At least 100 is the scientific statement - the correct statement in plain English is "the reading is off the scale". That also conveys the urgency properly. But of course PR prevented that from being publish - which means that now they have to deal with the fact that they have been lying to the public.

> UEFI's just a more modular/uniform sort of BIOS.

I don't know. The BIOS usually seems to work, whereas UEFI usually has so many bugs (in my experience) that it is hard to get to work. So if you find bugs without looking for them, that would indicate that you can find even more if you are looking for them, most likely with security implications.

Some people say that UEFI is too complex - and the evidence seems to support that notion. All a boot loader has to do is to load a binary from disk into RAM and execute it. BIOS got that right - but unfortunately the boot sector of 512 bytes is way too small for modern software. Let the boot loader say how long it is, and load everything into RAM. Any decent kernel can deal with the rest, using hardware discovery etc.

It depends on the law. Some laws apply to events outside of the UK, some do not. Some of the more serious crimes will be prosecuted world wide if a UK national or resident is involved.

And I disagree. The researchers told the company of the product they found vulnerable. This is a security company - they should have measures in place to communicate the flaw up and down. The fact that they did not means they do not take security serious, and they cannot be trusted. There is nothing to fix here - the company has to get out of the security business one way or another.

Should the researchers also listen to any old guy who used a remote locking system on a shed? If I have a VW, can I block the publication because I did not have time to go to the garage yet? Where does it stop? As I see it, VW is just a customer here, and they are at the mercy of the supplier. The supplier can go to court, but VW should stay out of it.

Legit up to a point. It is nasty software at best, and probably full of security holes - well hidden if you are lucky, gaping open if not. You can do that if you administer your own PC, but on a shared one or with an administrator they should be a no go.

And do they really need XP? After all, XP is expiring in under 9 months, so the clock is seriously ticking. Spending any time on the administration of an XP network is lost love.

If you want to "work" with 512 MB of RAM, you have to move to Linux, and a very light version of Linux, too.

On the other hand you could get rid of that junk and get a bunch of second hand PCs with Core 2 Duo CPUs and 2 GB of RAM for next to no money. They will happily run Windows 7 or Windows 8 with light applications. With 4 GB of RAM they will fly.

If the kindle fits in my pocket, why shouldn't this?

Maybe it works both as a tablet and a phone. I can certainly see a market for this.

Unfortunately, that is exactly where the problem starts, but not ends.

The backdoor is available without customer interaction! HP is lying in its statement - it is not technically wrong, but intentionally misleading. So they know they are lying, too. And it seems they are also refusing to fix it.

I don't think it is, or at least it is a slippery slope. First checks, then prepaid cards, then amazon coupons, and finally food stamps, Hallmarks gift cards or canteen credit. Where does it end?

My first job actually paid 1.50 per month for holding a bank account. I think my bank account was free, but it was a nice gesture. You also had the option to queue and get paid in cash...

True, but they are all much better than IE6. And any sane OS supports at least IE9, which is not bad.

And it isn't. Because quality coffee is grown in Africa, especially the Kenyan highlands. Whatever they do in middle America has little impact on quality coffee.

Yes, except that it takes a PhD to create styles in LaTeX, whereas it is dead easy in MS Word (although of course people still fail, but that is a different issue). LaTeX is great for certain things, but for writing a quite note it is not suitable.

Absolutely, this is the key to understanding management. But it seems that the manager is not very good at his job either.

An IT manager does not have to be an IT technology whizz kid, but he does have to be a decent manager. Managing sometimes means listening to the right people. If the IT manager is a bad manager, that has to be documented, and a plan for finding a better manager has to be pursued. But surely as a consultant the OP should know that?

> At the least, a civil suit for any damage caused.

Good point. I assume there is a contract, and the contract specifies damages caused by incompetence? In that case it would not be the OP's problem again. The question is whether it is worth suing a supplier - usually that does not exactly help the business relationship. But it may be leverage to come to some kind of resolution.