Taking down games or apps which are clearly intended to be hateful, I'm not sure I even have an example probably because I've never gone looking for them... a confederate flag app that drops the n-bomb when you rub the stars the right way? dunno what an example would be. But OK, I can see that.
Sticks and stones. Freedom isn't about agreeing with nice people.
Are you kidding? You aren't forced to have anything to do with Google. It is their company, they can restrict whatever they want.
Do mobile app developers get to chose where their customers come from? Between the Apple store and Google you can say it is all free will and App store vendors can do what they want with their own software and infrastructure yet they have effectively become gatekeepers of execution and if they don't like what your doing you can expect an audience of crickets.
All I will say is enjoy your kings and monopolies people. If your not willing to defend the right of assholes to be themselves without censorship then don't be surprised when one day you too get fucked over by the same system.
This only works if the website gives the ISP their private key. When the relationship between the website and the ISP is short, the website would probably be reluctant to do that.
It doesn't have to be private key to their primary domain it could be a subdomain created specifically for this purpose.
But at least nobody else can get this information. For example when it's unencrypted any passive attacker could see the extra header that was added.
Gremlins in the tubes are mostly red herrings. They exist and there is value in avoiding them yet most damage is inflicted by other means.
There is always a perfectly reasonable sounding justification people can dream up to justify a ban on just about anything.
Example: Cars kill tens of thousands a year. Car deaths are bad so ban Cars. While being completely one-sided at least this example provides an objective cost in lives lost due to vehicles.
The only thing worse than one-sided arguments is parading specific cases as "perfect examples" to justify a course of action regardless of relationship those cases have to larger reality... and of course all the while not considering the *cost* of action.
Every time there is an incident people are quick to "learn lessons" from individual incidents and push for legislation while interests of all are likely to be much better served if lawmakers made decisions based on rational objective criteria rather than legislation being the only answer to all knee jerk reactions to individual incidents.
Drones are politically easy to ban because they represent a niche hobby and many more people are afraid or annoyed of them. The people who have the most to lose have little voice and everyone else is indifferent.
Smoking causes far more fires and far more deaths than any possible swarm of consumer drones but outlawing smoking isn't going to happen because too many want to smoke.
The mobile provider has a "relationship" with certain websites. When there is such collusion what is the basis for assuming SSL is at all helpful in this scenario?
They are already operating a MITM proxy to inject the headers. Is any of the following at all unreasonable or impractical?
1. Provider sees your going to a commercial relationship site by destination IP.
2. Commercial relationship site has already provided ISP with certificates to MITM itself since ah they have a "commercial relationship".
3. ISP injects the headers anyway behind your back by MITMing the SSL connection which you assumed was "secure" and private. Furthermore the presence of encryption makes it more difficult for anyone to figure out what is going on.
To be fair I'm also no fan of what is traditionally considered "LAMP". I personally believe PHP is more dangerous than it needs to be, MySQL is a poor choice relative to alternatives and harbor little regard even for Apache.
MongoDB is built for the cloud
No. Application design limits scalability of non-trivial systems not the data store.
MySQL's structure is confining (and overrated)
The only thing that sucks worse than a good relational schema design is everything else.
Disk space is cheap
JOINS JOINS JOINS... The reason for JOINs is saving disk space... mind blown.
Node.js simplifies the server layer MEAN makes code isomorphic
General purpose languages are a dead end. The money you save not having to train people to use appropriate DSLs for the task at hand will be more than offset by increased cost of managing product lifecycle.
Node.js is superfast
ab is the most worthless (slow, single threaded, client CPU limited) tool for benchmarking web servers you can pick. Almost as worthless as benchmarking hello world applications bearing no resemblance to real world usage.
Depth matters
How does admitting to being behind other solutions translate into a reason for your approach?
I'm disappointed all around.. both with this article and what is allowed to pass for forward progress in the web stack space.
That's weird I always assumed IMAX was just a generic term for theatre with a big ass screen?
Let me put this another way... ask anyone what do you call a movie theatre with a big ass multi-story curved screen?... and before they answer say...but you can't use the word "IMAX".
In various contexts people talk about IMAX cameras and film formats even NASA folks talking about the imax camera for curiosity... I seriously always assumed it was just a generic specification.
Who knows that IMAX is a brand? Perhaps they have already suffered severe dilution and currently deserve no trademark/brand projection of any kind.
