CAC? no.
IBM crypto PCI card? no.
an HSM? certainly not. (no temp/vibration/motion/intrusion/EM field sensors in a TPM)

A smart card? Well... the same technology used in smart cards are also used in chip and pin credit and debit cards. If you are going build millions of chips and put them on little plastic cards that people will loose, bend, stuff in their wallets/purses/back-pockets, etc, they had better be pretty darn cheap. My guess is TPM chips and smart card chips have a lot in common, and smart card chips have a surprising amount of anti-tamper technology baked in. What is a few pennies for another chip on a motherboard that retails for $60-100? Unlike CPU's, TPM chips are really tiny with fewer layers, so they are much cheaper to produce. Many of the anti-tamper features involve detecting voltages being out of spec, detecting out of sequence commands through use of a few simple check flags, adding obfuscation circuit pathways, and the inclusion of volatile memory with an on-chip capacitor to create the functional equivalent of non-volatile memory that becomes fragile when you start messing with the chip. These aren't expensive features to implement.

My understanding is that gen 1 TPM chips were pretty weak in terms of anti-tamper tech. I can only hope they they've gotten better by now. I have no idea what sort of features where in the chip that Tarnovsky hacked.

This won't work.

The purpose of the TPM chip is store a secret key and encrypt/decrypt the data sent to it. In order for your "clip on" chip to work, it would need to know the key inside the TPM. The key inside EACH TPM is different, and the only (known) way to get at that key is the hardware hack that the article describes. If you don't have the key, you can't decrypt data that was already encrypted by the TPM, but you could in theory encrypt new data with a key that you know (because it is in your clip-on chip) and you can then also decrypt this newly encrypted data. However, you can't use it to decrypt data that you stole, because you don't have the key inside the TPM.

This is a different problem than the XBOX hack. There, MS was distributing the same data to everyone, and all XBOX's had to have the ability to decode it. Once the key was found to do this, all XBOX's could be moded. In this case, the key in each and every device is different. Knowing the key from one device and building a chip to bypass the TPM will only help you on that ONE machine, and any data encrypted on it. You can't replicate this to every machine, and the method for getting the key out of the TPM requires some serious hardware hacking, so you can't just drop a chip into the machine and bypass it.

The CPU that does the encryption/decryption is on the same die as the TPM, so the key never leaves the chip. That's why you have to hack the chip itself. If I remember correctly, this wasn't the case with the XBOX. The key was transmitted in the clear across the system bus, so it was a relatively simple matter to connect to the bus and read off the key.

Cracking a TPM is MUCH MUCH harder.

Actually, most likely the keys stored inside the chip's non-volatile memory are probably encrypted, just to prevent that sort of attack.

I worked with similar technology in a previous job. When Tarnovsky said "This chip is mean, man - it's like a ticking time bomb if you don't do something right,"

My guess is he wasn’t kidding. These sorts of chips have all sorts of counter measures to make this sort of attack difficult. The algorithms built into the circuits on the chip are designed to make eavesdropping hard. You can send different commands to the chip, and ask it to decode different amounts of data, but it will intentionally insert randomness into the time and number of operations to do the work to prevent you from gleaning information about what is going on inside the chip. I’m sure there are circuits that do nothing other than generate spurious electrical impulses so that trying to sense what the chip is doing remotely won’t work. The only way to even attempt an attack like this is to do what Tarnovsky did, and strip off the packaging. Assuming you didn’t just destroy it, even then you aren’t home free. I’m sure there are other safe guards built into the chips. Oh, did the voltage drop just now across that one circuit? That’s probably an attack – the chip just deleted the keys you were trying to recover and is now useless. Did that operation take too long because someone hooked up their own custom circuit in an attempt to decode what was going on? Yeah, that’s out too bye bye secret keys Interrupt the power to the key storage area for a nanosecond while you try to connect your probe? I’m sorry, you’re done. Did you just read out the data out of the protected storage out of sequence? Well, not only is that data encrypted (and therefore useless), the chip detected it, and intentionally burned out a small inaccessible fuse buried inside the chip and bricked itself. You’re done. Did you just inject an internal command with your probe that wasn't expected? Yep, you just blew another fuse. Go home.

You have to connect your probes in exactly the right place, in exactly the right way, and not disturb the electrical properties of the circuit you tapped into to prevent the chip from knowing that you are there and triggering a counter-measure.

