Most likely there are no such tools as no-one thought it could be a vector of infection. Just like the BIOS; which used to be a non-reprogrammable ROM chip. I for one didn't know current hard drives even had firmware that can be replaced by the user, let alone that it may be a potential attack vector for malware.

Depending on how hard it is to read the installed firmware from a hard drive (is this even possible in the first place?) it shouldn't be too hard to write a tool that can read the firmware, and calculate a checksum for verification. The hard part is going to be, how do you know that your software gets the actually installed firmware - or just a known good but inactive piece of code provided by a compromised firmware, pretending that this is the software that's installed? The moment a firmware is installed, you probably need to call onto that very firmware to get a copy of it from the drive. Unless this read-firmware routine is provided by a special, hard coded circuit.

Exactly. What people also forget is that it's not just about the whiteboard, it's at least as much about the beers afterwards. Getting to know your colleagues in person helps a lot in getting cooperation going (it helps you interpret the writing in their e-mails properly, for example).

There is no real substitute for in-person meetings. And considering the problem at hand has already the budget of flying people around to get it solved, you'd better make use of it.

Start with a partner or friends. If it's about UI issues or related things, they don't need to be programmers or versed deep into the problem at hand. People that know nothing about it actually can at times give you the best ideas, exactly because they know nothing about it and haven't yet restricted their minds by thinking about it. The programmatic implementation itself of course you have to do yourself, but that's generally the straightforward part (after you properly defined the problem, and the solution you want to work towards).

Part of the problem this is not that big news may be that it's about the US, where power outages and the like are the order of the day. Just ask around on /.: how many of you Americans routinely install a UPS in your home? How many have a generator on hand? Now compare this to the non-Americans that live in what we commonly call the "developed world".

Even emergency services were affected. Something that many Americans find so important that it's always used as a major argument against banning/jamming mobile phones in movie theatres and so, or as key reason primary school kids must carry a phone on them at all times. Even this major service was disrupted. So no matter what, something was terribly wrong here, and some company did not get their redundancies and automatic rerouting right.

Good chance the thieves found out the pipe didn't contain any copper the moment they cut it through. This is supported by the observation that, according to TFS, the pipe was just cut at one place, and nothing had been removed.

So all those important communication lines went trough a single pipe, with no backup, and that pipe was fully exposed to boot? That's just asking for trouble.

Lots and lots of minor fixes and changes add up to serious architectural rework. Ground-breaking new features are added when ready - one by one - every few months it seems I read about another major change to the kernel - so after a while you have several such major features added, it's unreasonable to add a major number every time.

So while I agree with your general ideas, it's certainly not that easy in the "release early, release fast" world of open source software, as with the fairly rapid addition of many bigger and smaller features to the kernel, and the fairly frequent release of new versions. Alternatively you may just have stick to major versions, like recently Firefox (currently my Firefox is at version 35) and Chrome (no idea what number they're at now) are doing, and as a result indeed the numbers are big enough that you can't really distinguish them. Which is bound to happen sooner or later to any piece of software that's under active development for a prolonged time.

Not sure about this, but the SCMP (local HK news paper) reported about people sending cheques to this company. That's real money, not BTC, that they gave that company. Details are thin, but it seems that this company asked for payment for to-be-mined BTC. At least they were running a BTC mining operation as well.

Maybe they bought a flat in 2003 (end of the SARS period), and sold it recently. They'd have easily tripled their money in that period of time (the housing market has gone up by that much, and it still going up fast - Hong Kong property prices are currently between ridiculous and simply out of this world). If they bought a $2M flat in 2008, they could sell it for like $6M now. That'd be $4M cash profit in hand, plus whatever they have left after paying off the original mortgage. Or take out a new mortgage based on the current value, mortgage interests are around 3% with banks all too happy to sell you mortgages.

Why would they have the right to "preferential treatment" compared to, say, the parents of the children killed at Sandy Hook?

That perpetrator was not considered "terrorist". Yet his victims were children (who did nothing to him), while this Jordanian pilot was a fighter himself, who knowingly and willingly put himself in harms way.

