![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif){kind=small}
XKCD starts the whole thing off.
There is an appalling amount of misconception about identification security out there today. And the real underlying problem is that far too many people who use or build sites or services either don't think in terms of security in the first place, or don't understand enough about security to get it right.
But you know one of the things I hate the most about the whole subject?
"Security questions".
Why do I hate security questions?
Because without a single exception that I am aware of, sites that use security questions will not let you define your own questions. They make you pick from a list of preselected "security" questions. And virtually without exception, the correct answers to anywhere from about 60% up to all of the questions you get to choose from are matters of public record. Anyone trying to conduct a serious social engineering attack against you has probably researched you enough to gather all of those answers in advance, and it probably only took a couple of hours at most.
What on earth is the point of using SSL, applying password rules that at least rule out the most trivial passwords, and then FORCING me to pick one or more of a list of "security" questions, the answers to every last one of which are public record?
I've complained in the past to people who work in banking security about this, and had it explained to me in reply that the trouble with letting people choose their own security questions is they can't make people choose good questions.
You know what? I DON'T FUCKING CARE. The answer to some people choosing weak security questions is NOT "Force everyone to use weak security questions". If you force me to have weak security questions that I can identify myself with in the event that I "forget" my password, you have just made it pointless for me to use a strong password, because any potential social-engineering attacker will simply bypass my password. So now, I have to use deliberately false answers to all of my security questions. And THAT means that now I have to write them down, or I'll never remember which false answers I used to which questions on which sites.
Wells Fargo USED to let you choose your own security question. They don't do it any more. "Because we can't stop people from choosing bad questions."
No, but you can for damned sure prevent them from picking GOOD ones.
This is another part of my conviction that both major parties in US politics have completely lost their way. It's not so much a case of throwing the baby out with the bathwater, as that the bathtub is overflowing and the baby is drowning while the Republican and Democrat parties are pulling each other's hair, trying their best to break each other's toys in revenge, and calling each other doody-heads in their screaming argument about what's the proper way to turn off the effing tap. They've both completely forgotten that the baby is even in the tub.
Tell you what, Ms. Lowrey. How about you try that with your credit card company — you know, just call them right up and let them know that you're unilaterally eliminating your credit limit — and let us all know how it works out for you.
I can scarcely believe how many supposedly at least moderately intelligent people think that the "validity of the public debt" clause in the 14th Amendment means the government can pile up debt without limit. What it MEANS is that once it has accumulated a debt, the government is not permitted to simply casually repudiate it and pretend it doesn't exist — say, on the grounds that "but that was a previous administration that spent that money". Come on, people, it's not even big or obscure words like that pesky "well regulated" bit. "The validity of the public debt of the United States [...] shall not be questioned." What does that mean, in the plainest possible terms?
It means this:
The United States may not deny that money which it has borrowed is legally owed, or that it is obligated to repay it.
Nothing more.
Nothing less.
Fiscal responsibility. No wonder the Left is so confused about it.
I had a nerve conduction study this morning, at New England Baptist Hospital.
So, just in case any of you ever wondered ... "nerve conduction study" is a medical term meaning in large part "stick a bunch of needle electrodes into your leg and shoot electrical pulses into them while wiggling them around." You know how about ten or fifteen minutes after you get a really strong cramp in your calf, you have a deep ache where the muscle cramped that feels like a horse kicked you in the back of the leg there? Pretty much my whole left calf felt like that by about an hour after the test. Fortunately, about fifteen minutes walking around when we stopped in Tilton loosened it up (though I could barely stand when I first got out of the car).
The good news is the preliminary verdict (pending full analysis of the results) is that while there's plenty of evidence of past damage to both my tibial and perinial nerves, I have in general good nerve conduction and good muscle recruitment in both. (Not as good as the undamaged right, though; I could quite easily tell the muscle contractions in the right calf were stronger.)
