Bah.

The Fit owner from above gets:
37 in town
47 highway
$16,000 purchase price

As noted below, it will take the Prius owner with
52 in town
51 highway
$22,000 purchase price

320,000 miles to break even with the Fit owner (at $3/gal, 50/50 mix of town/highway driving)

I drive a '93 Mazda Miata:
31 in town
33 highway
$3,000 purchase price (used)

At $3/gal, and 50/50 mix of in town vs. highway, it will take the following number of miles to break even with me:
Prius: 535,000 miles
Fit: 893,000 miles

So, boys and girls, go out and buy an early 90's economy car (civic, corolla, sentra, protege, miata, escort, etc.) and drive it until the wheels fall off. You'll save lots of money.

That said, I plan on buying a Fit once they are old enough to be around $4k or $5k -- fun little car, and they have no trouble fitting four 6-footers (I know, I'm 6-feet and have both driven and been a back seat passenger with other 6-footers in a Fit. Great little car, and fun to drive, too.)

Wow. I'm amazing they finally brought this idea to market. HP has been kicking around this idea since the mid 90's. There used to be this big push inside the company called "grow usage." The idea was to find ways to get customers to print more so they would use more ink and hence have to buy more ink cartridges. Automatically printing the newspaper every morning was one idea to get people to print more. The revenue projections were used to justify massive investments in R&D and production line tooling. (I was working in R&D with cartridge development at the time.) At one point they projected people would be printing so much (including those morning newspapers, complete with ink-heavy full-color photos) that HP was going to have to order over 100 cartridge manufacturing lines and use the entire world's supply of silicon wafers to keep up with demand. When someone finally called bullshit on the numbers, they reduced the order to only 4 lines. I think they only built 2. Actual orders were only 4% of the new, lowered forecast. (This was the 2000 series ink jet printers, by the way -- the first ones HP made with the replaceable ink-tanks. The technology was supposed to go into home printers, but didn't make it for almost a decade, because the business ink jets were so unprofitable.)

Anyway, the last time HP tried this, it was an unmitigated disaster -- the biggest setback in the inkjet business in HP history. If they are trying it again, it must mean VG and Nigro are getting desperate for ways to grow revenue. Hurd must be pushing them really hard. Growth in the inkjet business has been slowing into stagnation for several years now. At least it was like that when I left, which was a couple of years ago. I can't image things have improved. Has anyone here printed MORE in the last year than the year before? I haven't.

15 years ago, printing out a customized newspaper *might* have made sense to a few people. These days? Who wants that? Most people don't even print out their digital photos anymore. The home printer market is in decline. There might be opportunities in the commercial printing market, but the amount of printing taking place at home is falling, and will continue to fall. HP isn't going to increase it by getting people to print ads with their daily printed newspaper.

Latitude E6500 (bigger and heavier than the E6400) with extra capacity 9-cell back-breaking battery: 7+ hours! (That's with a 15" screen and a decent processor.)

Toshiba Portege 2000:
Standard Battery #1 20 minutes
Standard Battery #2 5 minutes
Standard Battery #3 30 seconds (as soon as you remove A/C power you get a critical battery alarm and it starts to shut down.)

Extended clip-on battery #1 3.5 hours
Extended clip-on battery #2 3.5 hours

So yeah, you want to walk away from an outlet? Bring the extended batteries.

Why all that hassle? I'm sure any spam message sent to a printer will have the evil bit set (see: RFC3514), so you can just tell the printer to ignore those messages... Simple!

Okay, I guess I was wrong:

[from the horse's mouth]

Right, that's just what I thought. It is even legal for Apple to refuse payment in cash? I can understand businesses not taking checks, credit cards, debit cards, etc. however not taking CASH? That smacks of a federal crime or something....

Wow, you just described the machine I built for myself in 1998. (Including the crappy 4MB S3 Virge.) It was great gaming box with the 3dfx card in there (for the day) until the card started to overheat and I'd get flickering polygons in my FPS shooters about 10 minutes before the game would finally crash. It was enough warning to take the case off so the card wouldn't overheat (only happened in the summer.)

