Kind of a dark horse, but how about Harry Potter and the Methods of Rationality?

The actual science is clearly delineated from the magic. The mindset it's trying to inculcate is a really useful one to be able to enter.

Just don't make 'em think it resembles Harry Potter, because I don't think it does.

No sex, but it's not likely to be endearing to people who don't believe in questioning authority. And it is unabashedly propaganda for a certain way of thinking.

I agree with the parent on the Heinlein juveniles. There's actual science in there, particularly bits of Newtonian physics. Somebody mentioned "Have Space Suit, Will Travel", which would be a good choice.

I'd have no problem with my kid reading "Accelerando", but I'm not sure a middle school teacher could get away with assigning it. There's the whole BDSM rape scene and all.

I'd say Greg Egan, but he'd definitely be for advanced middle schoolers only. The problem with him is that he tends to either throw you into a world so weird that an inexperienced science fiction reader may be completely lost, or assume that you already know "real science" at a university level and build from there. Maybe Vernor Vinge?

Don't forget popular nonfiction. Some of it can be entertaining.

"Ender's Game" has zero science, and "Hitchhiker's Guide" has negative science.

All of which are limited by "any restrictions placed on the sharing of such information by the protected entity or self-protected entity authorizing such sharing". If that entity does not place such restrictions, then the minimization procedures, however defined, do not apply.

It says they CAN clean it if they WANT to... to whatever degree the sharing entity considers to be "appropriate". So if some "protected entity" or "self-protected entity" hands something over, it can restrict downstream sharing. It can require whatever anonymization it wants, including no anonymization if it decides that no anonymization at all is "appropriate".

Who's a "protected entity"? Hint: not you. "an entity, other than an individual, that contracts with a cybersecurity provider for goods or services to be used for cybersecurity purposes.".

Excuse me if I don't believe that every "protected entity" or "self-protected entity" has my best interests at heart.

Yes, the practice's security affects the hospital's. Your security affects mine, too, and in fact the security of everybody on the Internet affects the security of everybody else.

Nonetheless, it is not legal, ethical, or appropriate to go around attacking somebody else's systems without their explicit permission. It doesn't matter if you provide them with network service. It doesn't matter if you have (perhaps unwisely) given them access that makes them a potential threat to you. It doesn't matter if you're the "big" network, or if you have more to lose than they do. It doesn't matter if you feel you're "responsible for the whole network". It doesn't matter if they're completely incompetent and overrun with malware.

If you don't have advance permission, and you attack somebody else's system. you're in CFAA violation territory. And if you didn't get that permission in writing, you're an incompetent idiot.

This isn't the wild, wild west. Your motives do not matter. The effect on your own security does not matter. End of story.

They're not auditing their security. They're auditing somebody else's security. "Independent private medical practice" means a separate corporation that happens to have a network link. Not "within their rights", and not legal, either.

Well, my primary point is that the study does in fact mean something and the sample is reasonable. I don't have a lot of investment in the "why" part.

But you can continue your reasoning as long as you want, and end up never being able to say "why". Even if you have video of postal workers throwing away packages selectively, you never know why they did it.

Personally, I'm comfortable saying that this is a strong indication that some human beings somewhere mistreated packages because of the labels.

By the way, that does not mean that I think Christians (or any religious group) are more likely to do things like that than atheists.

I actually suspect (with the full understanding that these data do not say anything about this suspicion) that any package with a visible and potentially controversial label is more likely to get lost or delayed than a package without one. I would expect packages with tape with crosses, or stars of David, or "yay Obama", to get lost more than packages with no tape, because they will attract attention from random people who might dislike their messages. The control packages here had no tape at all.

I will admit that I would expect "atheist" packages to get lost more than "cross" packages, but that's just because there are more non-atheists than atheists, and therefore more chances for an "atheist" package to be handled by an anti-atheist person. If you equalized the numbers of atheists and Christians, you might get similar amounts of lossage for "cross" packages.

Oh, one more point. The study is NOT based on the assumption "that packages sent on the same day will arrive at the same time". It's based on the assumption that any variation in delay should not preferentially affect packages with "atheist" tape if nothing fishy is going on. The issue isn't that all the packages didn't arrive at the same time; it's that the "atheist" packages systematically arrived later... if they arrived at all.

Good point about possibly hidden small N.

And another source of bias is that we wouldn't have heard about this if they hadn't found something spectacular. So if it'd been tried 100 times before and nothing had come of it, we wouldn't know (this is also true for much of the scientific literature, by the way...).