This bodes well for being able to finally fix my ankle up a bit better and make it last this time. (A fix has been attempted before, but I lost a lot of the benefits because my knees just plain hurt too badly to be able to complete the PT. My artificial knees are a lot better in that regard.)
Or, why safety is harming us and our kids: A New York Times article asks whether playgrounds can be too safe.
Well, come on, really? Of course they can. Duh. We as we grow, master physical skills by overcoming obstacles, just as we master mental skills by solving problems. If you are never given the opportunity to attempt those obstacles, you will never develop the skills to overcome them. Period.
As the article points out, this goes beyond the physical, too.
Sometimes, of course, their mastery fails, and falls are the common form of playground injury. But these rarely cause permanent damage, either physically or emotionally. While some psychologists — and many parents — have worried that a child who suffered a bad fall would develop a fear of heights, studies have shown the opposite pattern: A child who’s hurt in a fall before the age of 9 is less likely as a teenager to have a fear of heights.
By gradually exposing themselves to more and more dangers on the playground, children are using the same habituation techniques developed by therapists to help adults conquer phobias, according to Dr. Sandseter and a fellow psychologist, Leif Kennair, of the Norwegian University for Science and Technology.
I think there's another aspect here, though, that the researchers failed to consider. And that's the societal aspect.
Wait, you say, there's a societal aspect to over-safe playgrounds?
Well, yes, there is. There are several, in fact. The general undesirability of a society composed of frightened, underconfident, risk-averse people who shy away from physical exercise because it's scary is obvious. But there's a non-obvious one.
We are creatures of adrenaline. We practise risk compensation. When a behavior is made safer, we indulge in riskier behaviors. We are hardwired to seek out a certain level of adrenaline stimulation.
So what happens when all the risk, all the challenge, is taken out of a playground?
Well, there's still a couple of ways you can get an adrenaline rush out of it. You could find a smaller kid to beat up. Or if the equipment is too boring to actually play on, well, maybe you could see if you can figure out a way to break it. After all, it's no good for playing on. What do you have to lose? And there's the adrenaline rush from knowing you might get caught. Reward!
This is the great unasked question. Do overly-safe, sanitized, cotton-wool-padded playgrounds actually encourage kids to be bullies and vandals?
The creators call them "cinematographs". They are, as it has been put elsewhere, "animated GIFs all grown up".
Take a look through them. Some of them are pretty good.
You want to know what makes the first one particularly awesome, though?
I have a near-silent turbine fan sitting more or less at my seven, set on low. And it's blowing a gentle breeze past me at just the right speed and angle to be blowing her hair.
I am looking at a photo of a beautiful woman on a balcony with her hair blowing gently in the breeze, I can see her hair moving, AND I CAN FEEL THE BREEZE THAT IS BLOWING HER HAIR.
Daaaaaaaaamn.
This C|Net article asks whether Netflix is killing DVDs "like Apple killed floppies". And paints it as a good thing.
Well, first of all, it wasn't Apple that killed floppies. Floppies stayed around long after Apple stopped including floppy drives. The pretensions of the Mac faithful notwithstanding, Apple is far too much a niche player — especially in business — to have the power to singlehandedly kill the floppy disk. What killed the floppy was the rapidly increasing size of data such as digital camera images etc (and the increasing penetration of new forms of digital data, notably MP3 music), rapidly dropping prices on optical media, and increasingly universal availability of write/rewrite capable optical drives combined with improving software integration that made it possible for just anyone to use them. Apple dropping the 3.5" floppy drive from the blueberry iMac was, in the larger scheme of things, a complete non-event. When your mother could drop a blank disc in the DVD burner and drag a video of the grandkids onto it from her camcorder, and have it just work ... THAT'S when the floppy disc's days became numbered.
But let's talk about his premise that Netflix is killing the DVD, and that it's a good thing.