With click-through rates in the ppm range nowadays, that's probably not worth the effort.

Lots of advertising on the Internet is probably going back to basics: designed as non-interactive, like in newspapers or magazines, just making sure people see a brand name again and again and that way when they are in a shop making a decision to buy a phone, they go for the brand that they know so well from the advertising.

Define "commercial".

I have a web site that I pay for and maintain myself. It's a purely commercial web site, yet it's free and there are no ads: this as it's the front of my company. It's advertising my tour business, and is visited by people that are interested in my tours, and allows them to book tickets to tours. I also add general information on hiking in Hong Kong, which people may use to set out by themselves. It's set up for purely commercial reasons, and I think such commercial sites are by and large a great addition to the Internet. I'm using such sites myself: to find information on products, to order stuff from. The Internet would lose a lot of its value if such commercial sites would all disappear and we would have to resort to calling companies, visiting their shops (which may be the other side of the world) to get a catalogue, etc.

For my business it is a great help to have this site, I sell a lot through it. It makes the whole ticket sales easier as well (very little manual interaction from my side needed). I wouldn't want to do without - people can't find me nor can they easily get the information about my tours that they need to make a decision on whether to join, ticket sales would become cumbersome; basically I'd have to close this part of my business.

What would be great if lots of this "targeted advertising" and collection of personal information goes. So I'm still running AdBlock Plus and Flashblock, and recently installed Self Destruct Cookies - an add-on that destroys cookies moments after you leave the site. Sure you have to re-login all the time, which LastPass makes dead easy, it does take care of most of the tracking across sites by outfits like Google and Facebook. This is just one aspect of the commercialisation of the Internet, something that my commercial use of the network can perfectly do without. I'm even collecting only the most basic information of my clients: name (I don't care if it's their real name - they just have to give me that name when they show up at the start), telephone and e-mail. All I need to be able to contact them, and for them to claim their place on the tour.

I'd call that an advantage.

At the moment, the governments of various countries (the UK and the US most notably, but there are more) can take away many civil liberties and civil rights from people just by labelling them "terror suspect". No actual evidence is needed, just a suspicion. This can block you from flying, for example. They can throw you in jail, possibly for years without charge (see Guantanamo Bay for example). Can't do that with even rape or murder suspects: you can't keep them in jail indefinitely without charge and without trial. You're possibly better off suspected being the director of a snuff movie which shows how to prepare and cook a human child, than you are after talking to your long lost uncle who happened to have made a small donation to a Muslim organisation which is affiliated to a mosque which is attended by a suspected Al Quaeda sympathiser.

Terrorists should be dealt with the same way other criminals are dealt with. They're criminals, plain and simple. They may do it for political, ideological or even religious reasons - they're still criminals: murderers, extortionists, computer hackers, whatever. That are the more appropriate labels.

Encrypted e-mail is to this day not straightforward, if possible at all. I just checked my e-mail client, Claws Mail. It doesn't have an option to encrypt e-mail. Maybe in an extension; it's not in the client itself. Using encryption securely is hard, really hard. So many ways it can go wrong, so easy to make a mistake and compromise your key making the whole thing moot.

Furthermore, I don't know of any current standard for e-mail encryption that is widely supported. No idea on how to create a key - let alone how to securely and easily exchange keys with random recipients (like a client who calls me asking me to send them some information by e-mail).

Now imagine e-mail encryption is commonplace. The obvious way to send an encrypted mail to someone would be to pull their public key from some kind of repository (which as yet doesn't exist but let's just imagine it does and that every e-mail address that's in use has a key pair) - the one that belongs to their e-mail address - the e-mail address you're going to send the information to - and which may be someone else's entirely as I wrote it down incorrectly. So while anyone in transit can not read it, the recipient of the e-mail will have the private key (after all, it's the public key that belongs to that e-mail address). So this doesn't solve the problem at hand!

I won't say e-mail encryption is useless, it does help snooping on the way, but it is also definitely not the one all end all.

The problem is that it's often really hard to distinguish between the two for those who are not deeply involved in the field.