No, they just went to a population where HIV is already relatively common and a large number of people don't usually take adequate precautions against it (i.e. use condoms) and then studied the effects of the vaccine on that population's total infection rate over time.
How do you know? I RTFA, and I don't see it mention their procedures anywhere.
The researchers had sought HIV-negative men and women between the ages of 18 and 30 years old who were at an average risk of infection.
...
From 2003 to 2006, half of the volunteers received the vaccine, and the other half a placebo. Those taking part never learnt which one they had been given. After that, the volunteers received an HIV test every six months for the next three years. Of those who took the dummy injection, 74 of 8,198 volunteers became infected, compared with 51 of 8,197 who took the vaccine.
All volunteers had received counselling on how to prevent infection throughout the trial, and those who became infected were given free access to HIV care and treatment. Two people have since died.
No, they just went to a population where HIV is already relatively common and a large number of people don't usually take adequate precautions against it (i.e. use condoms) and then studied the effects of the vaccine on that population's total infection rate over time. It's not the greatest way to test this (since you have no way to tell if it's just down to random variations in the two population's levels of exposure) but doing it properly (i.e. deliverately exposing people) is pretty unethical to say the least.
Of course, you can also test the vaccine on animal models which are deliberately exposed to HIV so we know there's a good chance it will be effective if the population study then shows these kinds of results to corroborate it.
Ultimately one of the purposes of drug trials is also to look at side-effects. Assuming the side-effects of this vaccine weren't too bad, with that kind of effectiveness rate it would seem this stands a reasonable chance of widespread deployment, in which case it'll be possible to gather more data.
I am actually allergic to peanuts. While what you say about "warning: may contain traces of nuts" was true a few years ago, in the past five years or so (at least in the UK where I live), the labelling has got significantly better. There is usually now a box which says something like the following:
Contains: Milk, Wheat, Gluten & Soya
Other Allergens:
Recipe: No nuts
Ingredients: Cannot guarantee nut free
Factory: no nuts
Of course, this is as well as the old legal disclaimer (as you point out, the issue is that some people are extremely sensitive - so even if the farmer driving the combine to collect the wheat used for flour in their bread eats nuts for lunch, they have a problem) but this is one area where *more* labelling is a very Good Thing.
I suspect that they had adequate probable cause in that these guys had already been convicted last year of conspiracy to murder. If you ask me, this trial was a huge waste of public money to prove that these people really were terrorists (well, duh... conspiracy to murder isn't terrorism? WTF?).
What's worse, it seems to have been only thinly reported that another 3 people they were trying to convict (who were acquitted on a hung jury last year) were actually acquitted again. This should be seen as a scandalous waste of resources which could have been spent bringing other cases to trial earlier in my opinion.
Great... except that AFAICR English law doesn't recognize the prohibition on fruit of the forbidden tree. The prohibition on intercept evidence is entirely separate, and (I think) aimed at preventing defence counsel from obtaining information which could either compromise intelligence sources or give away other related information.
Another way to put this though is that we're democratizing technology. 50 years ago, only the wealthy could afford to own a car, or a television, or a computer, or to travel by air. Today, everyone except for the very poorest can afford all of those things. I'd argue quite strongly therefore that cheaper is better.
Exactly... which is apparently one argument people have made about why China stopped using the firing squad quite so much in favour of lethal injection - this was reported as long ago as 2006, e.g. here.
One thing I don't quite get though - doesn't lethal injection leave the poison/drugs (whatever you want to call it) in the organs so they'd be pretty dangerous to use for a transplant?
The old multiples make a lot more sense when you consider that the units come from agricultural civilization and many of the units are physically meaningful in themselves. In this sense, I'd definitely say they're more "natural" than the metric system. You can see this type of thinking starting to be duplicated in some parts of physics even - e.g. using electron volts rather than joules.
For inches/feet/yards, they approximate the sizes of parts of the human body you might use for measuring things - eg an inch is roughly the length between the tip of the thumb and the first joint (or historically the width of the thumb); a foot is pretty self-explanatory (though you measure including footwear); and a yard is roughly the distance from the tip of the thumb to the tip of the nose when the arm is outstretched (think how you might use this to measure cloth). And of course the mile derives from the Roman empire, where it was a thousand paces.
