Then why is Microsoft signing a "click OK to continue" shim that allows corporate users to install their own "untrusted" OS onto a system that only trusts the Microsoft key? Does MS have a more restrictive key that can be installed manually by IT departments? If so, could that be part of an evil plan to then get it onto generic vendor machines?

Would you trust a vendor preinstall of a desktop linux distro? Standard practice for Windows power users is to put down a clean install of the OS over whatever the vendor preinstalled, for power users I'd be happy with doing this for GNU/Linux distros even when the system comes with some flavour of Linux-based OS.

ChromeOS provides a set-and-forget OS that avoids the Microsoft tax and works for the non-power-user. As long as there's a supported method of reinstalling an unsigned OS (previous iterations of Chromebook have had this, but it's always something to watch for), that should be suitable for the power user to reinstall over.

In the magical future when there's big commercial support for users on desktop GNU/Linux, then it will be important for vendors to preinstall a desktop-grade OS, but not now. ChromeOS devices should become cheaper and cheaper, not more and more powerful for the same price.

This is actually a good point - Microsoft have gone through decades of pain being the target of malware, have suffered through it, and at this point have something of an immune system developed with Security Essentials and the ecosystem of third-party anti-malware. It's definitely an advantage over Apple, whether or not it's the best way to go.

Read your signature as part of the conversation, wasn't out of place.

What would be nice is an encryption setup mode where you have your password/authentication plus 4k of random data (like a big salt). When you set up the encryption or subsequently boot the system decrypted, it regenerates the random data and re-encrypts the internal final decryption key with your password+new random salt. When you shut the phone down normally, the salt is saved in cleartext and you're ready to go upon next boot, but if you yank the battery or shut down in "panic mode", the salt isn't saved and the phone is unrecoverable by you or anybody else. If you're worried about losing data, you could also have "saved salt" as the default mode, and the only way to render the device unusable would be to shut it down in some sort of "panic mode"

Unity3D will still be usable without GPU acceleration, it will use a new software implementation of OpenGL called llvmpipe. llvmpipe is a much better software rasteriser than we've traditionally had, but it's still software which means it's significantly slower than even the simplest of hardware OpenGL implementations.

Your NAS doing DLNA is doing more than a NAS needs to. XBMC happily supports connecting to Samba or SFTP shares within the application, or you could just use NFS and attach the NAS share to the local filesystem. If a NAS cares about what type of file it's sending over a plain filesystem access protocol like that it's a broken NAS.

He's quadraphonic he's ah.. he's got more channels

I saw a demonstration at a car show where one of the manufacturers had an app on iPads that were mounted in perspex boxes. The home key was covered and inaccessible except through a pinhole, and that was "hard enough" to get around given they had staff in the area to keep an eye on people.

Yes you have.

If you can get a .torrent file onto a remote downloading host you can get a text file with the magnet link there.

Alternatively, you can use a client-server torrent client (like deluge), where the GUI appears on your workstation but the downloading happens on the remote system.

This is a completely different machine, it's not the one that TSA agents will use to remotely scan your DNA...

Well, that's to be expected when using a static cache - it's the only way DNS can manage, for example (DNS changes take a while to "propagate" through the Internet).

If the deleted content is still there a week or more later, then you've got problems.

Read the title of the thread you're replying to.

You want your financial details to be secured by allegedly-trusted hardware? I'd rather a secure cryptographic protocol that requires the client only to have the correct credentials. Sure, having an unwalled garden (the 'pre-rooted' bit) will lead to data theft through malware, but it's no different to being conned out of cash from your physical wallet.