Would I pay more for mobile phones to become an open platform where I can load whatever OS I want and swap out parts with reasonably standardizable interfaces? Hell yes I would.
While I have no opinion about "ethics" of tin and gold but there is nothing I hate more in this industry than insatiable trend of a few massive companies to continue to consolidate their power over everything.
A person at a meeting with only a smartphone could offload to Aura the process of recalculating a spreadsheet for a presentation, eliminating the need for a laptop
This is what I love about all the buzzword enriched nonsense. Use cases presented are not only completely worthless but so half baked and nonsensical that they are actually funny.
Hasanâ(TM)s plan, of course, anticipates a world with a vast number of Internet of Things devices, where lightbulbs, refrigerators, thermostats and other products will come with small processors and network connectivity.
Oh the dreams of marketeers...
By 2020, the world will have 26 billion such devices in operation, according to technology analyst firm Gartner.
More likely they spend $26 billion in advertising to get people to care about their worthless and annoying gimmicks and still fail.
Nope. Transfats are not required to make fortune cookies. Its basically margarine. That's transfat. Avoid partially hydrogenated oils and you're removing nearly any kind of transfat that is going to hit you.
Try finding fortune cookies without the words "partially hydrogenated" in the ingredients list on the shelves. Looked everywhere and gave up.
Selfishly I find myself cheering for the FDA ban because I want fortune cookies without trans fat.
I'm waiting for the first voice recognition virus or voice bomb. Basically someone saying something clever in a video or song or other mass media that triggers millions of devices into making an expensive call or directing them to something with a 0-day payload.
Playing dumb has been my personal strategy yet I have no reference to judge effectiveness against other strategies.
You are rarely helped by acting like a know-it-all. The goal I have found is not to help, inform or impress but to get the person on the other end of the line to just give a shit about helping you. Sometimes being stupid is better for you than having the clueless parts changer and "rebooter and chief" you talk to or they send out be offended when you go talking over their head or attempt to do their job for them. Sometimes if the tech they send out is not a total zombie they will see equipment racks and *ask* intelligent questions at which time it is safe to blab.
I intentionally lie about what I know, avoid argument and work hard to contain laughter especially during onsite visits. I will follow all even stupid instructions unless what I'm being told to do is outright destructive or wastes too much time.
Have also experienced the flip side of this first hand. Sometimes people who think they know something turn out in reality to know a lot less. I'm an Oracle without cookies in a couple niche domains where all who challenge me lose yet the same people keep coming back for more with the same hubris filled retorts undaunted and unaffected by previous lapses of understanding and judgment. What is particularly amusing and annoying are the guys who restate the original question thinking I must not have understood what they were asking in the first place. At all costs don't be this person.
You really have no idea how complex the software is that runs on some embedded devices? A simple hard drive has an OS in and of itself just to maintain your high speed caches. Firmware is generally not the problem though, and it isn't here either. Reprogramming the firmware to do anything useful (streaming data out of a network port it doesn't have) is nigh impossible.
It seems there may be confusion on my point. The point is not to ban firmware. The point is you no longer persist firmware *changes* in field reprogrammable roms. Instead any updates are loaded into volatile memory at boot just like an Intel CPU Microcode update.
Reprogramming the firmware to do anything useful (streaming data out of a network port it doesn't have) is nigh impossible.
The execution environment of the system is based on data obtained from those very same disk drives. It defies belief an adversary with state level money and time on their hands couldn't inject whatever they wanted into the running operating environment.
It was painful to watch Microsoft intermission at the Oculus event today.
Hey so ah we're bundling an ordinary xbox controller with the rift... okay whatever I don't care except for having to pay for it with cost of the rift and your main competition offering a much better input tracking solution with their product.
Rest of the MS demo was someone wearing a VR headset and playing xbox in "VR" by creating a virtual room with a virtual 2D display and playing the game on that 2D display within the virtual world.. one of the sorriest tech demos I've ever seen in my life. I kept waiting for a punch line that never came.
About 80% of the known OpenSSL bugs that have been fixed, were inadvertently fixed in LibreSSL during the refactoring. Many of OpenSSL's bugs are entirely do to horrible coding practices. Of the remaining 20%, a sizable portion were actually found by LibreSSL during the clean up.
You should immediately contact OpenSSL and have them correct attributions in the change log to reflect this reality.