For the other common distances, a rod (5.5 yards) is the standard length of the goad used for plouging fields, i.e. the width you can plough at once. A furlong (40 rods) is the distance you would plough before giving the animals a rest. And an acre is roughly the amount of land you could plough in a day (40 rods by 4 rods, so you'd rest your animals 3 times in a day).
Where I would agree with you is with the chain - it derives from the tools used for the first efforts at surveying England in the 17th century and I would agree that as such it's not really a particularly useful or "natural" measure.
the entire globe managed to switch to the metric system, including the U.K.
Oh really? Let me know how that 400-metre drive from London to Edinburgh works out for you...
In all seriousness, the UK now has a rather mixed system. We still use Imperial measures for road signs, beer (but not spirits or wine), milk, and (association) football and cricket pitches (but not athletics or swimming distances) among other things. In other areas, we sell things in metric quantities which are suspiciously close to the old imperial measures - e.g. you'll commonly buy a 454g jar of marmalade in the supermarket. And if you ask a butcher for a piece of steak "5 centimetres thick" he'll look at you funnily...
While it is (I think) in general true that the US carmakers' European models are often superior to their US models, I'd bear in mind that mpg figures for US cars always look smaller than for UK cars purely because the units are different. (US gallons are smaller than Imperial gallons).
A UK car doing 50mpg is equivalent to a US car doing around 42mpg... and that's before you account for differing measurement standards as well, if you're looking at advertised rates rather than measured or car-reported performance.
It's worse than a specially crafted image - there's a code injection flaw in the httpd server so merely accessing a URL that looks like "http://routerIP/cgi-bin/;command_to_execute" will do the trick. That URL can be put in a malicious tag on an HTML page and the user most likely won't even notice it.
Sales figures for iPhone are 600% up on the year ago quarter. That seems to indicate they are doing something very right, given that they're a business, not a club for hackers.
How sustainable is that though? At the moment, Apple have the advantage because people don't realise you can put "apps" on other phone models and noone else has a simple "store" for them.
Most of those Bermuda/Cayman holding companies exist not to avoid taxes entirely, but rather to keep the US from double-taxing profits that have already been taxed once by Europe/Asia, which is what the US does when this offshore trick isn't used.
This is bogus argument. US has tax treaties with most of the rest of the world that prevent double taxation
They don't prevent double-taxation. They just ensure that you end up paying the higher of the two tax rates.
This is an important difference because there are large classes of investors who are treated as tax-exempt in their local jurisdictions (e.g. pension funds where investment returns are taxed on an individual level when paid out as a pension). This puts these investors at an unfair disadvantage if they invest through a US entity because this means they ARE subject to double-taxation.
The point of those sorts of methods is to use them in online voting type schemes - there are mechanisms you can use to drastically reduce the avenues for attack and I find it disappointing that whenever some government proposes using online voting for "proper" elections in some way or other, they seem to think that the way forward is to use a web form with usernames and passwords.
For "traditional" elections, you don't need a machine at all - pencil and paper works perfectly well and isn't prone to all the issues around voting machines. You could use machine counting if you wanted (and make people to fill in a full square like on optically marked exam papers) but even that's unneccessary - paying enough people to physically count the votes every 4 or 5 years isn't very expensive.
Frankly, the biggest risk in most "real-world" voting systems is at the point of voter registration - registering dead, non-existent or non-eligible people to vote is the most obvious and cheapest angle of attack whatever the counting mechanism. And those are a much harder set of problems to solve because both false negatives and false positives are extremely damaging to the system.
No, the point is that the authorities can't (in practice) read the individual votes, only the sum of all the votes. This works because:
using certain encryption schemes, it is possible to calculate an encryption of the sum of the encrypted votes without knowing the decryption key;
it is further possible to set up an encryption system where no one party knows the decryption key but a number of parties (the authorities in this case) can cooperate to decrypt a message; and
the authorities can (collectively) be trusted enough to cooperate to decrypt the total, but not to cooperate to decrypt any individual vote; and
It is possible to design a (cryptographic) voting protocol with the property that, even if you were to show someone a copy of your actual electronic "ballot paper" (which is encrypted in a certain way so as to maintain a secret ballot), it is impossible to prove whether you voted one way or another.
