It's not even that. One thing I learned while working on a project that wanted to pull EMR data was that different hospitals could have their own schemas. One division in the hospital found that the standardized codes for what they were doing weren't robust enough and invented their very own coding system which was used in that single division of that single hospital and nowhere else.

Good luck translating that to any other coding system anywhere else.

I'm not sure I can even blame them for creating their own coding system. They're doctors who found that the tools available didn't meet their needs and found a solution. Down the line it makes data transfer more difficult, but is that something doctors should really be concerned about when they're trying to accurately record medical information about their patients?

Which HL7 standard do you mean? V2 or V3? (So HIPAA can't be HL7 2.0, since HL7 is already up to 3.0.)

Or FHIR, the amazing new standard from the people who brought you HL7 that brings the amazing bewildering complexity of HL7 to you in a nice new XML-based format?

I worked on a project that wanted to take in a bunch of data from a hospital's EMR and essentially do some analysis on it. The project was canceled before we ever managed to get data out of an EMR because it turns out to be nearly impossible.

"But aren't there EMR data export standards?"

Why, yes, yes they are! Multiple ones, in fact!

Unfortunately, the formats are complex enough that basically every single EMR has the ability to format a perfectly standards-compliant document representing the exact same data in an entirely different way.

And that's ignoring that, as I recall, we discovered that ultimately the data we were looking for were entered into the hospital's EMR as PDFs. The EMR could locate the PDFs, but it didn't "know" the data they contained.

So I'm not at all surprised to learn that doctors are resorting to faxing records. It's almost certainly easier than trying to exchange them digitally.

You make a phone that can't be bent by being left in someone's pocket, so that if it is bent, it clearly was damage beyond the scope of the warranty?

They have a video. That's exactly what they do: they place the phone on two blocks of wood, and then have a machine apply a set amount of pounds of force to a bar placed across the middle of the phone.

About all their test tells you is that you shouldn't take Consumer Reports tests seriously if this is the kind of testing they're going to do. Especially because the people bending the phones weren't bending them straight in the middle, they were bending them right below the volume buttons. Which is also where their test phone's case actually breaks, even though the bend is down where they placed the bar.

Also make sure to remove /bin/sh, because (at least on my Mac, and I'm fairly certain I haven't screwed around with /bin) rather than have /bin/sh be a symlink or a hard link, /bin/sh is a copy of /bin/bash. Not sure why.

Right now, I think they're just blindly hitting web servers with headers set to exploit the vulnerability and hoping they get lucky. So less of a "scan" and more of a "spray and pray" type deal.

I think some versions of Apache shipped with a cgi-bin that contained a shell script as an example, so that would be another thing to try hitting first.

Well, Apache and literally every other CGI container since that's how CGI works: the HTTP environment (headers and various other stuff) is passed to the script being executed via specifically named environment variables.

You and everyone else.

The attack surface is "anywhere you can influence the values of environment variables prior to bash being run." Where exactly is that? Well...

The easiest example of that are CGI scripts, where the web server will set environment variables to values that are taken directly from HTTP headers. If the CGI script is a bash script (why would you do that?) or ever happens to fork out to a bash script in any way (that's more understandable), it's vulnerable.

But that's just one example. Any place a remote value gets stuck straight into an environment variable and a bash script gets run is vulnerable. And people are almost certainly going to slowly find more and more places where that's the case.

If you just want to know if you're vulnerable, there are one-liners that will determine if you're still vulnerable, but since the first fix didn't, chances are, you very well could be.

True, but generally security patches get backported to whatever the current Cygwin version is.

So the vulnerability is as of now fixed with today's 4.1.12-5, which isn't the latest version of Bash.

No, they have two million players, not two million subscribers. There's a very important difference there.

Remember that the game has a free trial now. Inflating that player count is very easy.

Weren't they suppose to be announcing active player numbers recently? Notice how that never happened? Gee, wonder why.

The idea that a failed MMO from 2010 could someone be a competitor in 2014 while requiring a subscription is just so laughable I don't even no where to start. And, yes, I've played 2.0. They removed everything interesting from their horrible launch and ripped off as much of World of Warcraft as they possibly could. It's still not worth playing and the lack of active subscriber numbers bears that out.

Wildstar is still in flux because they managed to scare a ton of their original player base away but they're now working hard on earning them back. Destiny has already entered that wonderful "wait until the next patch" period where it's flat-out not worth playing until updated. (And how I wish Destiny players would stop whining about that, but that's a different issue.)

I notice you didn't bother mentioning ArcheAge, which is the current "big MMO" that's drawing a ton of players away from other MMOs. It sounds like it's the MMO that people wanted TESO to be. Could be interesting or could flame out in a couple of months. We'll just have to wait and see.

You know what, based on previous Apple stories, probably not.

Apparently Apple is so stupidly secretive about their new phones that when they beta test the new hardware, they require them to be in special "camouflage cases" to prevent outsiders from getting a sneak peak at the new phone.

So it's entirely possible that they literally never tested having the phone in a pants pocket the entire day without it also being in a rigid case that prevented the problem from happening.

Apparently this only affects iPhone 6/6 Plus phones.

I wonder what the chances are that they just accidentally forgot to include the drivers for the new TouchID sensor and the new cellular radios in those phones? Because that would be a truly hilarious QA mistake.

"What, we were supposed to try this on our flagship phone? Oops."

Wait, so iOS 8.0.1 prevents hipsters from unlocking their phones and from making calls?

And Apple is calling that a bug and pulling the update over that?

This sounds like the best version of iOS Apple has ever created! Why would they want to stop people from upgrading? Get iOS 8.0.1 out to everyone as fast as possible!

I just updated Cygwin to the latest, and yes, it's still vulnerable. (At least its bash-4.1.10-4 is, I suppose it's possible that the mirror I'm using is out of date.)