That machine is long since dead, thank God, but I still regularly use a pair of Toshiba Portege 2000 laptops that are coming up on 9 years old now. They both have mobile pentium III 750Mhz's cpu's, and 512MB of ram (the max they'll take.) At under 3 pounds and able to run XP, I've effectively had a netbook for years before they became a fad. I just wish there was enough horsepower to watch TV/Movies on hulu and netflix...

So it seems the missile that is supposed to be loaded into these containers is this one:
Klub

This is a modular missile that, according to wikipedia, has 5 different warhead/guidance packages. The anit-ship version uses inertial guidance plus active radar homing. That means you need:
#1 -- know where the ship is
#2 -- get the missile to the target -- solved by inertial guidance
#3 -- get the missile to hit the target accurately -- solved by active radar homing, but with jamming and decoy countermeasures
#4 -- avoid getting shot down -- solved by sea-skimming (at least in this case, the Klub looks to be a sub-sonic sea-skimmer), but there are the counter measures of trying to confuse or decoy the missile #3, or trying to shoot it down with defensive missiles/guns, #4

Against a well defended target (e.g. a carrier battle group), the Klub would probably only be effective in very large numbers (to saturate the defenses, effectively a counter to #4.)

However, that's a traditional war scenario. In such a scenario, the likelyhood that a container ship is going to be allowed within range of a CBG is not likely. Therefore, this system would be better used to attack either smaller task groups or other merchant ships (where it would probably be very effective.) Imagine one of these choking off the persian gulf. Merchant ships/tankers are at risk of attack because other merchant ships now have the ability to shoot missiles. If you forbid any ship capable of parking a container on deck from entry into the persian gulf, you get pretty much the same result: closing the persian gulf. The same can happen at any other shipping choke point. It can also be used in more open waters where you don't have enough escorts to protect your merchant fleet. (Germany nearly strangled England in WWII with their U-Boats, and the US seriously degraded Japan's ability to continue the war in WWII by sinking lots of their merchant ships.)

There is another scenario that is also interesting. There is also a land-attack version of the Klub. Wikipedia says it uses strictly inertial guidance, but GPS type satellite guidance seems like a natural follow on. Most navel ships spend most of their time in port.

#1 -- you know where they are, as they are sitting right there in port. They aren't even moving.
#2 -- inertial guidance and/or GPS will work great here.
#3 -- since the ship isn't even moving and you know exactly where it is, GPS might be enough, no active-radar terminal homing needed. Jamming/decoys are now ineffective.
#4 -- the ships probably aren't even manned, and even if they are, they probably aren't expecting to spool up their defensive systems with only seconds of warning to try and defeat an incoming missile.

So, you stroll up in your innocuous looking container ship and blow up 1/2 of the enemy's fleet while sitting in port with no warning. Great first strike weapon (think Pearl Habor), but probably still effective after the outbreak of war, because most large navel bases are fairly near commercial ports, and unless you suspend merchant shipping during your war, or stop every container ship well out of range and search every container, these things are going to pose a serious problem.

CAC? no.
IBM crypto PCI card? no.
an HSM? certainly not. (no temp/vibration/motion/intrusion/EM field sensors in a TPM)

A smart card? Well... the same technology used in smart cards are also used in chip and pin credit and debit cards. If you are going build millions of chips and put them on little plastic cards that people will loose, bend, stuff in their wallets/purses/back-pockets, etc, they had better be pretty darn cheap. My guess is TPM chips and smart card chips have a lot in common, and smart card chips have a surprising amount of anti-tamper technology baked in. What is a few pennies for another chip on a motherboard that retails for $60-100? Unlike CPU's, TPM chips are really tiny with fewer layers, so they are much cheaper to produce. Many of the anti-tamper features involve detecting voltages being out of spec, detecting out of sequence commands through use of a few simple check flags, adding obfuscation circuit pathways, and the inclusion of volatile memory with an on-chip capacitor to create the functional equivalent of non-volatile memory that becomes fragile when you start messing with the chip. These aren't expensive features to implement.

