It's not about preconceived notions: most scientific examinations of GM don't ask the right questions. Few people doubt that the current generation of GM foods are probably safe to eat and probably don't cause massive environmental harm. But some rather more relevant questions are:

- Can we rely on the integrity of the people who will test the next generation of crops and do we have sufficient controls in place to prevent biased testing

- Are the risks of GM food - however small they may be - borne by the people who profit from the technology? If not, how do we address this fundamental disconnect?

- What are the long term risks of reducing genetic diversity amongst our food crops? Does it make us more vulnerable to unexpected, intercontinental crop failures or reduce our ability to cope with climate change?

- What are the social, economic and geopolitical consequences of making third world farmers dependendend on multinational companies?

- What are the social, economic and geopolitical consequences of the planet's primary food sources being subject to patent controls?

I'm not comfortable that any of these questions have been properly addressed.

No one has access except you because you keep your phone and PC confidential? Maybe... except your partner. Except your partner's hi-tech friends. Except your practical-joking mates. Except your kids. Except your stepkids. Except your fosterkids who plan to file a false report with their social worker. Except your kids' friends when you're down the pub. Except the chap who nicked your phone when you were in the pub. Except your housekeeper, if you have one. Except your employer, if it's a corporate phone. Except the guys at the Genius bar when it breaks. Except the police, when you're stop-and-searched. Except the Al Quaeda cell that have been targeting you as a member of the police / military / government and nicked your phone. Except the unscrupulous private detective hired by a journalist writing a story about your private life if you're a public figure. Except US immigration, and UK immigration, and everywhere else's immigration. Except the guy who put a Trojan on your PC. Relax! What could possibly go wrong?

All the frequent flier perks that you describe - priority boarding, advance seat booking, etc - are basically queue jumping. That's great for the jumper, but it makes service worse for evereyone else, and that's why the traditional airlines are so bad for most leisure travellers. With the low-cost model, everyone is equal, so I'm not a second class citizen waiting to be pushed aside to make room for the favoured few.

Under the DPA, there's an arcane difference between data controllers and data processors. ACS:Law would almost certainly have beome a controller of this data, so Sky's responsibility would have ended once it was securely transferred. A particular problem for ACS:Law is that the DPA places additional safeguards around sensitive data, which includes sexual orientation and practice. Data that allegedly describes individuals' pornography viewing habits almost certainly falls within that definition, and deserves particular security measures. The ICO is right to be incandescent with rage.

I just finished reading a book to my son that originally belonged to my great-great grandfather. Apart from it being a great story, it was humbling to join in a family tradition that has survived 6 generations.

What's the chance of a DRM'd Kindle ebook still being readable in 150 years?

...why I no longer buy and am never likely again to buy any products made by Apple.

No report that I've read suggests that 7-Eleven will be punished for this, even though they were self-evidently negligent with their customers' data - SQL injection vulnerabilities would by uncovered by any perfunctory peer review, security review or penetration test. In the UK, they'd be looking at a huge fine from the Office of the Information Commissionerfor this.

It also throws the whole PCI/DSS scheme into question. If PCI means anything, a company that demonstrates an attitude to security that's this relaxed should immediately have their right to process cards payments withdrawn by their sponsoring bank.

Two factors that need to be taken into account in country comparisons are the average circulation life of a note and the highest value coin in common circulation; both factors have a major effect on the number of times each note will be handled. My experience of travelling to the US is that elderly, scruffy notes are much more common than here in the UK, probably because we have only three values of note in wide circulation, two of which are distributed by all cash dispensers. Worn out currency is therefore quickly replaced. Also, our largest coin - £2 or $3.20 - is big enough to ensure that a huge number of day-to-day transactions (newspapers, sandwiches, public transport fares, etc) are made entirely with coins. Once a transaction is big enough to need paper money, it's often large enough for a credit card to be preferred. Our notes are therefore handled by far fewer people than dollar bills.

I'm not sure if you're citing PCI rule to say that the requirements are too strict or because you think most people ignore them, but I'll bite anyway. You might be right that PCI is commonly ignored (it's a contractual requirement, not a regulatory one, so the risk of non-compliance is much lower than with other data protection rules), but IMV, the requirements are pretty sensible.

If your hosting package doesn't allow you decent control over the firewall, it has no place in an ecommerce platform.

Use a different web development company. I'd be unlikely to want to deal with any developer who ever suggested FTP for the transfer of important data.

If Linux and Windows boxes share the same network, you should run anti-virus software everywhere.

Yup. Have coding standards, peer review of code, formal test and release cycles, segregation of duties between ops and dev staff, a viciously strict regression test cycle and systematic testing for SQL injection, cross-site scripting, etc. It's not rocket science.

Your contract with your hosting prvider should address these security issues - in fact, they should be able to confirm that they're PCI compliant themselves. If they can't demonstrate that physical access to data, including backup tapes, is properly controlled, you need another hosting company.

We schedule frequent (but deliberately irregular so that our ops guys don't know what's coming) internal and external penetration tests. I'm appalled that anyone one should consider building an ecommerce platform with commissioning pen testing.

We're not required to be PCI compliant, but I know we'd pass a PCI audit with very little difficulty. The standards simply reflect good practice, and we aren't interested in being second rate.

I can't give a legal answer for US companies, but its my job to consider questions like this for a UK based financial services business. Google's applications are essentially the same as any other outsourced services, and UK law is based on the premise that you can outsource activity but you can't outsource responsibility.

What this essentially means is that a UK business is expected both to have a legally enforceable set of data protection contract terms and to have conducted a risk assessment supported, where appropriate, by a detailed appraisal of the outsourcer's policies, procedures and practices. FWIW, the conclusion that I've drawn is that Google apps are completely unuitable for any UK business that processes customer data, as there is no guarantee that the data will remain in the EEA (European Economic Area) or another country that has equivalent data protection principles enshrined in law. UK business are not allowed to process personal data in the USA without express customer consent because its data protection laws fall short of ours.

That's fine if you have no personal integrity. The rest of us might have a problem.

Speaking as a senior manager in financial services, I would: in my industry, the cost of a developer's time is small compared with the value of the systems and data that he works on. But I'd be very suspicious about an employee who told me that he'd be 10x less productive because his internet access was sandboxed.

i'd respectfully suggest that the kind of quant that refuses to play nicely with security policies is the kind of quant that I'd rather not employ. And as I'm the kind of guy who gets to decide who works in parts of a financial services company, I'd also respectfully suggest that the kind of quant who refuses to play nicely with that kind of policy will find his career and earnings opportunities somewhat constrained compared with the kind of quant who's prepared to fit in with company policy.

You don't need internet access that is in any way shared with your development work. Completely sandboxed internet access in a totally locked down thin client session might be OK, but you certainly don't need to be able to upload data to remote servers. If you think you do, you need to go and read up about segregation of duties.

But I don't expect you to agree. Your signature displays more about your attitude to the world than you perhaps realise.

I can't read the original article so I might be inferring something incorrect. But who on earth though it was a good idea to give internet access to someone with access to valuable source code? Whatever happened to role based access restrictions?