By then designing the system to allow multiple votes from any one voter and only counting the last valid vote, this makes the only possible method of coercion physically imprisoning the voter during the entire time the polls are open. Since paper ballots are already susceptible to the same attack (albeit this only prevents people from voting at all, rather than forcing them to vote one particular way), this is probably acceptable to most people.
These schemes are designed to preserve the secrecy of individual ballots using a form of distributed decryption between multiple authorities (e.g. you could assign each political party to be an authority), so that at least a majority of the authorities would need to collaborate in order to decrypt any one vote. Systems can also be made robust to "rogue" authorities who don't follow the protocol correctly.
The votes can all be summed while encrypted and then the parties collaborate to decrypt the actual result.
Unfortunately there seem to be no real-world implementations of any of the numerous proposed protocols for proper cryptographic electronic voting, and very few people seem to be interested in implementing one. It's the sort of thing that governments, if they want to go down the route of online (or even electronic) elections, really ought to be sponsoring the implementation of.
This process is distressingly common. But don't be fooled - noone was strong-armed; many/most EU countries use the EU to get domestically unpopular legislation passed and it's now become a case of "you scratch my back and I'll scratch yours".
There's usually sufficient flexibility in the EU regulations that the national governments still get a choice as to whether to implement these laws or not, they just get to effectively bypass their legislatures. The whole process is often called Policy laundering.
GBP 50 a month?! O2 offer 20 down/1.3 up (ADSL2+) for about GBP 13 per month (you need to buy an O2 PAYG SIM card and top up GBP 10 every 3 months to get that rate - it'll work out even cheaper if you actually use the call credit). It's unlimited usage too (and as far as I can tell there are no "secret" limits where they start throttling you or cancel your service either).
use an LLU provider like TalkTalk or Sky (unfortunately this will often force you to go with the same provider for ADSL and they tend to tie you in for long periods with high cost/hassle to change away) - you can check who is present in your exchange using Samknows
use a so-called WLR (Wholesale Line Rental) provider. The only one I know of is the Post Office - this has the advantage that you aren't restricted as to your choice of ADSL provider
use Carrier Pre-Selection (though you still pay line rental to BT but no call charges) - there are a huge number of providers in this space
ditch the phone line altogether and go with a WiMax, 3G or satellite provider
go with Virgin Media (unfortunately even worse than BT) for phone and broadband
All except for using Virgin Media or WiMax/3G involve indreictly giving money to BT at least for use of their last-mile copper and floorspace but they all mean BT makes less money from you
Actually, O2 are now completely separate from BT. They were spun out of BT in November 2001 (as a result of overpaying for their 3G licence) and then bought by Telefonica in early 2006. Subsequent to the spin-off, BT launched their own independent MVNO using Vodafone's physical network which is the mobile network their 3G mobile broadband offering is based on.
Encryption systems with this ability are called homomorphic. Systems where this can be achieved efficiently include ElGamal (in which it is possible to compute an encryption of the product of two plaintexts given only two ciphertexts) and the Paillier system (in which it is possible to compute an encryption of the sum of the two plaintexts given only the ciphertexts).
As you say, this property is pretty useful for applications such as secret ballots (when combined with distributed secure computation protocols which are mostly derived from this).
The difficulty with using this approach to database operations is that it is likely to involve transmitting an awfully large set of data which sort-of negates the point again as others have said about the papers cited in the original question.
... intercepting and replacing the adverts on a page is tantamount to theft of advertising revenue...
Not that I want to be seen to defend Phorm, but that's just not what their system does.
To be fair to you, some of the original secret trials did include nasty rewriting of web pages to include their ads but they pretty quickly dropped this (I suspect more because it didn't work well enough than for any moral or legal reason given their dubious track record and the previous lives of the individuals behind Phorm).