My understanding is that gen 1 TPM chips were pretty weak in terms of anti-tamper tech. I can only hope they they've gotten better by now. I have no idea what sort of features where in the chip that Tarnovsky hacked.

This won't work.

The purpose of the TPM chip is store a secret key and encrypt/decrypt the data sent to it. In order for your "clip on" chip to work, it would need to know the key inside the TPM. The key inside EACH TPM is different, and the only (known) way to get at that key is the hardware hack that the article describes. If you don't have the key, you can't decrypt data that was already encrypted by the TPM, but you could in theory encrypt new data with a key that you know (because it is in your clip-on chip) and you can then also decrypt this newly encrypted data. However, you can't use it to decrypt data that you stole, because you don't have the key inside the TPM.

This is a different problem than the XBOX hack. There, MS was distributing the same data to everyone, and all XBOX's had to have the ability to decode it. Once the key was found to do this, all XBOX's could be moded. In this case, the key in each and every device is different. Knowing the key from one device and building a chip to bypass the TPM will only help you on that ONE machine, and any data encrypted on it. You can't replicate this to every machine, and the method for getting the key out of the TPM requires some serious hardware hacking, so you can't just drop a chip into the machine and bypass it.

The CPU that does the encryption/decryption is on the same die as the TPM, so the key never leaves the chip. That's why you have to hack the chip itself. If I remember correctly, this wasn't the case with the XBOX. The key was transmitted in the clear across the system bus, so it was a relatively simple matter to connect to the bus and read off the key.

Cracking a TPM is MUCH MUCH harder.

Actually, most likely the keys stored inside the chip's non-volatile memory are probably encrypted, just to prevent that sort of attack.

I worked with similar technology in a previous job. When Tarnovsky said "This chip is mean, man - it's like a ticking time bomb if you don't do something right,"

My guess is he wasn’t kidding. These sorts of chips have all sorts of counter measures to make this sort of attack difficult. The algorithms built into the circuits on the chip are designed to make eavesdropping hard. You can send different commands to the chip, and ask it to decode different amounts of data, but it will intentionally insert randomness into the time and number of operations to do the work to prevent you from gleaning information about what is going on inside the chip. I’m sure there are circuits that do nothing other than generate spurious electrical impulses so that trying to sense what the chip is doing remotely won’t work. The only way to even attempt an attack like this is to do what Tarnovsky did, and strip off the packaging. Assuming you didn’t just destroy it, even then you aren’t home free. I’m sure there are other safe guards built into the chips. Oh, did the voltage drop just now across that one circuit? That’s probably an attack – the chip just deleted the keys you were trying to recover and is now useless. Did that operation take too long because someone hooked up their own custom circuit in an attempt to decode what was going on? Yeah, that’s out too bye bye secret keys Interrupt the power to the key storage area for a nanosecond while you try to connect your probe? I’m sorry, you’re done. Did you just read out the data out of the protected storage out of sequence? Well, not only is that data encrypted (and therefore useless), the chip detected it, and intentionally burned out a small inaccessible fuse buried inside the chip and bricked itself. You’re done. Did you just inject an internal command with your probe that wasn't expected? Yep, you just blew another fuse. Go home.

You have to connect your probes in exactly the right place, in exactly the right way, and not disturb the electrical properties of the circuit you tapped into to prevent the chip from knowing that you are there and triggering a counter-measure.

I don’t know which counter measures the TPM modules from Infineon implement, but if they are current with the sort of technology out there, this hack was really really super damn hard.

