You should strictly be using HTTPS, not just for logging in on web sites, but also for every access, post, or whatever. If that means the web site needs tons of new CPUs to crunch all that encryption, then so be it. I think Facebook, Google, Microsoft, and a few others can afford it. The only valid complaint would be the carbon footprint.
That's because most developers and other techies from India (and there are lot of really good ones... any country has a certain percentage of people that could be educated at a high level... and India does do some of that) have come to the US on H1-B (or to Europe on their similar programs). In my previous job, the guy in the cubicle next to me was top notch talent that, if nothing else does, justifies the H-1B program (I'd bring him to my new job if I could). But I've also encountered many coming here on H-1B that are shamefully untalented (one came here to be a "Unix admin" and had no idea what a shell was).
Given that SCADA is inherently not secure, the starting point is to have it not connected to the internet. If you need remote access, set up a private path of some sort, such as a fiber optic line, radio link, lease a frame relay from a telco, or set up a VPN (serial-only if that can work). Be sure it is encrypted. Be sure the people hired to set it up and manage it understand security.
Never! It will never happen. Microsoft management will overrule any release of IE, or any other Microsoft application such as MS Office, for any platform that it feels to be a threat.
This functionality would be achieved with a very simple rule. The rule is simply that for a given hostname, the cookie can be accessed by any hostname that is LONGER than the hostname it was set for. So if "example.co.uk" sets a cookie, "foobar.example.co.uk" can access it. A website can simply make use of this by directing people to the core web site. Note that even this can be abused. A registrar might set up "co.uk" and set a cookie that every domain in "co.uk" can access.
The encryption keys used in SSL/TLS communications are discarded after use. There is nothing to cough up. Do you know the keys for all the HTTPS web sites you've ever visited? Didn't think so.
Stop placing calls over the legacy switched telephone number. Instead, make calls directly over the internet itself. It's cheaper that way. You just need to know what "numbers" go to what peer VoIP switch. Eventually, everything can go this way and we have no more "per call" charges.
But there are also laws of physics that apply to fiber. And after all the strands are used up that have already are in place, they have to put in more. THAT is very expensive (dig, dig, dig). My company is trying to get fiber in from an ISP right across the street from us, and the installation costs are going to be as high as $12,000. Imagine the cost of putting in more fiber from Boston to New York to Philadelphia to Baltimore to Washington to Richmond to Charlotte to Atlanta. And that's just one run. Hopefully they will put in a few hundred strands while they have that trench open. Oh, but that's expensive, too, since they have to do all those splices now before burying them.
One can simply set up a box to pre-record the program when it is transmitted by multicast. A program can afterwards go request missing blocks of the program to eliminate those glitches that the live viewers had to endure. If you want to watch a particular show each week or day, you have it set to do that. It then joins the multicast group a little before it starts and records what it gets. If the sender DRMs it, then you have to view it through some process that can decrypt it (and maybe even gets the keys to do that at viewing time). So even with time shifting, multicast can help. Repeat multicasts can also be set up where there is high demand by those who missed it entirely.
My interest is in tearing down TV program gatekeepers. I don't want some cable or satellite company saying "sorry, your TV programming is limited to just these 25,000 channels from programmers that paid us huge fees to let them in". Instead, I want TV programming, viewable live where applicable, from any person or company anywhere in the world that wants to make it available. And I want the core internet, as well as the "last mile" on each end, to be all multicast ready.
And I want my own multicast group address. Should be plenty of those once IPv6 is everywhere.
But Comcast is a video gatekeeper. If they are using IPTV and multicast, then they have far more ability to add channel choices than they are letting on.
My interest is in deploying it world-wide where there is no gatekeeper and a choice of as many channels as there are people wanting to deliver video. Specifically, the sender and receiver would not be the same entity (it is the same entity when Comcast controls your set top box, and decides what programming networks get to send video out to those set top boxes).
So if you decide to be a broadcaster, and I want to watch your video, in a live IPTV stream, what I want to know next is where and how you get a multicast group address. I'd imagine you can tell me what it is via whatever format or protocol via your web site and/or the IPTV connection setup. But how do you get that on your end as the sender? All the docs seem to omit this.
All of that applies to "last mile" connections to home. For a business, you have to multiply many of those needs by as many people using them at one time. Then there may be services going in the reverse direction. For an ISP, multiply by the number of customers (divided by the oversell factor). For core infrastructure ISPs, more than 100 Tbps is still going to be needed to service a billion homes with 1gbps and a million businesses with 10gbps.
And I'll still need to compress my 5120x2160p120 videos.
Installing is very very expensive. Too bad they didn't realize that back when they did put in the dark fiber. They are doing some installs now, but the financial resources are being held back until the government gives them massive tax breaks and helps them cover the costs so they can keep their profits high and not have to cut CEO salaries and bonuses.
Slashdot Mirror
IOW, the bribes are not at the desire level, yet.
Hopefully, there will be an appeal. Appeals sometimes reverse lower court stupidity even in the USA. Otherwise, it's off to Norway.
... allow incompetent companies to access the internet?
You should strictly be using HTTPS, not just for logging in on web sites, but also for every access, post, or whatever. If that means the web site needs tons of new CPUs to crunch all that encryption, then so be it. I think Facebook, Google, Microsoft, and a few others can afford it. The only valid complaint would be the carbon footprint.
