"well, distributions backport security fixes, so 5.3.3 is secure on distro XYZ".

Are you aware of any analysis as to the extent that is actually true, ie for distro X or Y which patches really have been backported and which are skipped?

I had a quick poke about the W3Tech site and couldn't really see much of their methodology, especially in terms of how they identify PHP usage and what version is being used. I'd have though that if you looked at their PHP page there should be a not insignificant number where they can reasonably guess it's using PHP (due to file extensions in URLs perhaps) but not be able to identify the version being used.

I wonder how much your "% of installs that are secure" statistic could be inaccurate due to most (I'd hope) sites that care even slightly about security suppressing the Apache header PHP version information. Are they just missing from the W3Tech stats? It's possible that a significant number of the "secure" PHP installs could be invisible to your calculations because the sort of people who keep their software up to date are the same people who follow fairly basic server set up recommendations.

I suppose there are also questions as to what "insecure" means in practice. For bulk hosting sites running unknown third party code everything is critical but for a lot of sites running their own code whether they are actually "insecure" depends not only on what PHP does but also what their code does. Eg for the most recent PHP 5.4 release there is a fix for a fairly nasty looking bug in unserialize(), but (as I understand it) a site admin with a defined codebase might quite legitimately determine that they never use unserialize() on user generated data and not be in any rush to update if they have other things to be doing. PHP version 5.4.35 might be "insecure" for the purposes of your stats but may not be in practice someone's server if they know they don't use unserialize() in an exploitable fashion (or mcrypt).

None of the above should be interpreted as criticism of your analysis, just food for thought. I find what you have done very interesting and expect that even if there are 'hidden' secure servers, the number of insecure ones would still be alarmingly high.

How is GMail necessary to the growth of the middle class? There's 1.3 billion people who can pick from any other email provider. Compared to creating an OS from scratch, creating and running an email service is trivial.

The bigger concern is that you may not be able to reach any users of the very popular (and state-supported) Chinese services. If you can't do business with people in China through Gmail (and corporate GMail is a significant portion of GMail), you will switch to a provider who does. Or Google figures out a workaround.

In other words, it's a real concern, but not one I would lose a tremendous amount of sleep over. I'd much rather worry about Chinese hackers absconding with my data than about the Great Firewall blocking my GMail.

Wrong. You said it yourself: radar technology is so sensitive that they have to dial it down, otherwise they're swamped by false positives. If a giant bomb-dropping machine traveling at Mach 2 can pretend to be a sparrow flying over some forest, it's already a win. So it's a huge positive when fighting someone even with that kind of technology. When fighting someone whose AA system is a guy holding an AK-47, it is 100% useless. Until we get to active camouflage.

Is that why the US almost leads the developed world in gun ownership, and blows it away in incarceration rates and gun deaths?

Well, I always like to point people to this incident as a great example of guns and rage really not mixing well: http://www.huffingtonpost.com/2013/09/19/michigan-concealed-carry-road-rage-two-dead_n_3956491.html

And it is still far, far more common than in any other western countries that do have strong gun control laws.

Interesting. Just as a heads-up, HOAs are not all the same, and they're certainly not mandated by the state. They're mandated by developers, who love them due to the fact that they give them the ability to control the look of the development while they're still selling lots, all the while providing them with a lowered financial risk. In that sense, they're definitely not a normal free-association community: you want to buy that house, you join the HOA. Kinda like a union for rich people. Furthermore, they frequently end up being controlled by the people with the most free time: house wives whose kids have left the nest. And that leads to some ugly, ugly rules and enforcements.

What I always find fascinating is that the biggest libertarians invariably live in areas with very strong and expensive HOAs - if not outright gated communities.

Here's the thing: you don't live in your own universe. Where your activities impact and intersect with others, you need to come to agreements on how to behave with those others. Zoning laws are just one way to codify those agreements.

http://jama.jamanetwork.com/article.aspx?articleid=193060 Here's the link that states pretty clearly that the chicken pox vaccine is certainly not highly likely to actually cause Chicken Pox. It helps to read the actual literature.

What? ahref=http://www.cdc.gov/chickenpox/vaccination.htmlrel=url2html-1107http://www.cdc.gov/chickenpox/...> 98% immunity is pretty fucking good. From the same link: "However, the risk of getting shingles from vaccine-strain VZV after chickenpox vaccination is much lower than getting shingles after natural infection with wild-type VZV. " As far as I can tell, you're wrong on pretty much all counts.

The government, with a fund funded by vaccine makers.

If what you do with your body starts to affect my body, you better believe that I'll request a say in what you do with your body.

A democratic government isn't something separate from the population. The population gives legitimacy to the government through regular election. If you don't like the government, take it up with the population that elected it.

That said, this isn't even a case of tyranny of the majority. This is a case of the population codifying rules that are designed to prevent a few asshats from irreversibly harming many individuals and taxing society at large.

To put it in terms you understand: people got together and decided of their own accord that unvaccinated people present a massive and unwarranted risk to them, and they're setting up rules how the people who don't want to get vaccinated can interact with them. Furthermore, your personal freedoms end when they negatively impact my well-being.

Deleting all of Cosby's TV shows and movies would still be wrong as they are a part of our cultural history.

No one is doing that though, there is a difference between no longer promoting something and erasing it from history.

To stretch the Cosby link further, you might (quite reasonably) think things Cosby did in the past are funny and even have value beyond pure humour, as social commentary etc. If that were the case and you know someone who had been abused by Cosby, would you choose to put a Cosby video on for them and expect them to find it an enjoyable experience?

That is the situation MIT is in. They aren't just dealing with 'theoretical' students who might somehow be deprived of some value that only those videos can impart. They are dealing with real students actually effected by the situation at hand.

If you wouldn't knowingly ask someone you care about to be entertained by someone who had abused them, why would you expect MIT to ask someone to be educated by someone who harassed them?