You are mistaken. Security is not something you know, have or are. That's authentication. HSM has nothing to do with authentication. It is key management and secure storage. Your understanding of how an HSM is used is also mistaken. The idea with an HSM is that it does all encryption and decryption operations without ever releasing the key and takes care of requiring proper authorization before performing decryption operations.

When initially configuring an HSM, a key should be created and backed up in a secure manner. The key should be encrypted by one or more additional keys and these keys and final version of the encrypted key should be sent to multiple different secure sites (one key per site). Some redundancy should also be done in case one of the sites is destroyed and each site should only have one key so that all the pieces must be compromised for the key to be compromised.

The final, unencrypted key is loaded in to the HSM. While the server is running, the HSM is authorized from the boot to perform decryption operations. This can be done via a network boot or by direct action when the server boots (the later is more secure but more of a pain). Thus, a running server has access to the HSM and can operate on the data. However, if the server is stolen, the ability the credentials must be entered to unlock the HSM and access the data (credentials which are unavailable) thus the only option is to try and break in to the HSM. Since the hardware is tamper resistant, any mistake will result in the keys being cleared and the encrypted data is protected unless it can be brute forced (effectively impossible as far as we know). If the server is recovered, the backup keys are accessed, the original key is decrypted and reloaded on the HSM and all is back to normal.

While you are correct about the impact of anything currently running on the server, you are dead wrong about physical theft. An HSM should be hardened against picking the key out of it and should actually destroy the key if tampering is detected. Encryption on the server is still of limited benefit since the data key could probably be abused in most remote exploits on a running system, but for powered down security, such as physical breach, it is very significant, even if the chances of someone breaking in and stealing a server are generally much lower than a remote intrusion (though not as much as you might think since many attacks are internal).

Right, I'm just saying there is no moral grounds for him being some hero now. When it was exposing illegal surveillance outside the government's jurisdiction, there was perhaps a moral argument that he was doing the right thing, particularly since it could be difficult to make an argument that it truly hurt national security (since anyone that had a working brain would have already been suspect that such things were possible).

While I'm sure that there are countries that are thrilled at what he did revealing spying on US ally governments, it's normal and valid espionage activity, so any moral grounds go out the window. There is no moral imperative to turn traitor on your country (whatever country that may be) and leak information that your country trusted you with that has a damaging impact on them when they were doing nothing wrong.

He was a US citizen with a US security clearance leaking details of activities that are both valid national security activities and common (and legitimate) practice for all governments. This leak is a direct compromise of national security and doesn't have any moral grounds as a leak to expose wrong doing as there is no wrong doing being exposed.

Espionage is not an act of war, nor has it ever been. In fact, the penalties for spying in most countries differ specifically based on whether there is a war on or not. It's how countries make sure other countries are being honest with them, whether friend or enemy. It's also some of the most important information for getting at what countries actually want since the political sphere is all bullshit and positioning rather than actually getting things done.

I'm not sure how that is supposed to relate to my comment, but I don't disagree with you. Russia has absolutely no legal reason to hand over Snowden, though political reasons could still result in him being sent back. I don't think we have any right to blame Russia if they don't send him back though, but politicians have to act angry about it, just like European politicians have to act angry about us spying on them even though everyone knows that spying on allies is what makes allies work. How do you know you can trust another government if you don't know that they are telling you the truth by knowing things they don't know you know?

Android isn't a desktop OS, nor is it intended to be. It is designed specifically for high levels of process isolation and low power consumption. These are the opposite of what you want on a desktop where you are looking for power and interoperability. Windows 8 is a huge misstep driven by trying to compete with the vertically integrated dominance than is making Apple so much money. Metro is simply a move to push Windows Market on the world that is failing. If it wasn't for Metro, Windows 8 is actually a very nice step up from Windows 7. If MS realises that Metro isn't the way to get the vertical integration they are looking for, there is still lots of hope for them. They do need to see the error of their ways though.

That's testing rather than writing code and a Surface Pro isn't really a tablet, it's a laptop pretending to be a tablet. It has an actual full fledged OS on it and runs x86. You could also accomplish the same with a touch screen monitor on a much more powerful desktop that would build faster and give more area to work on your code in. Don't get me wrong, not saying tablets don't have their uses, but they are substandard for many, many activities.

It's only illegal if it is against the law... You do realize that espionage is ALWAYS illegal in the country being spied on right? That doesn't make it illegal in the country doing the spying. It makes it a valid portion of the government's job. Spying has been a part of international relations since, well, when did people first make countries again? It isn't illegal and it isn't going to change any time soon. It's certainly not good for relations when it gets exposed, but everyone really is doing it. If you think that this is A) news or B) a valid leak that has any possible purpose than to hurt the US, then you are sadly ignorant of the realities of the intelligence community for the last forever.

Let me know how writing code or actual real letters goes on your smartphone or tablet. The desktop market isn't going away, it just won't move as many machines (since they last longer now).

While I'm not sure it is relevant to the article, I do agree with you that private registrations are bothersome though I know I personally don't ever completely trust a site with a private registration. I intentionally leave WHOIS open for the world to see on my sites, but then again, you can actually find my details on the About pages of most of them without even having to go to WHOIS. Anonymity on the web is more or less a myth anyway. A determined attacker can figure out who you are unless you take lots of special precautions, so why not make your info available to those who might actually have legit uses for it too.

This has nothing to do with Snowden. This has everything to do with backlash against the US for blocking use of backdoored Chinese hardware in our networks. Since we blocked them from selling to us, they are trying to match the move by blocking us from selling networking gear to them, regardless of if there is a back door or not. It's Tit for Tat, nothing more.

It's worth noting that if you are good at public speaking, you should also be good at writing via stream of consciousness. Thus, it shouldn't take that much longer to prepare a written work than to have a similar quality oral presentation. Sure, a typical typist may only be 40 to 100 words a minute, but this is still not THAT much slower than the 160 words per minute that can be spoken. It is also far less mistake prone as you can go back and correct yourself.

Does the law allow you to simply abandon the project? I thought it simply didn't allow the project to continue unless you removed the historical artifacts from the land. You don't technically have to spend more, but it could cause the project to be a loss up to that point.

Still, lying about it rather than advertising your intent to abuse consumers is sane behavior. I didn't say Sony's any better and I don't trust them as far as I can throw them, but MS saying to consumers faces "hey, we want to screw you over in every way we possibly can. Please buy our product, you'll like it." isn't exactly sane. Truth, unfortunately, hasn't been in advertising for some time.