Well, sure. If Netflix isd able to kill the DVD, it'll be a great thing ... for Netflix. And for the studios; it'll get them closer to their dream of you having to pay for your entertainment every time you watch or listen to it. But for anyone else?
Oh, no, it won't be good for the rest of us. Now, we can have our physical media. We can buy the disc once, and watch it whenever we want. Even when our ISP is having technical problems, or there's an outage somewhere and the 'net is crawling. We can buy it, rip it, and put it on a portable device to watch it or listen to it when we're away from a network connection.
But in an all-streaming world?
Oh, yes, Hollywood and Netflix would love that. They'd get to charge you for every time you watch the movie. Every time you listen to the song. What, you want to watch that movie at your vacation cabin up in the mountains, but you have no broadband up there? Too bad. Want to listen to music while you work, but you work in a steel-framed building that jams your 4G connectivity, and your employer doesn't allow music streaming using company resources? Tough. Want movies in the back seat to keep the kids quiet on the seven-hour drive to Grandma's place out in the country? Sucks to be you. Want to watch some niche art film from France that's never sold enough copies to make it worth Netflix's trouble to add it to their catalog? Serves you right for watching that artsy-fartsy foreign crap. Shut up and stream Transformers 7 in 5D.
Choice. Now that's good. A choice of media. A choice of how you access what you want to be entertained by. Use the one that works for you. Stream the movie you figure you'll only bother to watch once. Buy a physical copy of the one you rewatch about twice a year, or the one the kids watch about twice a month.
But if streaming is all there is?
Come on. We're talking about Hollywood. If streaming is the only way you can watch movies any more, how long do you really think it'll be before it costs as much to stream the movie once as it costs to buy the disc now?
I've been playing more with the voice-command navigation, and it's very good. It got "Parker's Maple Barn, New Hampshire" on the first try, and nailed it. Likewise "Best Buy Nashua New Hampshire" and "Best Buy Concord New Hampshire". (I dropped off four obsolete computers and two monitors for recycling today. Three items per household per day means three items per STORE per household per day, right....? Since they don't record any information about who's dropping them off...)
The GPS receiver is a power-hungry little sucker, though. I bought a USB car charger that fits flush into the 12V socket and effectively turns it into two USB charging ports — one of these, which claims to be able to deliver 1A per port — and it was not able to significantly charge the battery between Nashua and Concord with the GPS enabled. After leaving Concord, though, when I turned the GPS off, it managed to charge the battery from 10% to 70% by the time I got home. This is telling me that the GPS receiver and the Google navigation app together are consuming pretty much the entire output of the charger. (However, the phone didn't actually die between Nashua and Concord, which suggests that if it starts out charged, the charger will be able to keep it charged with GPS navigation running. I totally need a more compact cable, though. This one looks like just the thing.)
I have used, so far, 0.025GB of data in the course of probably three to four hours of total GPS navigation use.
I've had it four full days now, and I have to say, it's pretty good. I'm not convinced yet it'll make as good a phone, in terms of voice clarity, as the RAZR2, because the open RAZR is ... well ... more phone-shaped. I suspect the Droid, like most of not all modern smartphones, will be of limited use as an actual phone without a headset.
Well, that's why I had the foresight to buy a headset with it. An inexpensive, corded one, for now; I really don't use a cell phone very often. Seriously, we're talking in the region of six hundred minutes or less per year here. I expect I'll be using the headset whenever possible, and perhaps may eventually get a better headset than the minimalist wired earbuds-plus-inline-mic one I bought to start with.
The screen is nice; large, bright and sharp. The physical keyboard is pretty good, considerably better than the keyboard on the HTC Merge, previously the holder of the Best Keyboard On A Phone title. You can actually realistically type on it, and with a pretty low error rate. (No "damn you, autocorrect".) Battery life so far seems promising; it looks like I should be able to expect 2+ days from the stock 1450mAh battery, in normal use, and probably about three days from the [optional] 1930mAh extended battery. Using it for navigation is harder on the battery; the Google navigation works great, but the GPS receiver is power-hungry. Of course, if using it for navigation, one can use the optional windshield mount and plug it into a 12V USB charger, which you'd probably want to do anyway because if using it for navigation without a human navigator/co-driver you'd (a) need it mounted, and (b) need to turn off screen timeout. I did have to hard-powercycle the phone (power off, battery out for ten seconds) to get the GPS receiver online for the first time.