Phorm monitors your general web usage using Deep Packet Inspection at the ISP level, even and especially on sites which have never signed up with (or even heard of) Phorm, in order to build up a behavioural profile of you. They then use this to serve you targeted ads when you browse to a site which is signed up to their ad hosting service.
What's more, they decided to not only track what sites you visit, but do keyword analysis of the content of the pages served to you by third parties. They claim this data is anonymized but we all know that in reality you could probably identify any given user from the data they collect with >50% probability as recent studies on anonymized data sets have shown.
Slashdot Mirror
No, they just went to a population where HIV is already relatively common and a large number of people don't usually take adequate precautions against it (i.e. use condoms) and then studied the effects of the vaccine on that population's total infection rate over time.
How do you know? I RTFA, and I don't see it mention their procedures anywhere.
It's been reported fairly widely elsewhere. See, e.g., this article from the BBC:
No, they just went to a population where HIV is already relatively common and a large number of people don't usually take adequate precautions against it (i.e. use condoms) and then studied the effects of the vaccine on that population's total infection rate over time. It's not the greatest way to test this (since you have no way to tell if it's just down to random variations in the two population's levels of exposure) but doing it properly (i.e. deliverately exposing people) is pretty unethical to say the least.
Of course, you can also test the vaccine on animal models which are deliberately exposed to HIV so we know there's a good chance it will be effective if the population study then shows these kinds of results to corroborate it.
Ultimately one of the purposes of drug trials is also to look at side-effects. Assuming the side-effects of this vaccine weren't too bad, with that kind of effectiveness rate it would seem this stands a reasonable chance of widespread deployment, in which case it'll be possible to gather more data.
I am actually allergic to peanuts. While what you say about "warning: may contain traces of nuts" was true a few years ago, in the past five years or so (at least in the UK where I live), the labelling has got significantly better. There is usually now a box which says something like the following:
Contains: Milk, Wheat, Gluten & Soya
Other Allergens:
Recipe: No nuts
Ingredients: Cannot guarantee nut free
Factory: no nuts
Of course, this is as well as the old legal disclaimer (as you point out, the issue is that some people are extremely sensitive - so even if the farmer driving the combine to collect the wheat used for flour in their bread eats nuts for lunch, they have a problem) but this is one area where *more* labelling is a very Good Thing.
I suspect that they had adequate probable cause in that these guys had already been convicted last year of conspiracy to murder. If you ask me, this trial was a huge waste of public money to prove that these people really were terrorists (well, duh... conspiracy to murder isn't terrorism? WTF?).
What's worse, it seems to have been only thinly reported that another 3 people they were trying to convict (who were acquitted on a hung jury last year) were actually acquitted again. This should be seen as a scandalous waste of resources which could have been spent bringing other cases to trial earlier in my opinion.
Great... except that AFAICR English law doesn't recognize the prohibition on fruit of the forbidden tree. The prohibition on intercept evidence is entirely separate, and (I think) aimed at preventing defence counsel from obtaining information which could either compromise intelligence sources or give away other related information.
Another way to put this though is that we're democratizing technology. 50 years ago, only the wealthy could afford to own a car, or a television, or a computer, or to travel by air. Today, everyone except for the very poorest can afford all of those things. I'd argue quite strongly therefore that cheaper is better.
Exactly... which is apparently one argument people have made about why China stopped using the firing squad quite so much in favour of lethal injection - this was reported as long ago as 2006, e.g. here.
One thing I don't quite get though - doesn't lethal injection leave the poison/drugs (whatever you want to call it) in the organs so they'd be pretty dangerous to use for a transplant?
If the police wish to follow my every movement then they need a court order
No, they don't. They don't even need a warrant to, e.g. break in and put covert CCTV cameras in your home
The old multiples make a lot more sense when you consider that the units come from agricultural civilization and many of the units are physically meaningful in themselves. In this sense, I'd definitely say they're more "natural" than the metric system. You can see this type of thinking starting to be duplicated in some parts of physics even - e.g. using electron volts rather than joules.
