I live in the UK so I barely get to experience "Summer" on Earth, let alone space you insensitive clod!

He's not reporting a bug, he's reporting a security vulnerability which may indeed be a subset of "bug" but it's a very special subset of bug, the sort where even senior management are obliged to get their finger out of their arse and "Do the Right Thing". Especially given eBay are an American company as I seem to remember yanks being big on this thing called "Fiduciary duty to shareholders" which will most certainly not be served, even in the short-term, let alone the medium or long-term by sticking two fingers up at this kid.

TFTFY

"anymore"? Dude this is Slashdot, 99% of us couldn't run down the road, pictures or GTFO. :^)

Well that to.

TFA implies it was for "Ivy bridge" so yeah probably tied to chipset, maybe multiple boards but the point is they've demonstrated something arguably close to gross incompetence, misplacing source code is careless, misplacing the signing key is a different league. This is a commercial product how hard would it be to have the key in two parts, held by two individuals on the dev/release team?

This system is built purely on trust and its gone, I mean, yeah "I'm sure they'll be more careful next time" but sarcasm aside there's no real way for them to demonstrate that.

The truly paranoid might even point out that if someone with the means found the FTP server first they could already have trojaned AMI's build servers (running AMI bioses no doubt) with a root kit tainted bios that produced new tainted bioses during compilation and lo' all AMI bios forever after are hence tainted in a never ending FUBAR circle of doom!!!

With three entire exclamation marks and all assuming it's genuine.

Assuming for a moment that the validity of this key is confirmed independently then any further question about the technical feasibility of using this to sub/pervert a Secure Boot arrangement is moot when you consider the deeper and more practical implication which is that you can't trust a major motherboard vendor to keep a signing key properly secured. Secure Boot is dead, long live security.

http://www.bbc.co.uk/news/technology-18927928 ...yawn...

You've made an unfounded assumption that Anonymous Coward is a person, you'll need a citation for that as we all know that on the Internet, nobody knows you're a dog.

As opposed to the tax spending eavesdroppers over in the middle of Vauxhall? ;^)

Yeah, except until Red Hat spots Canonical making in-roads on their business model and then squishes them...

http://www.trendcaller.com/2009/02/canonical-half-as-revenue-efficient-as.html ...bit out of date but it'd still be suicide for Canonical to compete against Red Hat too directly, too soon, hence the cloud/service strategy (http://www.thevarguy.com/2010/04/29/ubuntu-matt-asay-discusses-canonical-revenue-strategy/) they seem to be heading for I suppose? Unfortunately that's going to get holed below the water-line to an extent by Red Hat's OpenShift (http://en.wikipedia.org/wiki/OpenShift) and I just don't believe there's enough revenue in "Linux Desktop as a Service" to make it viable.

To be fair I'm probably a Red Hat fan-boi, I respect what Canonical are doing but... I just can't see how their going to make it work in the long run. :^/

I would say at your parent's house but this being slashdot that's probably not offsite.

"Actually, BT is probably in bed with the people who actually run the country"

TFTFY.

On an only sightly less cynical note, you have to wonder if "the current government" are (as a conceptual entity rather than the specific case we have at the moment) any better at administering such a large/long project than a benign coperate monopoly (if such a thing exists)?

Exactly, that describes London to a tee.

"Uban sprawl" - Since about the 17th Century (http://en.wikipedia.org/wiki/Great_Fire_of_London#London_in_the_1660s)
Painfully expensive - Check
Traffic congestion - Check
Smelly - Check
Noisy - Check
"soul-crushing" - Can be

Restaurants, shops, galleries, theatres, sports venues - some of the best in the world.
Boring - Nope

I'm afraid the 1st of April has been and gone.

The only benifit to the population at large in this entire exercise is that we now have the names and addresses of the people stupid enough to pony up ~$180,000 for an almost certiainly pointless TLD. 419-fodder if ever there was any.

http://www.youtube.com/watch?v=fLegSgWi0cI

March of the Gladiators (Circus Clown Music)