As for charging, when connected via USB, Gentoo Linux sees it without any hesitation as a 12GB USB-storage device (with about 1.75GB free) and it happily charges, unlike the Motorola RAZR2 it's replacing (which neither mounts as storage nor charges from a Linux box). There are actually three charging options — direct USB connection, included wall-socket USB charger, or an optional inductive charging pad and back cover. The inductive charging back will accommodate the extended battery.
The Droid3 comes with the usual Verizon V-cast applications and a bunch of preinstalled apps, many of which I don't give a crap about (like for instance some Mobile NFL thing). Unfortunately few of them are uninstallable. I uninstalled the WGA golf game immediately (puh-leeze!), and would have ditched the Mobile NFL app as well if I could (I mean, me? NFL? Seriously?), but the only other preinstalled apps that appear to be uninstallable are the Youtube app and 'Nova', which has nothing to do with the PBS documentary series but instead appears to be a trial version of a Halo-alike FPS game. (I uninstalled it too. I have no desire to try to play anything remotely FPS-ish on a screen this tiny, particularly through a phone touchscreen interface.) So far, I've installed a GasBuddy app and ColorNote, a notepad app with a reasonably well thought-out checklist feature.
The built-in cameras? Not bad. Here's a sample from the main (back) camera (quarter scale, click it for full size):
And here's the front camera, intended for videoconferencing, full size:
(Trust me, it's not the camera's fault.)
Things I'd change? Well, I wish the corporate sync didn't force a screenlock password on me. I prefer to choose for myself when I lock it, thank you. And it'd be nice if there was a display timeout choice between two and ten minutes. A five-minute option would be good. Getting the back cover off is a bit of a pain in the ass, but you shouldn't need to do that often.
Oh, hey, I know what I forgot to talk about: The voice recognition. Specifically, voice-recognition navigation mode, which was the first thing I tried voice command on. Untrained, it got "Nashua, New Hampshire" on the first try. Later, we tried "Go home". It got that in one try as well, but didn't know what to do with it. Our street address, it fluffed on the first attempt, but got it perfectly when repeated slightly slower. No doubt it will do even better once I actually go through and train it.
Well, this is going to put the cat among the pigeons. Expect an incoherent rant from Muammar Khadafy any time now.
YES, YES, a hundred times YES.
The TSA and its antics would be hilariously funny, in a hollywood sitcom — assuming you could get an audience to believe that an agency so institutionally incompetent could continue to exist. (Then again, we are talking about government agencies. In that context, I suppose it's not really such a stretch.)
In the real world, where they inconvenience, humiliate, and violate the rights of real people while doing nothing productive except give Congress a false sense of security and swell the coffers of companies that manufacture airport security systems that either don't work in the first place, or which terrorists can figure out how to defeat or circumvent faster than they can be developed and put into service, the TSA is ... somewhere between bewildering, pathetic, and appalling. It has the trainwreck-nature. It strains belief in the limits of stupidity and incompetence. And as if this wasn't enough, the TSA recently announced that it is taking its program of incompetence, exceeded authority, civil rights violations, and sexual assault on the road. (I don't have a link handy right now, I haven't hit the right search keywords. Maybe one of you can provide one.)
The TSA needs to be defunded and dismantled, and sooner rather than later. It is worse¹ than useless as an anti-terrorism agency, wasteful of money that's in short supply, destructive to individual civil rights, and dangerous to the Constitution.
