Anyone can sue anyone for virtually anything. I could sue you for providing a misleading anecdote. I almost certainly would lose however I could file a lawsuit.

Lawyers filing a lawsuit. How utterly shocking.

Last time I checked the school offers no guarantees that you won't be required to retake tests. I doubt the lawsuit went anywhere.

Agreed. There is no secret key known. I mistaken on how handshake in WPA2 works.

However that doesn't mean that future protocol (say WPA3) couldn't use public key securely.

Essentially imagine an SSL like implementation to authenticate and securely exchange keys but for AP instead.

Client requests session from AP.
AP returns public key cert (could be self signed but also could be CA signed for an organization like starbucks).

For self signed certs you woudld still have the issue of MitM. For CA signed certs the client verifies the AP cert if valid and signed by a trusted CA. Thus client has at least some assurance it is talking to the "real" starbucks AP.

Client creates a random session key and also a public/private keypair.

Client encrypts everything w/ AP public key and transmits to AP.

Now all traffic is encrypted w/ securely shared session key.

However that would require something beyond what the article indicates. I was mistaken on the keyshare in WPA2. With Eve knowing passphrase it would be very simple to force a session disconnect and then capture the handshake.

I stand correctly looks like you are right.

We really need a public/private key based WPA3.

i.e.
access point has public/private keypair.
Client creates session key (symetric) and encrypts it w/ AP public key. client also creates its own public/private keypair and sends the public key.

This way
1) session key can only be determined by AP (or anyone w/ private key)
2) AP can use client public key to authenticate traffic from the client (client will encrypt traffic w/ session key but also sign traffic w/ client private key).
3) For public AP the public/private key could be signed by a CA. Thus assumming CA chain isn't compromised a user would have some level of certainty that they are indeed connecting to "starbbucks AP" and that only that AP can decrypt traffic.

Then have the handshake protected by public/private key encryption.

As mentioned up thread. It likely would require a new standard (like say WPA3).

Each AP in would have a private/public keypair.
1) Client queries AP for session
2) AP sends public key to client
3) Client generates a random session key (symetric encryption)
4) Client encrypts session key w/ AP PUBLIC KEY
5) Client sends encrypted session key to AP
6) At this point even an intercepted session key could only be decrypted by the AP (or someone w/ AP private key).

No you wouldn't. The AP would have a public/private key pair not a physical password.

So each AP is given a psuedo random pubic/private key pair. Hell you could even design the router on reboot to randomly generate a new public/private key pair.

Now a new user tries to connect to the AP. The AP sends it public key to the user (in plain text) as part of the handshake process.
The user computer generated a unique session keys and encrypts it with the public key of the AP. The encrypted packet is sent to AP.
Now only the AP can decrypt the message to get the session key. So even someone "sniffing" the handshake couldn't determine the session key without breaking (or knowing) AP private key.

No "passwords" written down are needed. Just simply have each router configured at the factory w/ a psuedo random public/private key pair (or designed to generate one on hard reboot). Router could even be configured to accept a custom keypair. Paranoid users could have router randomly generate a new keypair at set intervals.

For "public" AP it could be improved by combining it w/ CA. So all starbucks AP would have a signed key pair.
1) User knows (assuming CA hasn't been spoofed) that they are talking to a "real" starbucks AP
2) Only starbucks AP can decrypt the session key.

Wrong.

While WPA2 uses a shared passphrase it doesn't use a shared encryption key.

All connected clients to the access point have unique session keys. If you know the passphrase you can connected and decrypt YOUR OWN TRAFFIC but that doesn't enable you to decrypt any OTHER CLIENTS because they will be using different session keys.

You fail to understand how WPA2 works

The passphrase is no the ecnryption key. The passphrase is simply used to ID valid users.

Each session generates a unique session key. If you and I are connected to same wifi hotspot w/ WPA2 and "free" as the passphrase you can't decrypt my traffic and I can't decrypt yours.

Technically the "Free" passphrase isn't needed however WPA2 requires SOME passphrase. It would have been smart to allow encrypted traffic w/o identification but we are stuck w/ current system (at least until WPA3).

So to get encrypted per session streams you need a passphrase ANY passphrase. To simplify deployment if all public hotspots uses the same passphrase the OS could be designed to always try that before prompting the user.

You can capture the handshake w/ WPA but not WPA2.
Or more technically sniffing the WPA2 handshake will not allow you to decrypt the traffic.

Of course TKIP is flawed and was only really included to allow backwards comptibility. WPA2 AES should be the only option.

Because WPA2 generated per session keys.

Although everyone connecting would use same password (in this instance free).
Each session key would be unique and thus would prevent snooping.

Theoretically one could redesign WPA (WPA3) to have a passwordless mode where traffic is still encrypted however no password is needed. This is simply a "could work today" modification of existing protocol.

I can get that. I think eventually we will see a single format and it will support transfer of ownership.

Will it happen in 2 years, 10 years, 100 yearS? No idea but eventually the idea of permanently transferring ownership of digital content will be no more esoteric than transferring ownership of physical items.

The DRM on Kindle has been broken a long time
Google "unswindle".

I have DRM free backups of every book I purchased.

Honestly what is the resale value of mass market fiction books?

I know I have donated dozens to libraries but never considered selling them.

LOL. I guess you mean it doesn't function as well as a door stop.

Kindle 3 vs Nook. The Kindle is:
Lighter
Thiner
Lighter
Longer battery life.
Higher Constrast Display
Faster Refresh Rate
Better interface (although both as sub-par)

The nook has a tacky, ill thought out, but flashy touch lcd display. MEH.

That wasn't the questions.

The question is WHY WOULD COMPANIES produce less bugs (or do extensive beta testing) or offer discounted early user copies, etc.

The answer is they won't. Why would they? People are willing to pay full price for incomplete software.

It likely will be a while. Kindle 3 is a about 150ppi. To get quality comparable to print one would need at least 600 ppi. Now quadrupling the resolution would be tough however adding color triples the number of sub pixels (one sub pixels to RGB subpixel). So you are talking about effectively a 12x increase in number of of pixels.

To make things even more difficult current eink displays have 16 shades per pixel. One would also need to up the bit depth of each pixel.

I have no doubt full color (millions of shades) at high resolution will eventually be possible but it look a long time (2 decades?) to go from 16bit grayscale monitors to HD 24bit monitors. eInk likely will be no different (although hopefully timeline will be in years not decades).