Well, yes, really. The reason these claims are showing up right now is because he thinks he's finally cracked exactly that issue. The transplant is intended as a means to test that theory. And he can't do it on typical patients suffering from severed spinal cords due to trauma of some sort, since his idea relies on a very particular way of cutting the spinal cord, apparently.

Because we're not in the habit of wanton experimentation that might kill all of the patients involved. That's why we wait for there to be a case where they're going to die anyway. That way, no matter what happens, doctors have not violated their first oath to do no harm. Worst case, the person dies, just as they would have otherwise.

To each their own. Or, in this case, to each the other.

At least. The articles the other day all misreported the source material, since the source material said there were a hair under 1M purchasers who ordered an average of 1.3 devices each, yielding about 1.25M watches pre-ordered, and that was just in the US alone on the first day for pre-orders. Later numbers from other sources indicated that global pre-orders on day one were closer to 2.5M units.

But yeah, watches are worn all over the world by hundreds of millions of people. His question is just plain silly.

I still remember not being happy when I came home to discover that my parents had purchased a cell phone for me so that they could keep in touch in case anything happened while I was at work for a summer internship in college. I remember staring at it in my hand—even before turning it on or setting it up—and thinking, "This device is a ball-and-chain." It stripped me of the control I had over when and under what circumstances people could contact me, and placed that control in their hands.

At least modern smartphones are very pretty and light balls-and-chain, but they still are what they still are. I live and breathe on the Internet (even did my grad research with an Internet research lab at a major university), but I relish when I'm able to be away for a week, whether it's a cruise, a cabin in the woods, or a few days camping out on a remote beach. Absolutely marvelous.

How did he hold it hostage? He disclosed the vulnerabilities to them privately before doing anything else. This wasn't a case of "shame them now, hope for a payout later". It was a case of "responsible disclose it privately, then do a stupid thing by disclosing it publicly before they've had a chance to pay you". As much as I don't like Groupon, I'm not sure which side of this disagreement I think is (most) in the wrong.

Good points all around. The one thing I might quibble about is the inability to remove the WiFi network. I can't check it at the moment, but I distinctly recall trying to delete "attwifi" as a recognized network years ago, back when I first noticed I had connected to it unexpectedly. That said, I'm not representative of a typical user, and 34% is higher than I had realized, so as I said, good points, and thanks for the rebuttal.

You're doing just fine, and your response to all of our comments has been both polite and appropriate. We'll always complain about the summary. :P

They use the word "force", but as the attack was originally described, what they're actually talking about doing is spoofing a network that your device already recognizes. More or less, if an attacker knows your home WiFi SSD or can make a lucky guess about what other SSIDs your device might already recognize (e.g. ones that your device was programmed to know out of the box), they can name their malicious network in such a way to possibly get you to automatically connect to it as a recognized network.

There's nothing particularly novel about that attack, and contrary to their verbiage, it doesn't force anyone to join a network, nor can it even easily be used in conjunction with this attack for the vast majority of users. Is it a potential problem? Absolutely, but only for a small subset of users. The way they're phrasing it and talking about it, it seems pretty clear that they're trying to boost their own profile a bit. For most cases, the two attacks can't be used together unless the malicious agent is stalking their victim.

I loaded the page before you comment existed, started reading the source material, typed up a response to the first OP in the comments with the same question I had, posted my response, and only then had the page refresh with your comment. That's what I was getting at. Sorry if I was unclear.

We all make mistakes, and your comment down below that you're referring to didn't exist at the time that I started reading and then typing a response to the first OP who had the same question I had. By the time I posted, your comment existed, of course, but I hadn't seen it.

I was curious as well, so I read through their presentation slides and their press release.

The gist of the attack is that they've crafted a malicious SSL cert that can cause strange behavior in apps and the OS itself, including the possibility of initiating a crash-reboot-get malicious SSL cert-crash cycle. Once you get stuck in that cycle, there's no way to turn off WiFi, hence why they said that offline mode would not remedy the issue. That said, offline mode can indeed keep you from getting stuck in that cycle to begin with, and the researchers even recommended it as one of the ways to avoid the problem entirely. Alternatively, if it's already too late for you and you're in the crash loop, simply leaving the area will fix the issue for you, since you'll be able to pull down valid SSL certs and reboot as normal.

Which is to say, the summary has it wrong, since the attack cannot cause you to enter the crash loop while you're in offline mode, but you won't be able to enter offline mode once you're in the crash loop, so offline mode cannot save you at that point. Only leaving the area will work.

In the case of GlucoWatch, the page you linked indicates that it's used for up to 13 hours at a time, taking samples every 10 minutes. In contrast, this device can only do one sample at a time, after which you send it off to a lab for testing. They're targeting patients who may need to monitor cancer or infection on an infrequent basis with a turnaround of a few days, as opposed to people who need immediate blood measurements, such as diabetics monitoring their blood sugar levels.

I don't know enough to suggest that that addresses your concern, but at the very least it would seem to lessen the chances that the problems associated with long-term use would occur.

You pay into the tax system with the promise that your children could take advantage of public schools if you so desired. In this case, that promise is being broken, hence why I mentioned the idea I did. That said, I'm clearly not a fan of my own idea, as I had hoped I made clear.

Even when "cut off" from the roads, you still benefit from their presence in other ways, such as public transit, postal service, or produce getting delivered to your grocer. Moreover, driving is considered a privilege, not a right. That's why you need training, testing, and a license, rather than being able to just grab a car and get on the road.

Incarceration is a special case, but it does bear some similarity to the case at hand, since in both cases we're talking about removing from the general population people who are a danger to society. The big difference is, however, is that criminals are responsible for the danger that they themselves present, whereas these children are not. Yet regardless of that, we're talking about stripping them of their rights all the same.

You can see why I'm conflicted.