Update
The inestimable ![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
hugh_mannity came through with a reference to what the TSA calls its VIPR program, which currently conducts 8,000 unannounced random security screenings a year, completely devoid of any actual legal authority and in direct violation of the Fourth Amendment.
[1] Yes, I meant it — worse than useless. Partly because it uselessly diverts vital resources from where they can do more good, and partly because the TSA actively tried to prevent implementation of one of the few actual sound anti-hijacking measures put in place in the US, the Federal Flight Deck Officer armed-aircrew program. Then, after it failed to kill the FFDO program, the TSA instead set about a program of actively sabotaging² it by measures such as imposing burdensome application procedures that discouraged most pilots from even applying; restricting FFDO training to a single small, remote facility; summarily disqualifying pilots who fly significant numbers of international flights; and deliberately failing many of the best-qualified trainees in the program. Then they mandated a stupid locking holster that serves no useful purpose whatsoever and has already been the cause of at least one accidental discharge in the cockpit. (And this doesn't even get into the fact that of the first thousand sidearms issued to FFDO program graduates, almost a third were lost, mislaid or misdirected while in TSA hands within the first year of the program, 275 of them in one single three-month period. At least one sidearm was permanently "lost" — or perhaps stolen — and has never been found.)
[2] See the testimony of the Airline Pilots Security Alliance to the Inspector General of the Department of Homeland Security.
C|Net mentions, in their coverage of the final Shuttle mission:
The so-called "flexible path" approach calls for the near-term development of private-sector spaceships to ferry astronauts to and from the space station on a for-profit basis while NASA focuses on designing new, more affordable rockets and spacecraft for eventual voyages to nearby asteroids, the moons of Mars, or even the red planet itself.
You know what the first thing is that NASA should do if they really want to foster development of private-sector orbital launch capability?
NASA should open-source the SSME.
Flawless launch. They nailed it perfectly.
Well ... it happened. I'm an early adopter of a device I thought I'd never want. I pulled the trigger about an hour ago and ordered a new Motorola Droid 3. On the first day of availability, Finagle help me. I'm still hoping I did the right thing. I don't really want a smartphone, but I have to carry one for work, and the issued Blackberry is driving me screaming crazy.
The Droid 3 does have a lot going for it. It has what looks like the best physical keyboard to be found on a phone (I do NOT get along well with phone touch screens, and can't imagine the horror of trying to use one to type), a fast dual-core processor, a large, high-resolution screen, standard 1450mAh and optional 1930mAh lithium-ion batteries, and an optional induction-pad charging system. It's an international phone that'll work on both CDMA and GSM networks. It's not 4G, but I don't care about that since I'll only ever be within 4G coverage on rare occasions anyway. Various pundits have complained about the preinstalled MotoBlur skin, but I figure I'll give it a chance. Hopefully it won't come with TOO much preinstalled Verizon crapware.
And I'll only have to carry one phone ... and it won't be a Blackberry.
Soliciting the wisdom of the collective here.
First, the reasons:
Work issued me a crackberry when I was hired, and I &$@^#^%@%#@ HATE the *@$()*&$#^%^@# thing. It can reduce me to frustrated rage in mere minutes. It's an utter mystery to me how in the name of Nyarlathotep Blackberry ever became a commercial success.
I have an alternative. Work wants me to have a smartphone so they can reach me via email. But it doesn't HAVE to be a crackberry. If I buy my own Android phone, on Verizon's network, work will pay for the Verizon service for as long as I work there.
However, if I'm going to buy and Android phone, I want one with a good physical keyboard. (One of the most frustrating things about the Infernal Device is its almost unusably tiny keys. It's all but impossible to type on.) RIGHT NOW, the best physical keyboard on an Android phone is reportedly the HTC Merge.
I've handled one, and it's ... not bad. But I understand the Merge is a niche phone with limited availability, largely due to unpopularity of the decision to tie it to Bing for search and location instead of Google. (Have you ever used Bing? It's #%*(&$^! awful beyond words, even when it's filing the serial numbers off of search results from Google.) Also, by current standards, it's slow and has a small screen.