... here ... except ... the password is "open".
It's also 1/70th of what the Republicans want rich people to get in the form of extending tax breaks they got from George W Bush.
The correct figured to determine overall national prosperity is to take the median income (not the average), and divide that by the Gini coefficient.
That's because most developers and other techies from India (and there are lot of really good ones ... any country has a certain percentage of people that could be educated at a high level ... and India does do some of that) have come to the US on H1-B (or to Europe on their similar programs). In my previous job, the guy in the cubicle next to me was top notch talent that, if nothing else does, justifies the H-1B program (I'd bring him to my new job if I could). But I've also encountered many coming here on H-1B that are shamefully untalented (one came here to be a "Unix admin" and had no idea what a shell was).
Given that SCADA is inherently not secure, the starting point is to have it not connected to the internet. If you need remote access, set up a private path of some sort, such as a fiber optic line, radio link, lease a frame relay from a telco, or set up a VPN (serial-only if that can work). Be sure it is encrypted. Be sure the people hired to set it up and manage it understand security.
Never! It will never happen. Microsoft management will overrule any release of IE, or any other Microsoft application such as MS Office, for any platform that it feels to be a threat.
I want to switch to IE 9 today! Where can I download the source for Linux version?
This functionality would be achieved with a very simple rule. The rule is simply that for a given hostname, the cookie can be accessed by any hostname that is LONGER than the hostname it was set for. So if "example.co.uk" sets a cookie, "foobar.example.co.uk" can access it. A website can simply make use of this by directing people to the core web site. Note that even this can be abused. A registrar might set up "co.uk" and set a cookie that every domain in "co.uk" can access.
Here.
... write on her wall?
... follow her on twitter?
The encryption keys used in SSL/TLS communications are discarded after use. There is nothing to cough up. Do you know the keys for all the HTTPS web sites you've ever visited? Didn't think so.
Where is the notice not to park there?
Taco, c'est que vous?
Stop placing calls over the legacy switched telephone number. Instead, make calls directly over the internet itself. It's cheaper that way. You just need to know what "numbers" go to what peer VoIP switch. Eventually, everything can go this way and we have no more "per call" charges.
IPv6 is fine. IPv4 has it, too. But IPv6 has more of it. Now how do I get a multicast address?
But there are also laws of physics that apply to fiber. And after all the strands are used up that have already are in place, they have to put in more. THAT is very expensive (dig, dig, dig). My company is trying to get fiber in from an ISP right across the street from us, and the installation costs are going to be as high as $12,000. Imagine the cost of putting in more fiber from Boston to New York to Philadelphia to Baltimore to Washington to Richmond to Charlotte to Atlanta. And that's just one run. Hopefully they will put in a few hundred strands while they have that trench open. Oh, but that's expensive, too, since they have to do all those splices now before burying them.
One can simply set up a box to pre-record the program when it is transmitted by multicast. A program can afterwards go request missing blocks of the program to eliminate those glitches that the live viewers had to endure. If you want to watch a particular show each week or day, you have it set to do that. It then joins the multicast group a little before it starts and records what it gets. If the sender DRMs it, then you have to view it through some process that can decrypt it (and maybe even gets the keys to do that at viewing time). So even with time shifting, multicast can help. Repeat multicasts can also be set up where there is high demand by those who missed it entirely.
My interest is in tearing down TV program gatekeepers. I don't want some cable or satellite company saying "sorry, your TV programming is limited to just these 25,000 channels from programmers that paid us huge fees to let them in". Instead, I want TV programming, viewable live where applicable, from any person or company anywhere in the world that wants to make it available. And I want the core internet, as well as the "last mile" on each end, to be all multicast ready.
And I want my own multicast group address. Should be plenty of those once IPv6 is everywhere.
But Comcast is a video gatekeeper. If they are using IPTV and multicast, then they have far more ability to add channel choices than they are letting on.
My interest is in deploying it world-wide where there is no gatekeeper and a choice of as many channels as there are people wanting to deliver video. Specifically, the sender and receiver would not be the same entity (it is the same entity when Comcast controls your set top box, and decides what programming networks get to send video out to those set top boxes).
So if you decide to be a broadcaster, and I want to watch your video, in a live IPTV stream, what I want to know next is where and how you get a multicast group address. I'd imagine you can tell me what it is via whatever format or protocol via your web site and/or the IPTV connection setup. But how do you get that on your end as the sender? All the docs seem to omit this.
All of that applies to "last mile" connections to home. For a business, you have to multiply many of those needs by as many people using them at one time. Then there may be services going in the reverse direction. For an ISP, multiply by the number of customers (divided by the oversell factor). For core infrastructure ISPs, more than 100 Tbps is still going to be needed to service a billion homes with 1gbps and a million businesses with 10gbps.
And I'll still need to compress my 5120x2160p120 videos.
Installing is very very expensive. Too bad they didn't realize that back when they did put in the dark fiber. They are doing some installs now, but the financial resources are being held back until the government gives them massive tax breaks and helps them cover the costs so they can keep their profits high and not have to cut CEO salaries and bonuses.