I don't get the hate on that one. They're offering it as a free upgrade for one year going as far back as Win 7. If they didn't have the notification on those systems, the year would go by and then everyone would whine about not knowing about the free upgrade.
It isn't a notification it is a nag screen. Nags are intentionally engineered to be unnecessarily difficult to remove. Notifications are designed to be easily dismissed once the user has had a chance to see it.
Given local storage extensions supported by most browsers these days advertisers don't need to install anything to pull this off. They have all the tools to do it right now.
I encourage all of our competitors to do the same.
I know it is difficult for some to understand they exist at the pleasure of their customers. Have no F*#$**$# business dictating to customers how we are to be contacted. The majority use email yet some prefer phone and voice messaging.
Regardless even VMs end up as emails in everyone's email inboxes. Unless your PBX was invented in a land before time there is little to be whining about.
If a component ever needs new firmware it should be provided by the operating system when subsystem is initialized never to be stored anywhere except the systems main persistent store.
This is a no-brainer win-win for everyone. Manufacturers reduce risk associated with firmware updates and reduce costs from smaller bill of materials.
Users win by retaining the ability to recover from ownage by wiping persistent storage.
Also please enough of the computers within computers crap. I'm looking at you Intel. Vendors never bother properly maintaining and most of these systems are defective by design.
The biggest issues I am aware of is the mostly worthless notion of protecting stored passwords by irreversibly hashing passwords changes.
While stolen SRP verifiers (equivalent of a password hash) can't be used to login to a legitimate system they can like password hashes be used to conduct brute force attacks and they can also be used to trick individuals into thinking they are connecting to a legitimate service. This is equivalent to theft of private key or subversion of CA infrastructure.
The other problem is when PKI is not used with SRP the authenticating identity is transmitted in the clear which may give away information (e.g. a username or alias) to an eavesdropper users may not want disclosed in the clear.
notable being that there's no way to securely *distribute* (or create) the password without falling back to some other TLS suite, or doing it out of band. This really limits the usefulness of SRP in a browser.
Saying that bootstrapping trust is SRPs problem is like saying distributing trusted certificates is PKIs problem.
At some point you need to do work to create trust relationships.. This is fundamentally unavoidable reality the same way people in the real world come to trust or not other individuals based on their experiences.
I do NOT believe SRP is a replacement for PKI. They each have their roles and I believe they can and should be used concurrently. PKI is obviously much better suited for initial service discovery on the Internet. Yet the reality is most sites worth protecting with TLS require a login of some kind. Everyone has a login for their email accounts, their banks and their facebooks... What I find unacceptably dangerous is the world continuing to ignore individual trust relationships to secure sessions... because the alternative is asking hundreds of redundant global trust anchors to be responsible for the security of the worlds systems...a laughably insane delusion.
Additionally, I'm not sure how browser support for SRP is supposed to make phishing stop working. If the user still needs to enter their password somewhere, then the phishing attack just has to look like wherever they usually enter their password.
It becomes tractable to educate users to enter their passwords only into a specific browser menu rather than random attacker forms which appear to be indistinguishable from legitimate counterparts which are constantly subject to change, redesign and often contain baseless security assertions (such as fake padlock imagery and baselessly reassuring text)
On the other hand, there are definitely places that I'd like to see SRP deployed. A key one, which I consider a lot more important than in browsers, would be as a replacement for NTLM hashes
NTLMV2 and Kerberos Authentication both need to be replaced with a modern secure authentication system however a lot more people login to websites using pre-established usernames and passwords than they do a network file share. Many of them have no training and believe whatever they see on their screens because even legitimate sites spew lies to cover for fundamentally indefensible reality where insecure authentication is tolerated.
Oh good. only the single most complicated and expensive things then. Look it's not "hard". It's more like "fucking impossible". It's hard to shield against something when you need to provide some kind of external connectivity which can act as a conduit, you're effectively talking about tuned faraday cages around powerlines. It's not only impractical, it's almost impossible to do completely from a technical perspective.
This has been studied and it is far from impractical. You just need better protection circuits.
Slashdot Mirror
Taking down games or apps which are clearly intended to be hateful, I'm not sure I even have an example probably because I've never gone looking for them... a confederate flag app that drops the n-bomb when you rub the stars the right way? dunno what an example would be. But OK, I can see that.
Sticks and stones. Freedom isn't about agreeing with nice people.