For inches/feet/yards, they approximate the sizes of parts of the human body you might use for measuring things - eg an inch is roughly the length between the tip of the thumb and the first joint (or historically the width of the thumb); a foot is pretty self-explanatory (though you measure including footwear); and a yard is roughly the distance from the tip of the thumb to the tip of the nose when the arm is outstretched (think how you might use this to measure cloth). And of course the mile derives from the Roman empire, where it was a thousand paces.
For the other common distances, a rod (5.5 yards) is the standard length of the goad used for plouging fields, i.e. the width you can plough at once. A furlong (40 rods) is the distance you would plough before giving the animals a rest. And an acre is roughly the amount of land you could plough in a day (40 rods by 4 rods, so you'd rest your animals 3 times in a day).
Where I would agree with you is with the chain - it derives from the tools used for the first efforts at surveying England in the 17th century and I would agree that as such it's not really a particularly useful or "natural" measure.
the entire globe managed to switch to the metric system, including the U.K.
Oh really? Let me know how that 400-metre drive from London to Edinburgh works out for you...
In all seriousness, the UK now has a rather mixed system. We still use Imperial measures for road signs, beer (but not spirits or wine), milk, and (association) football and cricket pitches (but not athletics or swimming distances) among other things. In other areas, we sell things in metric quantities which are suspiciously close to the old imperial measures - e.g. you'll commonly buy a 454g jar of marmalade in the supermarket. And if you ask a butcher for a piece of steak "5 centimetres thick" he'll look at you funnily...
Unless they use ksplice
While it is (I think) in general true that the US carmakers' European models are often superior to their US models, I'd bear in mind that mpg figures for US cars always look smaller than for UK cars purely because the units are different. (US gallons are smaller than Imperial gallons).
A UK car doing 50mpg is equivalent to a US car doing around 42mpg... and that's before you account for differing measurement standards as well, if you're looking at advertised rates rather than measured or car-reported performance.
It's worse than a specially crafted image - there's a code injection flaw in the httpd server so merely accessing a URL that looks like "http://routerIP/cgi-bin/;command_to_execute" will do the trick. That URL can be put in a malicious tag on an HTML page and the user most likely won't even notice it.
See the Register article on it from a couple of days ago.
Sales figures for iPhone are 600% up on the year ago quarter. That seems to indicate they are doing something very right, given that they're a business, not a club for hackers.
How sustainable is that though? At the moment, Apple have the advantage because people don't realise you can put "apps" on other phone models and noone else has a simple "store" for them.
When (not if) that changes, their stupid approval model for apps will ensure that developers focus their efforts elsewhere.
It's odd how quickly people forget. I would have thought the population of Germany is one of the most sensitive to the problems of a police state?
Most of those Bermuda/Cayman holding companies exist not to avoid taxes entirely, but rather to keep the US from double-taxing profits that have already been taxed once by Europe/Asia, which is what the US does when this offshore trick isn't used.
This is bogus argument. US has tax treaties with most of the rest of the world that prevent double taxation
They don't prevent double-taxation. They just ensure that you end up paying the higher of the two tax rates.
This is an important difference because there are large classes of investors who are treated as tax-exempt in their local jurisdictions (e.g. pension funds where investment returns are taxed on an individual level when paid out as a pension). This puts these investors at an unfair disadvantage if they invest through a US entity because this means they ARE subject to double-taxation.
The point of those sorts of methods is to use them in online voting type schemes - there are mechanisms you can use to drastically reduce the avenues for attack and I find it disappointing that whenever some government proposes using online voting for "proper" elections in some way or other, they seem to think that the way forward is to use a web form with usernames and passwords.
For "traditional" elections, you don't need a machine at all - pencil and paper works perfectly well and isn't prone to all the issues around voting machines. You could use machine counting if you wanted (and make people to fill in a full square like on optically marked exam papers) but even that's unneccessary - paying enough people to physically count the votes every 4 or 5 years isn't very expensive.
Frankly, the biggest risk in most "real-world" voting systems is at the point of voter registration - registering dead, non-existent or non-eligible people to vote is the most obvious and cheapest angle of attack whatever the counting mechanism. And those are a much harder set of problems to solve because both false negatives and false positives are extremely damaging to the system.
