The NSA has been involved with NIST and industry to produce a series of NIST Special Publications ( http://csrc.nist.gov/publications/PubsSPs.html ) which include BIOS security. This includes 800-147, 800-147B, 800-155, 800-164 etc.

I have no idea how many manufacturers implement these -- but there are some really gnarly issues there. It isn't even clear what BIOS means in the context of a blade server with multiple processors, management engines etc.

The TL;DR for these specs is that a BIOS update should not be accepted by the system if it is not signed by the BIOS manufacturer. This is a step in the right direction. Of course, it doesn't protect you from someone with access to the BIOS signing keys for a particular BIOS vendor (and there aren't many BIOS vendors around). I don't think that if 800-147 is implemented that it makes anything easier for the NSA, except that it might engender a false sense of security.

As a fifty+ year old coder/designer/architect, I just went back to do another startup where I get to write code again and to mentor the rest of the team. The reason to write code is that I want to build something and have it used by customers (preferably paying ones). I can have the biggest impact in a small startup where we want to change the world (or at least a small, profitable, segment of it!)

At 50+, your priorities do change somewhat -- family and kids are more important -- but these all encourage you to work smarter rather than longer. You also gain (through experience) an intuitive feel for what will work, and what will not.

The good news is that, in a court, if one party destroys evidence, the court is required to assume that the evidence is favorable to the other party. I.e. if the cops destroy a video, then the court assumes that it would be in favor of the defendant.

As far as I know, most of the home routers today are based on open source platforms. [Yes, I know that some models use proprietary operating systems as it allows less RAM to be provided on the box]

I'm just about to install networked thermostats into my house. The current model is that it connects to a central server somewhere, and, in order to control my thermostat, I also have to connect to that site. This is crazy. I should be able to talk directly to my thermostat (over v6) from my smartphone (without needing to type in a v6 address!) Somehow my home firewall (without configuration) has to know that it can let my traffic in, but not other people who want to change the setting on my thermostat.

The trick is finding a way to make this happen securely and without configuration. On the face of it, this seems like a challenging task.

Philip

If legislation is passed that requires websites to be shutdown based on copyright infringement accusations, then I doubt that any of the RIAA member companies websites would last for long. They use a vast amount of copyrighted material all the way from the music that they think they have rights to (but what about all the samples used) down to the individual icons used on a web page, and the javascript to control the cheesy animations. If *any* one of these is used without permission, then it is a copyright violation.

I know websites that have ripped off my work (though I normally grant free permission if they ask in advance).

The bigger they are, the harder they fall.

+1 for the brultech stuff. I have 4 ECM-1240s and also a TED device. The brultech stuff is much more useful -- though it doesn't agree with the TED device on the actual power consumed by the house. I need to do some experimentation to see which is right...

I picked up a used Tektronix 7904 for under $100. Of course, the four probes that I needed cost rather more than the scope, but that's life. The 7904 (with the modules that I have) is a 350MHz unit -- which is great for doing radio work. This setup could easily have cost $10k new.

Buy one of these online and the shipping will kill you. You need to find someone local who wants to get rid of one.