Are you kidding? You aren't forced to have anything to do with Google. It is their company, they can restrict whatever they want.
Do mobile app developers get to chose where their customers come from? Between the Apple store and Google you can say it is all free will and App store vendors can do what they want with their own software and infrastructure yet they have effectively become gatekeepers of execution and if they don't like what your doing you can expect an audience of crickets.
All I will say is enjoy your kings and monopolies people. If your not willing to defend the right of assholes to be themselves without censorship then don't be surprised when one day you too get fucked over by the same system.
This only works if the website gives the ISP their private key. When the relationship between the website and the ISP is short, the website would probably be reluctant to do that.
It doesn't have to be private key to their primary domain it could be a subdomain created specifically for this purpose.
But at least nobody else can get this information.
For example when it's unencrypted any passive attacker could see the extra header that was added.
Gremlins in the tubes are mostly red herrings. They exist and there is value in avoiding them yet most damage is inflicted by other means.
There is always a perfectly reasonable sounding justification people can dream up to justify a ban on just about anything.
Example: Cars kill tens of thousands a year. Car deaths are bad so ban Cars. While being completely one-sided at least this example provides an objective cost in lives lost due to vehicles.
The only thing worse than one-sided arguments is parading specific cases as "perfect examples" to justify a course of action regardless of relationship those cases have to larger reality... and of course all the while not considering the *cost* of action.
Every time there is an incident people are quick to "learn lessons" from individual incidents and push for legislation while interests of all are likely to be much better served if lawmakers made decisions based on rational objective criteria rather than legislation being the only answer to all knee jerk reactions to individual incidents.
Drones are politically easy to ban because they represent a niche hobby and many more people are afraid or annoyed of them. The people who have the most to lose have little voice and everyone else is indifferent.
Smoking causes far more fires and far more deaths than any possible swarm of consumer drones but outlawing smoking isn't going to happen because too many want to smoke.
See, this is exactly why I want a HTTPS web.
Lets think about this critically for a moment.
The mobile provider has a "relationship" with certain websites. When there is such collusion what is the basis for assuming SSL is at all helpful in this scenario?
They are already operating a MITM proxy to inject the headers. Is any of the following at all unreasonable or impractical?
1. Provider sees your going to a commercial relationship site by destination IP.
2. Commercial relationship site has already provided ISP with certificates to MITM itself since ah they have a "commercial relationship".
3. ISP injects the headers anyway behind your back by MITMing the SSL connection which you assumed was "secure" and private. Furthermore the presence of encryption makes it more difficult for anyone to figure out what is going on.
To be fair I'm also no fan of what is traditionally considered "LAMP". I personally believe PHP is more dangerous than it needs to be, MySQL is a poor choice relative to alternatives and harbor little regard even for Apache.
MongoDB is built for the cloud
No. Application design limits scalability of non-trivial systems not the data store.
MySQL's structure is confining (and overrated)
The only thing that sucks worse than a good relational schema design is everything else.
Disk space is cheap
JOINS JOINS JOINS... The reason for JOINs is saving disk space... mind blown.
Node.js simplifies the server layer
MEAN makes code isomorphic
General purpose languages are a dead end. The money you save not having to train people to use appropriate DSLs for the task at hand will be more than offset by increased cost of managing product lifecycle.
Node.js is superfast
ab is the most worthless (slow, single threaded, client CPU limited) tool for benchmarking web servers you can pick. Almost as worthless as benchmarking hello world applications bearing no resemblance to real world usage.
Depth matters
How does admitting to being behind other solutions translate into a reason for your approach?
I'm disappointed all around.. both with this article and what is allowed to pass for forward progress in the web stack space.
If it isn't a joke then what is it? A tragedy?
That's weird I always assumed IMAX was just a generic term for theatre with a big ass screen?
Let me put this another way... ask anyone what do you call a movie theatre with a big ass multi-story curved screen? ... and before they answer say ...but you can't use the word "IMAX".
In various contexts people talk about IMAX cameras and film formats even NASA folks talking about the imax camera for curiosity ... I seriously always assumed it was just a generic specification.
Who knows that IMAX is a brand? Perhaps they have already suffered severe dilution and currently deserve no trademark/brand projection of any kind.
Would I pay more for mobile phones to become an open platform where I can load whatever OS I want and swap out parts with reasonably standardizable interfaces? Hell yes I would.
