Sadly, much of it comes from coal, but e.g. in Norway a huge amount comes from hydroelectric plants. That is why oil refining and metalworking is a large industry in Norway.

Yes, Norway's quite good in that respect - as is the US Pacific North-West, as I recall: the abundant hydro-electric power gave Microsoft and Amazon a cheap, clean electricity supply for their early "cloud" offerings. Eroded now by global expansion, I think: once they built huge hosting sites elsewhere, they used whatever power was present in that area, usually something much less clean. Of course, Norwegian oil refining activity will also be boosted significantly by the small detail of having a major oil supply, unlike other European countries...

I've seen a few hosting outfits offering "carbon neutral" services, which I think you can do quite affordably by locating somewhere with suitable clean power. A bit of a niche market compared to more mainstream hosting services, but there's obviously some demand there.

In a sense, CA is getting what it voted for: stamping out "dirty" industry. Other countries are getting what their governments want/permit: economic growth, regardless of CO2 etc. I suspect both will regret it to some extent and change course: China has a major smog problem and is trying to clean up, CA has a major economic problem and power shortfall and will have to give that a higher priority soon, if it isn't already.

They need to pick a name which is similar, to be identifiable, but less tarnished by past bad experiences. I propose Infernal Excrement: still "IE", but much less off-putting than the name they have soiled so badly with IE6 and other fiascoes.

To be fair ... it does suck much less now. I suppose it's rather like working for a surviving offshoot of Enron or Lehman Bros... Who, thinking about it, have probably done less economic damage globally than IE has.

Othervise, it would have been nice to allow only certain binaries or software developers/publishers to run. It would also be nice to sign the binaries and not allow changes.

That would be less help than you might expect (although OS X does do exactly this by default now). Remember all those Word macro viruses of a few years ago? Totally unaffected: it's a genuine copy of MS Word that's running, it's just doing something it really, really shouldn't be. Likewise any browser exploit. Trojans have always relied on the user to execute - and in general, they will execute them, whatever dire warnings you may put in place, unless you can give them a totally locked down system (which, even in a strict corporate setting, is often politically impossible). In a University setting, I've had very senior academics call me up with "I can't open this CampusLife.pdf.exe file someone sent me ... and it won't open on my secretary's PC either." Of course it was malware - but any computer restrictions to prevent that would probably have resulted in unemployment rather than a more secure PC. Telling people at the top of the food chain "you aren't allowed to do that" just won't work. (Fortunately, opening that particular worm did nothing anyway - it either relied on Outlook, or having outbound port 25 open, neither of which applied at that time.)

Ultimately, for anything more than the most limited functionality, you will have security holes - just like you will get hard drives and power supplies failing, keyboards and mice getting choked up with gunk. Reduce the risks where it makes sense (RAID and redundant PSUs for servers, good patch management, sensible firewall settings) and then deal with things that go wrong effectively when it does happen (spares, backups, etc).

Like real life, take sensible security precautions - but going too far can do as much harm as having poor security. Do you drive everywhere in an armored vehicle with armed escorts? Unless you're POTUS or equivalent, that would just be silly - I seem to recall there have been cases of people dying after getting trapped in "panic rooms" after false alarms, because medical help couldn't get to them in time! So, don't be the computer equivalent: blocking attachments entirely is secure, but is it useful?

The controller feels that this is more or less an acceptable trade-off over time -- my labor cost to rebuild the PCs vs. the ongoing cost of AV.

They are probably right there - of those 3 rebuilds, how many do you think would have been prevented by paying more for any given AV product? Thinking back, I can remember several PCs needing recovery work because of the AV system in use (good old McAfee pulled down an update which declared a piece of Windows XP itself to be malware and need deletion - leaving a machine you couldn't log in to until that file was reinstalled), and probably two nasty infections for me to clean, which got in despite McAfee being present with fairly paranoid settings.

Technical people should have the professionalism to analyse requirements and check that the requirements fit the purpose. Unfortunately the way of the world is that technical people would be quickly shuffled out of the way by sales and marketing if they started to reduce revenue by telling a customer what they really wanted instead of what the spec says.

All too true, sadly. Tendering processes seem to exacerbate this: when a government control freak puts out a document announcing that the government is really determined to buy a chocolate teapot, whatever the price, the bidder saying "here's a stainless steel teapot which will do the job for $5" gets dumped, while the one saying "we'll stick bars of premium Swiss chocolate together with chewing gum for $1m" gets handed the million - then another million to patch the chocolate teapot with cement to make it hold hot liquids. Then it turns out they were actually needing a milkshake dispenser in the first place but didn't understand anything about beverages, so they have to start again from scratch, $2m down.

One large government contract I was involved in stipulated in minute detail exactly what error message had to appear when the service was offline. There was no SLA, however, not even an incentive in the contract to improve it! (This was the result of the previous project for that department having been a high-profile failure, with servers overwhelmed by the load. The bureaucrats responded to that with "next time, let's make sure it can show an error when busy!" rather than requiring scalability or load tests.) On the bright side, the winning bidder had the integrity to make sure it didn't fall apart anyway.

I can see it now--we'll have trans-Pacific transmission lines from India and China!

No, just more imported products of energy-intensive industrial processes, like steel and aluminum. It's already happening to an alarming extent in Europe for exactly that reason, with large metal-working plants (which can consume hundreds of megawatts each) getting moved overseas. Just because you can't import the electricity itself doesn't mean the resulting products have to be made in the US!

I'm not all that fond of phone based two-factor authentication any way. Especially, because phones break, get lost or get stolen at the least opportune moments.