There's what looks like an even better upcoming candidate, Motorola's new Droid 3. Faster, more capable, bigger battery (up to 1930mAh), larger screen with 40% higher resolution, larger and more complete keyboard, optional inductive charging.
The catch?
The official available-in-stores date for the Droid 3 is reported to be TOMORROW.
The last day to get grandfathered in on Verizon's unlimited data plan is TODAY.
(This is possibly not a coincidence.)
HOWEVER.
The bottom tier in the three-tiered data plan that will replace the unlimited-data plan tomorrow is $30, the same price as the about-to-end unlimited-data plan, for 2GB/month.
2GB of *data* per month. On a phone. That just seems like a hell of a lot more than I'd ever use. BUT, I don't know how much data mapping and navigation (pretty much the only data features I expect I'd ever use on it, unless I write mobile-specific versions of some of my own web apps) actually use.
SO. If you have a smartphone, and you make significant use of mapping and navigation ... about how much data do they typically use? How much data do YOU use per month? Assume I won't be streaming music to it, watching movies on it (movies on a sub-5" screen? That way lies madness), or anything like that. I'll almost certainly never install a single game on it, and the odds are against me finding a "phone app" I give a crap about, beyond the web browser and maybe a notepad (though an SSH client might be useful in rare emergencies).
How likely am I to even approach 2GB of data usage per month? I really have no idea how much data usage mapping (likely to be infrequent) and navigation (likely even more infrequent) use up.
Update:
Various smartphone users I know elsewhere have reported typical monthly data usage, with fairly heavy data use, typically under a third of a gigabyte. One responder reports his fiancée's data usage hovers around 1GB per month, which she achieves by more-or-less continuous use of Pandora streaming radio.
So I'd say the odds of me ever needing 2GB of phone data bandwidth in a month are slim to none ... and Slim just left town. So I see no reason why the end of Verizon's unlimited-data plan should matter one bit to me. (Or one gigabit, so to speak.)
There's an interesting example of confirmation bias in the back of the July Scientific American, which is amusing because it comes just two pages after Michael Shermer's column in which he talks about confirmation bias and why skepticism is important to science. The article asserts that child mortality rates decline as women become better educated, and asserts that this is becauseeducated women "make wiser choices about hygiene, nutrition, immunization and contraception".
Here's the online version of the article. Notice anything about it?
Look carefully. Pay particular attention to Niger, Paraguay, Fiji, Namibia, Tonga, the Marshall Islands, New Zealand, Ukraine, the Phillipines, Burkina Faso, Ethiopia, Chad, Saint Lucia, Equatorial Guinea. Compare to, say, the Maldives, Portugal, Nepal, Montenegro. Once I've pointed these out, I'm sure you should be able to find other similar examples. There's a lot of them.
So what do these examples I've pointed out show?
Well, it's more what they DON'T show. Which is to say, there is no clear correlation between increases in education of women and decreases in child mortality. Some of these have significant increases in length of education with virtually no change in child mortality. Some have almost no change in education and significant decreases in child mortality. Some show little change in either. Some countries with almost no improvement in education show larger decreases in child mortality than other countries in which female education increased much more.