Sure, with enough time, money, skill, patience, and physical access to the machine, anything can eventually be broken. The idea of the TPM was to make it expensive enough to hack that the average thief won’t bother. If you are relying on a TPM only to protect secrets on a mobile device (which can be stolen and then hacked by a well funded company or government) you either deserve what you got, or you’ve made way too many well funded and motivated enemies.

I'll second the Imperial War Museum, the Science Museum, Tate Modern, etc. Someone else also mentioned the Design Museum -- that's pretty cool, too.

On the laptop question: If you have a netbook, or something under about 3 pounds (~1.5kg) I'd consider taking it. Otherwise, leave it behind. I've traveled quite a bit in Europe, and I often bring along my 2.2 pound (1kg) Toshiba Portege 2000 (ancient ultralight notebook, more or less equivalent to a netbook, but a little slower.) What I've found is that on short trips (2-3 days) I hardly use it and wish I'd left it behind. On longer trips, especially when traveling around with no pre-set plan, I find it useful for getting directions, booking tickets to events, hotels, flights, checking the opening and closing times of certain attractions, and the occasional e-mail, but I still use it less than I thought I would. Anything heavier/larger is just a drag. The key to having fun is to travel light. Of all the times I've stayed in London, I've never been on the first floor of the hotel, and only about 25% of the hotels I've stayed in had elevators. If you simply fly to London and stay in the same hotel for two weeks, that's not a big issue, but if you travel around a bit (and if you are there that long you SHOULD) the extra weight and bulk of a laptop is really annoying. Bring a carry-on sized bag and *maybe* a small shoulder bag and that's it. Anything more and you stop having fun because you are dragging around your closet with you. Do a load of laundry after your first week rather than bringing two weeks worth of clothes. There are internet cafe's all over London (and most of Europe for that matter.) Easy Internet has several large internet cafe's in central London -- just look for a bright orange sign. (There are loads of other places to go, too.) Bring a digital camera and a bunch of memory cards (they are cheap) and take lots of pictures.

With two weeks, I would strongly consider seeing more of the country (or even other countries.) Easy Jet and Ryan Air have cheap flights all over the place (warning though: these airlines often fly to regional airports rather than major airports, so you have to take public transit to actually get where you want to go even after getting off the flight. Sometimes, it just isn't worth the hassle, and you are better off taking a "regular" airline -- research before you book! They also charge fees for EVERYTHING, so pack light, and bring your own snacks.) Still, it can be a cheap way to dash up to Edinburgh for a few days or see Paris for a weekend. It will make your trip so much more memorable. Get on a train and go somewhere -- many other posts here have great ideas (Bath, Bletchly Park, etc.)

Also, WALK places. You see and experience so much more. Go into Soho and just wander around. See a show, stop off in a pub for lunch, find a little hole-in-the-wall curry place filled with locals (you'll recognize them because they will not be wearing t-shirts, jeans, or sneakers.) It is nearly impossible to get lost in London, because if you get turned around, just ask a passer by where the nearest tube stop is, check the map in the station to see where you are, and take the subway to someplace else you want to be. (As many have said already, get an Oyster card.)

Don't stay at big chain hotels, don't eat at places you've been to in the U.S. (McDonald's, TGI Friday's, etc.) Ask locals for recommendations of where to eat. Don't ask them for what to see -- like locals everywhere, they rarely see the sites that are next door. Get a good tour book for that. Generally spending more (on food, hotels, transportation) simply isolates you more from the people in the country you are in, and robs you of the experience of being somewhere with a different culture. Take public transit, walk, and go to a local pub and talk to people. You'll have a lot more fun!

Well, here's one: Ramen. Got that about 8 years ago when I was pretty inexperienced with Linux. I placed an unpatched RedHat system on the internet with no firewall, and picked up a worm and rootkit for my trouble.

There's actually a number of malware programs, worms, etc out there for linux:
Linux Malware

There are bound to be people out there that have been bitten by these guys. Oh, and while my family members have gotten viruses on their windows machines, I never have. I don't even run anti-virus. I'm just a lot more careful now....