While I have no opinion about "ethics" of tin and gold but there is nothing I hate more in this industry than insatiable trend of a few massive companies to continue to consolidate their power over everything.
A person at a meeting with only a smartphone could offload to Aura the process of recalculating a spreadsheet for a presentation, eliminating the need for a laptop
This is what I love about all the buzzword enriched nonsense. Use cases presented are not only completely worthless but so half baked and nonsensical that they are actually funny.
Hasanâ(TM)s plan, of course, anticipates a world with a vast number of Internet of Things devices, where lightbulbs, refrigerators, thermostats and other products will come with small processors and network connectivity.
Oh the dreams of marketeers...
By 2020, the world will have 26 billion such devices in operation, according to technology analyst firm Gartner.
More likely they spend $26 billion in advertising to get people to care about their worthless and annoying gimmicks and still fail.
Nope. Transfats are not required to make fortune cookies. Its basically margarine. That's transfat. Avoid partially hydrogenated oils and you're removing nearly any kind of transfat that is going to hit you.
Try finding fortune cookies without the words "partially hydrogenated" in the ingredients list on the shelves. Looked everywhere and gave up.
Selfishly I find myself cheering for the FDA ban because I want fortune cookies without trans fat.
why do you care? I haven't eaten trans fat in decades and I haven't even been trying.
What has transfat in it that you want?
Fortune cookies.
I'm waiting for the first voice recognition virus or voice bomb. Basically someone saying something clever in a video or song or other mass media that triggers millions of devices into making an expensive call or directing them to something with a 0-day payload.
Playing dumb has been my personal strategy yet I have no reference to judge effectiveness against other strategies.
You are rarely helped by acting like a know-it-all. The goal I have found is not to help, inform or impress but to get the person on the other end of the line to just give a shit about helping you. Sometimes being stupid is better for you than having the clueless parts changer and "rebooter and chief" you talk to or they send out be offended when you go talking over their head or attempt to do their job for them. Sometimes if the tech they send out is not a total zombie they will see equipment racks and *ask* intelligent questions at which time it is safe to blab.
I intentionally lie about what I know, avoid argument and work hard to contain laughter especially during onsite visits. I will follow all even stupid instructions unless what I'm being told to do is outright destructive or wastes too much time.
Have also experienced the flip side of this first hand. Sometimes people who think they know something turn out in reality to know a lot less. I'm an Oracle without cookies in a couple niche domains where all who challenge me lose yet the same people keep coming back for more with the same hubris filled retorts undaunted and unaffected by previous lapses of understanding and judgment. What is particularly amusing and annoying are the guys who restate the original question thinking I must not have understood what they were asking in the first place. At all costs don't be this person.
What I find difficult to believe:
1. Russia or China would make it known they cracked anything.
2. Western intelligence would make it known they know what Russia and China were able to do.
3. Articles which read like propaganda, provide no details and cite no specific sources.
Oh simple.
I'm not qualified to judge complexity. Estimates for EMP mitigation across the grid costs on order of $1B as judged by 2008 EMP commission report.
You really have no idea how complex the software is that runs on some embedded devices? A simple hard drive has an OS in and of itself just to maintain your high speed caches. Firmware is generally not the problem though, and it isn't here either. Reprogramming the firmware to do anything useful (streaming data out of a network port it doesn't have) is nigh impossible.
It seems there may be confusion on my point. The point is not to ban firmware. The point is you no longer persist firmware *changes* in field reprogrammable roms. Instead any updates are loaded into volatile memory at boot just like an Intel CPU Microcode update.
Reprogramming the firmware to do anything useful (streaming data out of a network port it doesn't have) is nigh impossible.
The execution environment of the system is based on data obtained from those very same disk drives. It defies belief an adversary with state level money and time on their hands couldn't inject whatever they wanted into the running operating environment.
It was painful to watch Microsoft intermission at the Oculus event today.
Hey so ah we're bundling an ordinary xbox controller with the rift... okay whatever I don't care except for having to pay for it with cost of the rift and your main competition offering a much better input tracking solution with their product.
Rest of the MS demo was someone wearing a VR headset and playing xbox in "VR" by creating a virtual room with a virtual 2D display and playing the game on that 2D display within the virtual world.. one of the sorriest tech demos I've ever seen in my life. I kept waiting for a punch line that never came.