Nonetheless, they found a giant effect. And the packages appear to have been delayed by very different times, and some were lost entirely while others were only delayed. Which makes it a lot harder to come up with one or two common mishaps that would preferentially affect the "atheist" packages. It leaves you with alternative hypotheses of very low probability. I mean, I guess the white tape could gum up the sorting machinery, but I wouldn't bet on it.

No single medical study is ever taken as proof of anything even if it HAS been peer reviewed, especially since they accept p up to 0.05. I'm not sure I believe in absolute proof at all. And if I were going to, I don't know, risk my life or something on an anti-atheist-package bias, I'd require more proof, too. I actually suspect that the size of the effect they found is a fluke. Nonetheless, if you had to bet $10, which way would you bet?

But the attitude I was responding to was "that doesn't mean anything at all, because [well, that's not really explained; apparently it's not a "statistical sample"].

"Sample" is different from "statistical sample". If you qualify "sample" with "statistical", you have to be able to say what a "nonstatistical sample" would be.

The point of a selection procedure is to avoid screwing up the data by introducing biases. In their case, the test group was identical to the control group, so there is basically NO selection procedure they could have used that would have invalidated their finding that the phenomenon exists. If they were trying to compare individual delivery areas against each other in more than an informal "We didn't see this outside the US" way, they would have to be more careful... but their main point is that they do see it in at least some areas of the US, which is valid regardless of whether they covered the US evenly or without bias, or of whether or not it happens outside the US.

Any data CAN be explained by coincidence. It COULD be that there's no causality in the Universe, and every event anybody has observed so far has just been pure coincidence that randomly happened to look causal. The question is how probable you find that to be under reasonable epistemic assumptions.

The standard null-hypothesis p-value method for finding such probabilities puts the chance of coincidence at less than 2 percent for the lost packages, and less than one tenth of a percent for the delays. There are, of course, alternative views on hypothesis testing. I really don't think you want to risk asking the Bayesians what they think, because they're likely to put the probability of coincidence even lower. That leaves you with the philosophies that basically deny that any data can tell you anything at all. Want to go there?

We can argue about causes, but "coincidence" is not credible.

What, exactly, do you mean by "it wasn't a statistical sample"? "Statistical sample" is not a statistical term.

It was a perfectly valid sample over delivery routes, it had a meaningful if not fabulous N, and it also had a control that most data can only dream of. The non-response rate was 4 out of the 89, which means that there really wasn't a chance of selective response removing the significance.

And all the packages WERE NOT delivered. 9 out of 89 packages "atheist" packages never arrived, versus 1 out of 89 "non-atheist" packages. Do 10 percent of your packages get lost? Because I order a lot of stuff by mail, and I don't see lost packages enough to even notice it.

p=.018 on the lost packages. Medical studies wish they could hit that kind of significance on a regular basis. p.001 and a huge effect size on the delays; that sort of thing is treated as more or less certainty in a lot of places, including biology and all of the social sciences.

The only way you could invalidate that would be if you assumed that somebody was outright lying: either the people running the study, or a LOT of the recipients.

I'm forced to conclude that you wouldn't know a "statistical sample" if it bit you on the behind.

I'm not disappointed at all. I'm reacting to somebody who seems to think the job is done when it's not.

All I'm saying is that the present, early stuff is NOT "sufficient for 90% of possible use cases". That doesn't mean I don't realize that things are still at an early stage and progress is being made.

If I tried to teach a human, or indeed if I set an untaught human loose on an unstructured problem, and that human turned around and demanded a huge mass of annotated data, I would not conclude that the human was a good learner, or even "sufficient for 90% of possible use cases". I would conclude that the human didn't have the complete machinery of learning.

C++ has no place in operating system kernels.

True enough. C and all its progeny need to go away. Memory safety and type safety are not optional in critical code.

Or is that not what you meant?

a remote server sited at the device manufacturer.

What, exactly, do you think "the cloud" is? Hint: what you describe is the essence of the cloud.

How do the data get from the device to the cloud? Why, via a local reader. Essentially the same hardware could give the patient the data without involving the manufacturer, which would be a much more secure and robust design as well as keeping control where it belongs. Whether or not you involve the doctor is a separate decision... but it's a lot easier not to involve the doctor if you don't have to deal with going through the manufacturer and then authenticating who's asking.

And TFA is talking about the fact that patients can't just "dial in and bypass their doctors". They're told nothing at all unless they go through the doctor. In fact, one of the people in the article had a critical malfunction, which I'm sure the device knew about, and wasn't even told that. And that is caused by this design. If the patient's local reader were under local control, then it wouldn't even be possible.