No, the point is that the authorities can't (in practice) read the individual votes, only the sum of all the votes. This works because:
See, for example, this paper.
Other solutions to the problem involve authorities cooperating to ensure that votes are anonymous but they don't seem as elegant to my mind.
It is possible to design a (cryptographic) voting protocol with the property that, even if you were to show someone a copy of your actual electronic "ballot paper" (which is encrypted in a certain way so as to maintain a secret ballot), it is impossible to prove whether you voted one way or another.
By then designing the system to allow multiple votes from any one voter and only counting the last valid vote, this makes the only possible method of coercion physically imprisoning the voter during the entire time the polls are open. Since paper ballots are already susceptible to the same attack (albeit this only prevents people from voting at all, rather than forcing them to vote one particular way), this is probably acceptable to most people.
These schemes are designed to preserve the secrecy of individual ballots using a form of distributed decryption between multiple authorities (e.g. you could assign each political party to be an authority), so that at least a majority of the authorities would need to collaborate in order to decrypt any one vote. Systems can also be made robust to "rogue" authorities who don't follow the protocol correctly.
The votes can all be summed while encrypted and then the parties collaborate to decrypt the actual result.
Unfortunately there seem to be no real-world implementations of any of the numerous proposed protocols for proper cryptographic electronic voting, and very few people seem to be interested in implementing one. It's the sort of thing that governments, if they want to go down the route of online (or even electronic) elections, really ought to be sponsoring the implementation of.
This process is distressingly common. But don't be fooled - noone was strong-armed; many/most EU countries use the EU to get domestically unpopular legislation passed and it's now become a case of "you scratch my back and I'll scratch yours".
There's usually sufficient flexibility in the EU regulations that the national governments still get a choice as to whether to implement these laws or not, they just get to effectively bypass their legislatures. The whole process is often called Policy laundering.
GBP 50 a month?! O2 offer 20 down/1.3 up (ADSL2+) for about GBP 13 per month (you need to buy an O2 PAYG SIM card and top up GBP 10 every 3 months to get that rate - it'll work out even cheaper if you actually use the call credit). It's unlimited usage too (and as far as I can tell there are no "secret" limits where they start throttling you or cancel your service either).
In no particular order you could:
All except for using Virgin Media or WiMax/3G involve indreictly giving money to BT at least for use of their last-mile copper and floorspace but they all mean BT makes less money from you
Actually, O2 are now completely separate from BT. They were spun out of BT in November 2001 (as a result of overpaying for their 3G licence) and then bought by Telefonica in early 2006. Subsequent to the spin-off, BT launched their own independent MVNO using Vodafone's physical network which is the mobile network their 3G mobile broadband offering is based on.
Encryption systems with this ability are called homomorphic. Systems where this can be achieved efficiently include ElGamal (in which it is possible to compute an encryption of the product of two plaintexts given only two ciphertexts) and the Paillier system (in which it is possible to compute an encryption of the sum of the two plaintexts given only the ciphertexts).
As you say, this property is pretty useful for applications such as secret ballots (when combined with distributed secure computation protocols which are mostly derived from this).
The difficulty with using this approach to database operations is that it is likely to involve transmitting an awfully large set of data which sort-of negates the point again as others have said about the papers cited in the original question.
... intercepting and replacing the adverts on a page is tantamount to theft of advertising revenue ...
Not that I want to be seen to defend Phorm, but that's just not what their system does.
To be fair to you, some of the original secret trials did include nasty rewriting of web pages to include their ads but they pretty quickly dropped this (I suspect more because it didn't work well enough than for any moral or legal reason given their dubious track record and the previous lives of the individuals behind Phorm).
Phorm monitors your general web usage using Deep Packet Inspection at the ISP level, even and especially on sites which have never signed up with (or even heard of) Phorm, in order to build up a behavioural profile of you. They then use this to serve you targeted ads when you browse to a site which is signed up to their ad hosting service.
What's more, they decided to not only track what sites you visit, but do keyword analysis of the content of the pages served to you by third parties. They claim this data is anonymized but we all know that in reality you could probably identify any given user from the data they collect with >50% probability as recent studies on anonymized data sets have shown.