About 80% of the known OpenSSL bugs that have been fixed, were inadvertently fixed in LibreSSL during the refactoring. Many of OpenSSL's bugs are entirely do to horrible coding practices. Of the remaining 20%, a sizable portion were actually found by LibreSSL during the clean up.
You should immediately contact OpenSSL and have them correct attributions in the change log to reflect this reality.
I don't get the hate on that one. They're offering it as a free upgrade for one year going as far back as Win 7. If they didn't have the notification on those systems, the year would go by and then everyone would whine about not knowing about the free upgrade.
It isn't a notification it is a nag screen. Nags are intentionally engineered to be unnecessarily difficult to remove. Notifications are designed to be easily dismissed once the user has had a chance to see it.
Given local storage extensions supported by most browsers these days advertisers don't need to install anything to pull this off. They have all the tools to do it right now.
I encourage all of our competitors to do the same.
I know it is difficult for some to understand they exist at the pleasure of their customers. Have no F*#$**$# business dictating to customers how we are to be contacted. The majority use email yet some prefer phone and voice messaging.
Regardless even VMs end up as emails in everyone's email inboxes. Unless your PBX was invented in a land before time there is little to be whining about.
If a component ever needs new firmware it should be provided by the operating system when subsystem is initialized never to be stored anywhere except the systems main persistent store.
This is a no-brainer win-win for everyone. Manufacturers reduce risk associated with firmware updates and reduce costs from smaller bill of materials.
Users win by retaining the ability to recover from ownage by wiping persistent storage.
Also please enough of the computers within computers crap. I'm looking at you Intel. Vendors never bother properly maintaining and most of these systems are defective by design.
SRP has a number of problems, the most
The biggest issues I am aware of is the mostly worthless notion of protecting stored passwords by irreversibly hashing passwords changes.
While stolen SRP verifiers (equivalent of a password hash) can't be used to login to a legitimate system they can like password hashes be used to conduct brute force attacks and they can also be used to trick individuals into thinking they are connecting to a legitimate service. This is equivalent to theft of private key or subversion of CA infrastructure.
The other problem is when PKI is not used with SRP the authenticating identity is transmitted in the clear which may give away information (e.g. a username or alias) to an eavesdropper users may not want disclosed in the clear.
notable being that there's no way to securely *distribute* (or create) the password without falling back to some other TLS suite, or doing it out of band. This really limits the usefulness of SRP in a browser.
Saying that bootstrapping trust is SRPs problem is like saying distributing trusted certificates is PKIs problem.
At some point you need to do work to create trust relationships.. This is fundamentally unavoidable reality the same way people in the real world come to trust or not other individuals based on their experiences.
I do NOT believe SRP is a replacement for PKI. They each have their roles and I believe they can and should be used concurrently. PKI is obviously much better suited for initial service discovery on the Internet. Yet the reality is most sites worth protecting with TLS require a login of some kind. Everyone has a login for their email accounts, their banks and their facebooks... What I find unacceptably dangerous is the world continuing to ignore individual trust relationships to secure sessions... because the alternative is asking hundreds of redundant global trust anchors to be responsible for the security of the worlds systems...a laughably insane delusion.
Additionally, I'm not sure how browser support for SRP is supposed to make phishing stop working. If the user still needs to enter their password somewhere, then the phishing attack just has to look like wherever they usually enter their password.
It becomes tractable to educate users to enter their passwords only into a specific browser menu rather than random attacker forms which appear to be indistinguishable from legitimate counterparts which are constantly subject to change, redesign and often contain baseless security assertions (such as fake padlock imagery and baselessly reassuring text)
On the other hand, there are definitely places that I'd like to see SRP deployed. A key one, which I consider a lot more important than in browsers, would be as a replacement for NTLM hashes
NTLMV2 and Kerberos Authentication both need to be replaced with a modern secure authentication system however a lot more people login to websites using pre-established usernames and passwords than they do a network file share. Many of them have no training and believe whatever they see on their screens because even legitimate sites spew lies to cover for fundamentally indefensible reality where insecure authentication is tolerated.
Oh good. only the single most complicated and expensive things then. Look it's not "hard". It's more like "fucking impossible". It's hard to shield against something when you need to provide some kind of external connectivity which can act as a conduit, you're effectively talking about tuned faraday cages around powerlines. It's not only impractical, it's almost impossible to do completely from a technical perspective.
This has been studied and it is far from impractical. You just need better protection circuits.