Gambia, for example, started out in 1970 with a higher child mortality rate than nearby Ghana, yet improved its child mortality rate by 2009 twice as much as Ghana did, even though Ghana had around twice the improvement in education. During the same period, Nigeria and the Marshall Islands both improved their education just as much as Ghana did, with no change whatsoever in child mortality. Somalia and Rwanda both had significant improvements in child mortality, while Equatorial Guinea, which improved education twice as much as either, showed no child mortality reduction at all. Chad improved childhood mortality more than Equatorial Guinea did, despite almost no improvement in education and an ongoing civil war, while Burkina Faso showed more child mortality reduction with even less improvement in education. Niger matched Burkina Faso's gains despite no improvement in education at all. Turkmenistan and neighboring Uzbekistan show almost identical improvements in education, but Turkmenistan shows an almost 3:1 drop in child mortality while Uzbekistan's hardly changed. Child mortality plunged in Afghanistan while education of women remained static. Fiji made smaller gains in child mortality than Australia, despite larger gains in education. Samoa and nearby Tonga improved their education by almost the same amount, but Samoa's child mortality rate declined, while Tonga's did not. Both are eclipsed by Vanuatu, which improved education less than either. Portugal improved child mortality twice as much as next-door Spain, on almost identical improvements in education. Guyana vs. Haiti, Chile vs. Uruguay, Saudi Arabia vs. Lebanon. Bosnia-Herzegovina and Montenegro, despite two Balkan wars, left the much wealthier Russian Federation and Ukraine in their dust. War-torn El Salvador passed Mexico by, while Panama scarcely improved.
The authors of this study desperately want to find a causative link between education of women and reduced child mortality. However, their published results do not support their conclusion. There exists a correlation, yes — albeit a weak one — but correlation does not imply causation. In fact, what all of these results have in common is that decrease in child mortality is more strongly correlated to time than it is to improvements in education of women.
Time alone, of course, doesn't do anything, and cannot be responsible. But it makes a nice control. There is another factor at work here, probably several other factors; but the authors do not appear to have looked for them, because they want their explanation to be right. But when your results appear to show that your data is actually more weakly correlated to your proposed cause than it is to time alone, you have a credibility problem.
The BATF's "Fast and Furious" program, now better known as Operation Gunwalker, involved large numbers of gun stores being ordered by BATF to make illegal straw-purchaser sales, in violation of existing gun laws, and in many cases the illegally-purchased weapons were "walked" across the border with ATF assistance. BATF claims this was to see where they ended up. There is wide speculation that the real reason was a scam to try to build a body of false evidence to pretend that the existing laws (which, I point out again, they directly ordered stores not to follow) weren't working, presumably in the hopes of finding some sufficiently stupid Congressman to call for stricter gun laws.
Important PSA for Gentoo users:
If portage updates you to x11-base/xorg-server-1.10.2, YOU MUST MANUALLY RE-EMERGE ALL OF YOUR INSTALLED X11 DRIVERS. Portage will not do it for you automatically because it does not know that the ABI has changed. If you do not do this, X will fail to start.
Here's a one-liner to do the job:
emerge -1 $(eix -I x11-drivers/* | grep x11-drivers | awk '{print $2}')
(For clarification, there's nothing new about major version bumps in X.org changing the ABI. On most previous cases, though, such as when 1.7 and 1.9 came out, the postmerge notes on the ebuild either noted that the ABI had changed and all drivers needed to be rebuilt, or pointed to the postmerge notes on the main X.org site, which told you the same thing. This time, however, this advisory was omitted for some reason. So, if you don't happen to remember that the version you're updating from is NOT a 1.10.x subversion, you can find yourself with an X that won't start.)
C|Net has a pictorial on the Paris Airshow. Cast your eyes upon the caption to the 12th photo in the article, captured below:
That aircraft in the rear is, indeed, an Airbus A380. The grey aircraft next to it is not, however, the Lockheed C-130 that the caption declares it to be.
It is, in fact, an Airbus A400M, a very logical aircraft to be parked next to an Airbus A380.
Well, anyone can make a mistake, right? So what makes this such a failure of identification?
Well, you see, it's the fact that the same writer has correctly identified the same A400M, in front of the same A380, eight photos earlier in this shot. And then correctly identified it again in the next shot. Both of these right after correctly identifying an actual Lockheed C-130 in this shot.
That's ... quite the blunder. Even without the "A400M" in black letters several feet high on the side of the fuselage, visible even in this doubtless-reduced-for-publication photo.
"Oops."