I don’t know which counter measures the TPM modules from Infineon implement, but if they are current with the sort of technology out there, this hack was really really super damn hard.

Sure, with enough time, money, skill, patience, and physical access to the machine, anything can eventually be broken. The idea of the TPM was to make it expensive enough to hack that the average thief won’t bother. If you are relying on a TPM only to protect secrets on a mobile device (which can be stolen and then hacked by a well funded company or government) you either deserve what you got, or you’ve made way too many well funded and motivated enemies.

I'll second the Imperial War Museum, the Science Museum, Tate Modern, etc. Someone else also mentioned the Design Museum -- that's pretty cool, too.

On the laptop question: If you have a netbook, or something under about 3 pounds (~1.5kg) I'd consider taking it. Otherwise, leave it behind. I've traveled quite a bit in Europe, and I often bring along my 2.2 pound (1kg) Toshiba Portege 2000 (ancient ultralight notebook, more or less equivalent to a netbook, but a little slower.) What I've found is that on short trips (2-3 days) I hardly use it and wish I'd left it behind. On longer trips, especially when traveling around with no pre-set plan, I find it useful for getting directions, booking tickets to events, hotels, flights, checking the opening and closing times of certain attractions, and the occasional e-mail, but I still use it less than I thought I would. Anything heavier/larger is just a drag. The key to having fun is to travel light. Of all the times I've stayed in London, I've never been on the first floor of the hotel, and only about 25% of the hotels I've stayed in had elevators. If you simply fly to London and stay in the same hotel for two weeks, that's not a big issue, but if you travel around a bit (and if you are there that long you SHOULD) the extra weight and bulk of a laptop is really annoying. Bring a carry-on sized bag and *maybe* a small shoulder bag and that's it. Anything more and you stop having fun because you are dragging around your closet with you. Do a load of laundry after your first week rather than bringing two weeks worth of clothes. There are internet cafe's all over London (and most of Europe for that matter.) Easy Internet has several large internet cafe's in central London -- just look for a bright orange sign. (There are loads of other places to go, too.) Bring a digital camera and a bunch of memory cards (they are cheap) and take lots of pictures.

With two weeks, I would strongly consider seeing more of the country (or even other countries.) Easy Jet and Ryan Air have cheap flights all over the place (warning though: these airlines often fly to regional airports rather than major airports, so you have to take public transit to actually get where you want to go even after getting off the flight. Sometimes, it just isn't worth the hassle, and you are better off taking a "regular" airline -- research before you book! They also charge fees for EVERYTHING, so pack light, and bring your own snacks.) Still, it can be a cheap way to dash up to Edinburgh for a few days or see Paris for a weekend. It will make your trip so much more memorable. Get on a train and go somewhere -- many other posts here have great ideas (Bath, Bletchly Park, etc.)

Also, WALK places. You see and experience so much more. Go into Soho and just wander around. See a show, stop off in a pub for lunch, find a little hole-in-the-wall curry place filled with locals (you'll recognize them because they will not be wearing t-shirts, jeans, or sneakers.) It is nearly impossible to get lost in London, because if you get turned around, just ask a passer by where the nearest tube stop is, check the map in the station to see where you are, and take the subway to someplace else you want to be. (As many have said already, get an Oyster card.)

Don't stay at big chain hotels, don't eat at places you've been to in the U.S. (McDonald's, TGI Friday's, etc.) Ask locals for recommendations of where to eat. Don't ask them for what to see -- like locals everywhere, they rarely see the sites that are next door. Get a good tour book for that. Generally spending more (on food, hotels, transportation) simply isolates you more from the people in the country you are in, and robs you of the experience of being somewhere with a different culture. Take public transit, walk, and go to a local pub and talk to people. You'll have a lot more fun!

Well, here's one: Ramen. Got that about 8 years ago when I was pretty inexperienced with Linux. I placed an unpatched RedHat system on the internet with no firewall, and picked up a worm and rootkit for my trouble.

There's actually a number of malware programs, worms, etc out there for linux:
Linux Malware

There are bound to be people out there that have been bitten by these guys. Oh, and while my family members have gotten viruses on their windows machines, I never have. I don't even run anti-virus. I'm just a lot more careful now....