Perhaps you could have a two tier level of trust where repositories that are from signed approved vendors are automatically permitted, but unlisted ones require specific admin permission to install from. Of course, power users could mark an unlisted certificate as trustworthy to prevent the auth request, but it would prevent installs from silently coming in from hijacked repositories in the scenario described above.

Is that really what they are doing? I have a counterfeit Prolific device that "broke" after a driver update. I simply uninstalled the new drivers and installed an old version to make it work.

Admittedly, that's a different OEM, so they may be doing something different.

None of these analogies are correct.

They are not changing the device at all, they are simply making their drivers not work with the fake ones.

There is no reasonable analogy that can be made involving a Gucci product.

This is exactly correct. I've experienced this with a radio programming cable with a counterfeit chip supposedly from Prolific. The drivers that Windows automatically downloaded for it caused the device to not function. Rather than stuffing around with the supplier, I simply downloaded an old working driver, uninstalled the new driver, installed the old driver, and done.

Certainly not a job my mother could do, but also not the same as the OEM bricking devices, which would legally be dangerous for them as it could be argued that they were willingly causing property damage.

From a commercial point if view I think it is an appropriate measure, albeit perhaps not the most reasonable from consumers' perspectives.

SurfaceRT was a failure. The only way only explanation that I can think of for you asserting that the Surface Pro line has been a failure is if your head is located in a place that makes it difficult to see what's going on in the world around you.

The main difference is that FreeBSD users know what Google is and how to use it.

They will take a CNN and a Fox newscaster and lock em in a cage until only one is left reporting.

I'll avoid that. I don't think I could stomach such brutality.

I’ve got news for you. The sexual liberation movement has already been and gone, and most of society no longer has a puritanical view of sex and sexuality. You’ll have to find some other reason to explain the difficulty you’re having getting laid.

Implementing proper domain and user authentication by baking PGP or some other PKI right into the email protocols will both solve the spam problem comprehensively AND allow UTF8 domains with minimum risk of phishing /spoofing.

I agree. The real solution is hardened authentication getting baked right into email. I'm all for UTF8 domain names and email user names, however if the email protocol suite is going to be expanded to allow for more features, then I think security should be top of that list.

Sure, for a while, domains that span multiple character sets such as hotmail.com with a Cyrillic o could be spam flagged, however what happens when (not, if, but when) legitimate domains with multiple character sets start appearing? What about domains that use characters restricted to the intersection of two character sets such that they appear to be from one but are in fact from another?

The ONLY answer to this is an email client that can associate a certificate with a domain and checks it against received email as a matter of course. This solution not only has the property of preventing domain spoofing, but also comprehensively solves the spam problem. (It didn't get done earlier because it fell foul of the "requires everyone to agree at the same time" point on that pro forma "Why your proposal won't work" sheet.)

What would be wrong with just buying a couple of Nexus 7s, remove all junkware, put skype as the only app on it and distribute those? Surely the center has WiFi?

Yea! We don't need no stinkin' ecosystem! We got technologies! Raaa!

Or very, very right.