Sites like Salon and The Guardian broke the Snowden story, and they keep running with it. There is a very long list of left-leaning sites that keep the issue highly visible, including HuffPo, DKos, Raw Story, TruthOut, DemocracyNow! and I dare even list Ars Technica in that group. Yes, there are Obama-worshippers who try to paint anti-NSA info and sentiment as fifth-column betrayal, but overall if you sample the comments in places like DKos and DU, you'll see some skirmishes over the issue of party loyalty (and accusations of racism) with the anti-NSA crowd handily coming out on top.

As for the lack of protest, lets just say the story was still developing in the fall and its been one heck of a winter.

Slashdot seems to be asleep when it comes to new security products, especially when its a Phil Zimmerman venture and the phone only costs about what an iPhone does.

I have toyed with the idea of installing CoreBoot on my Thinkpad as a way to enhance security. The Noveena doesn't appear to have a BIOS, however, and there is little mention about firmware in their pitch... I'm more concerned about this than who designed the motherboard traces.

I'm not much of a hacker, but I do love the overall concept here. Hopefully they will divulge more details as the time progresses.

Also, your mSATA slot is SATA-2 @3Gbps, not SATA-1. I don't think you could notice any difference in IOPS between 3Gbps and 6Gbps SATA links.

OTOH, the drive's IOPS are arguably much more important to how much better a system can perform; SATA-1 doesn't look so limited in this respect. Sequential throughput makes a noticeable difference for more specific applications.

Here's a thought experiment:

Imagine you're a 7th grader who has become intrigued by computers. If that kid tries programming on "Linux" and creates her first couple of apps using whatever tools and libraries she can grasp at the start-- then what will happen??

1. She becomes a web developer. OK, fine... but don't expect desktop apps from her. In fact, don't even expect "Linux" to enter her mind when she thinks of users.

2. She gains a yen for all the *nix plumbing and becomes a system-level tinkerer, writing some KDE or Gnome apps as a way to fill some acute voids in a way that fits into her elite usage patterns. Again, don't expect *good* apps from her. She is interested mainly in cool new ways to arrange the plumbing and impressing only her hacker friends.

3. She STOPS coding when those first tentative steps toward her big ideas ended up having zero chance of running on her uncle's or her classmate's "Linux" systems; copying her code to those other systems resulted in a flop. What's more, she wasn't able to describe to those people ways of troubleshooting the problems that prevented the apps from running, getting puzzling descriptions back from them that she didn't recognize.

3. a) She discovers Windows and Mac systems have the consistency she needs to show-off to her non-technical friends and family, and since those are the people she's trying to impress early on (instead of impressing hackers) her personal development as a coder gains a healthy appreciation for the non-techies' point of view and she becomes a good app developer.

TL;DR; The Linux distro eco system cannot "grow" good app developers. It just cannot. Its too chaotic for the right kind of nurturing of talent to take place.

I think Shuttleworth has been inching away from the distro culture and this is part of the reason why Canonical is frequently criticized; they have needs for future releases of Ubuntu that the non-forked 'plumbing' projects aren't meeting. And then there is ElementaryOS, which seems to have a fully realized platform philosophy that doesn't include "Linux compatibility" (whatever that means) in its future; They plan to diverge increasingly in the future for the sake of internal consistency and usability. I wish them both great luck, and advise Canonical to commit to diverging the way ElementaryOS has, because the pack they're associated with now are just pretenders.

The apps don't materialize because serious app developers (instead of the system tinkerers in FOSS who like to imagine themselves as good apps developers) with passion and committment to their ideas try out "Linux" and experience the following:

1. Scant control of hardware features (even getting the screen to turn off can be a challenge) and the controls that exist suck, because the proper level of vertical integration isn't there.

2. Myriad desktop environments and administration applets that make the thought of guiding users through tech support a nightmare. This is the most obvious reason why "Linux" is not a desktop platform, because most non-techie users of said distros wouldn't even be able to recognize most other distros (or the same distro with a different DE).

3. Myriad combinations of support libraries; even the common ones are bundled together with versions of each other that create a unique and unsupportable platform 'landscape' for each distro.

4. Distro culture itself: 'Thou art a creepy skank if you sell apps and/or offer direct downloads of a product.' Invoking Yum and Apt are almost like genuflecting before entering a pew. Only its a cult, not a religion, because strong dynamic relationships with people outside the repository are frowned upon.

1. The attackers can't be omnipresent at all times

2. Doing a MITM against all randomly-located HTTPS links is probably impossible to do without being discovered.

3. Some orgs like Torproject have an .onion address. Then you don't have to worry about MITM as long as your original copy of Tor was OK. If you're worried about Tor or other program being tampered with, try using one or more Linux Live CDs: Boot, update then install Tor or other secure proxy, then download keys and certs... leverage the built-in keys of the Linux distros.

Really, for anyone planning this type of attack, consistency is a HUGE problem and you only have to be slightly crafty to be reasonably sure about the keys you're getting. The only other thing to increase your certainty is to get key fingerprints from these people in person.

It ought to start by making certs and keys first-class GUI objects, starting with file browsers. Seriously, people should not see a blank square when they are copying or otherwise manipulating a key.

Further, there should be write-once devices that allow us to add keys and other identity info without worrying an attack will subvert that data.

Use Tor and some other proxies, sample multiple times.

You may have something there. Alarm bells were going off in my head when I saw the summary advocating a move toward not away from X.509. If someone wants us to move toward the tech used by (famously subverted) PKI, they better damn well spell out how PKIs mistakes won't affect verification procedures.

That's why security is not a boolean. If you regard it as black-and-white, it'll drive you nuts.

Be thankful you can at least whittle the trust issues down to things like switch vendors.

Hopefully we'll see more about it on Slashdot once it starts shipping.

I should also point out that, from a manager or user perspective, a Qubes system is just a re-mix of Citrix client products. Even if the user runs in only one domain, an exploit against PCs is far less likely to break out of the VM, making cleanup a quicker and much more certain task.

It also has ways to protect you from physical attacks on boot partitions and BIOS, so travellers with laptops are less vulnerable.

Well, much of it already exists as Qubes OS, and it runs most Linux and Windows apps just fine.

You can get CoreBoot BIOS for several systems, and they're just getting started. And given that Canonical has the best HCL (with the most compatible systems) and hardware partnership profile in the business (apart from MS), I think Shuttleworth's proposal is credible... Good luck to him!