Um, you realize that Nature is a magazine, not a journal right? Yes they have peer review but they have a heavy vested interest in publishing exciting-but-possibly-wrong stuff, which they do all the time.

And if results were simply fabricated, peer review can't always catch that as others have said. Though sometimes it is obvious if someone is suddenly able to do something that others have been trying to do but failed, but they can't show WHY it worked for them and not for anyone else. Sometimes quality professional journals, especially in experimental sciences, will have higher peer review standards in that direction than a headline-oriented magazine like Nature.

I'm unsure if you're serious or not.. actually it's the copyeditor's job to catch typos unless they are scientifically relevant. And if you think Nature is a journal and not a journal-like magazine, you are mistaken. TONS of stuff published in Nature turns out to be wrong or overhyped.

I think one of the troubles here is the difference between "YOUR record" and "THE record". I'm not a UK citizen, but I would be surprised if the relevant court records are somehow expunged. Are they? And with the database-driven information environment that we live in, how do we create a workable difference between "your record" and "the record" for private handling of public information.

I'm sorry but if you can sue me for libel for just for stating the fact that you have a "spent" conviction then the law is messed up. This is where we start to get into the fundamental nature of freedom of speech and how it relates even to freedom of thought. (Am I required to be lobotomized if I remember you have been convicted of a spent conviction. Maybe you should actually READ 1984.) I can understand laws that prohibit discrimination or harrassment based on old convictions, but trying to legislate the availablilty of public record information is stupid. I would also argue that this kind of thing is entirely separate from "privacy". There are many things that are "private", but public records are by definition not among them.

You realize that there is effectively no difference between a government-denied chinese hacker and a "non official cover" spy right?

And if they aren't government-employed then this is the completely appropriate action.

In either case, I 'd say its better to get this out in the open where the justice system can work it through rather than just finger pointing. If they're not government-sponsored (as the Chinese claim) then the Chinese should be willing to pony up and extradite them! (The fundamental issue here is really that the line between government and non-government is defined in a very different way in the US and China, both in law and in practice. China is still a single-party rule, which makes it often a matter of semantics what is government and what is not.)

Exactly. The ISPs are holding their subscribers hostage. i.e. abusing their monopoly power to get paid twice for the same service.

Yes, it is a relatively simple culture change really: if someone else paid for you to see or hear it, assume it is a lie or distortion.

The root problem here is the companies that make the drugs that have known properties are refusing to sell them to the state for use in executions. How it is legal for the companies who sell the drugs to discriminate in this way I don't understand. I know WHY they are doing it... due to pressure from anti-death penalty activists. But how it is legal?

And just to be up-front, I'm actually anti-death-penalty. But forcing state officials to euthanize people in inhumane ways in order to make headlines does not seem... humane.

Well I would say that is just evidence of the problem. If update adversely impacts stability that badly then updates are not being managed/tested properly, which is exactly the problem with OpenSSL. This also brings up another point -- a lot of the stability problems are due to interaction with various other (broken or oddly-functioning) SSL implementations. The correct way to handle that is with rigourous and extensive test cases, not just closing your eyes and not updating.

I would say it wasn't just OpenBSD either -- it appears that everyone was very reluctant to update from 0.9 to newer versions. This tells me that people knew the development practices weren't up to snuff. It's just too bad that it took such a major exploit to kick everyone in the head and get them to put proper development practices in place for OpenSSL. Many eyes don't work if everyone is intentionally holding their nose and looking the other way.

I think the basic problem is that we are not at war with country X.

I actually believe the basic bill of rights applies to the agents of government, not the people. i.e. it does not just protect these special people called "citizens", it restrains the government from certain actions, such as denial of due process of law, against any person. However, the general "rule of law" does not apply in a war zone. The problem is that we have become stupendously lax about exactly where the wars the US is currently fighting actually are. Are we at war with Pakistan? No, but we perform military strikes inside Pakistan without their consent. Are we a warlord or a modern country?

I disagree that there was no way to catch this. From code I saw, at its core, it was a simple case of using memcpy with the size of the destination buffer rather than the source buffer. Any automated bounds checker would have caught this. But, in addition, there should have been a compliance test that a packet with a specified size bigger than its payload went unanswered since anything else is noncompliant with the RFC. Clearly the person who wrote the RFC understood that answering a heartbeat request with a size different than its payload was a potential problem since the behavior was specified. To me, both of these mean that OpenSSL is enough lacking in validation testing to make me pretty nervous. No wonder everybody has been sticking to 0.9 versions for years if the path forward is this fraught with uncertainty.

MITM requires active interception to eavsdrop, wheras an unencrypted connection is vulnerable to passive eavesdropping. That is the sense in which an encrypted but not properly authenticated connection is "better". Also if the ID of the offered certificate is logged it is possible to audit for a MITM attack after the fact. According to Snowden, the NSA can crack 1024 bit certs' private keys. So really even properly verifying the cert is not secure depending on who your adversary is.

Really, if you're listening to reasonable people it's not expensive at all to have satellite-based ACARS enabled on all planes and have it include some basic flight information. In fact we knew from the first day or two that this plane had flown on for hours after the incident, the Malaysians were just not listening to the satellite techs. And if Malaysian air had simply paid the several thousand dollar fees we would have hours data to work with. These "real time tracking" people are just ambulance chasers. The problem here is that the plane flew on for so long after losing ground contact and Malaysian air was not paying for satellite service. So make intermittent satellite relayed updates mandatory. The additional infrastructure costs... $0. It's already in place.

Do you have references for that with real re-analysis of the radar data? Ones that aren't confused reporters citing "anonymous sources" that they might be misquoting. Reporters are really bad about leaving out little things like "maybe" or "under the assumption that..." which are night and day when eliminating possible options.

It seems more likely that the earlier analysis of the radar data mixed up the plane with another one after it got across the penisula. Also it has been said that there is quite a bit of uncertainty in the radar altitude measurements during the airplane's supposed altitude changes. Do you have a reference that actually discusses what the radar data can and cannot exclude in a technical way? The search is sure acting consistent with a plane that just flew on to the southwest unpiloted. Surely they have made some assumption about the behavior during this time in computing the current search area. What were those assumptions? I haven't seen any technical discussion of this, and would really like to.