modest effort to make sure his single email sent on a public holiday during a major holiday period was seen rather than making step 2 'contact newspaper'.
If he had, in that week, emailed twice and called on the phone once and been ignored then contacting a newspaper prior to the problem being addresses wouldn't be so nuts, but that isn't what happened.
He hasn't been arrested. The company called the police. Big deal.
Now can we talk about 'responsible disclosure'? He was a kid, so it isn't surprising that he would go about some things in a bit of a silly way, but he identifies as a white hat so he really needs to get his head around it if he doesn't want to get arrested at some point in the future.
What happened:
1. He e-mailed the company about the issue on boxing day, in the middle of the Christmas holiday period. Which e-mail address? (i.e. security, webmaster, customer support, who knows; writing content, who knows).
2. He didn't get a response for [i]more than a week[/i], so he contacted a newspaper
3. The newspaper contacted the company, gave them time to fix the problem, and then published. Publication was on 8/01/2014 - 14 days after the kid sent the original email.
Maybe I'm a bit odd, but in my head the step right after 'not receive response to e-mail that I sent about security problem in the middle of the holiday period' is not 'contact newspaper'. It is 'send another email, and specifically request a response when received and that it be forwarded onto IT staff'. Followed by 'make a phone call to customer support'. Sure, maybe if there is no response from the company in a couple of weeks then e-mail again and say 'If I don't receive a response, I will be passing this on to the newspaper', but that isn't step 2 of responsible disclosure.
This isn't to absolve PTV (the company) of responsibility. They should have processes in place such that an e-mail about a security issue will find its way to the right people as a matter of priority, and they should respond immediately to at least confirm receipt of the e-mail. If that didn't happen, then PTV needs to look at why and how to make sure it doesn't happen in the future.
The kid is a kid, so it is understandable that he didn't really follow a good procedure for disclosure. However, can we at least acknowledge that contacting a newspaper because you haven't had a response to your (one) e-mail in just over a week (sent during a major holiday period) isn't responsible disclosure?
So what would differentiate a 'good PR stunt' from 'good transparency practices'?
If that police department engages in other anti-transparency behaviour which indicate that any apparent transparency efforts are actually cynical PR smokescreens then sure, calling this a PR stunt is a reasonable. However, if the PD is not engaged in other anti-transparency behaviour, and this particular effort to be more transparent is dismissed out of hand as cynical PR activity then it doesn't encourage others to follow suit.
You're absolutely right: I somehow misread the article to imply it was a very weak processor, which it doesn't say at all.
It certainly has the potential to be vulnerable to side-channel attacks, which is a significant concern if it is plugged into an untrusted machine (which would be the whole point), and tools would need to be written to minimise these risks (much as they are for more ordinary machines). I don't see any particular reason it would be vulnerable to a replay attack, though (assuming you are using an external device to confirm encryption/decryption or password providing operations; otherwise there is no protection from just requesting passwords for every site, etc).
Having a sub-computer separated from the main system could be very useful for when you want to be able to perform operations without some of the data required to perform them being on the host machine. The main example I can think of for that would be password management or encryption, where you don't necessarily want either your password database or your encryption keys on the host computer but you want to be able to easily retrieve passwords or perform encryption.
If you really wanted to, then you could use a trusted connection over the Bluetooth to require a phone to approve/deny encryption operations and/or password requests. That way, a bad app on your computer couldn't steal all your passwords without you knowing.
Of course, this particular computer is not going to be powerful enough to perform encryption/decryption but it is an interesting direction.
Note: as pointed out by others, the same could be acheived using postal voting. Maybe postal voting is simply a bad idea, too...
Having someone stand behind you and make you vote a certain way could be a problem - especially if employers started coercing employees to vote a particular way in the office (which no employer may ever do, who knows, but there is a power difference and proximity).
The bigger problem is vote buying. If you can prove to someone that you've voted one way rather than another then suddenly vote-buying becomes possible.
(In contrast, there is currently no way to prove which way you voted to someone else. As such, if someone pays you to vote a certain way they are basically limited to hoping you follow-through on your promise. They can't check.)
Considering the amount of money being spent on election advertising, outright buying of votes could be quite a low-cost way of winning an election. If it was $100 per vote, then the election could have been turned by spending under $500m in a few key states, and frankly I suspect you could probably convince a non-voter to vote your way from the comfort of their own home for less than $100.
The most interesting comment for me was this:
This is not a security vulnerability or even criticism by any stretch. The bank‘s app is (arguably) more secure than Google Authenticator (which keeps secrets around in plaintext), and this article should be seen as praise for the bank’s app, which does things the right way by (mostly) adhering to the TOTP standard, and protects its data as well as technically possible.
Yes, because any TOTP app must be able to read the secrets to generate the OTP, it must have any encryption keys internally, so it can never really be safe from cloning (unless it relies on a hardware encryption component which the phones don't have). Still, storing in plaintext makes grabbing the token data particularly easy.
Re: parental control packages, I agree - they already exist.
Your second argument, though, is not so good. First, there is a large gap between "pure and innocent" from sex and viewing double-anal online. Similarly, because it is much easier to legislate rules on printed media, there are indeed print magazines full of naked women, but notably less printed magazines available with double-anal.
So, in summary.
(Scale approximate)
Pure and innocent Not pure and innocent Printed nudie mags Dual-arse-fucking videos
far right maybe too hardcore for kids?
Note: not supporting Internet censorship; just pointing out problems with your argument.
Sure, this is easy.
I think it's ok for someone to make a filter so parent can block their own children from "free access to information".
I think it would be kind of lame for a parent to use that to block access to a wikipedia. I think it would be completely understandable for a parent to try to use that to block hardcore pornography. That is, for a parent to try to block access for their own children.
The filtering problem in that context (parent blocking access by child) is that the filters are inaccurate and ineffective, not that filters exist as such.
In fact, when my child is starting to use the Internet, I'd be quite happy if I could actually block porn, and only porn. You call it censorship? I call it parenting.