You are ignoring the essential role of HMI in SCADA systems. A SCADA can acquire data and coordinate components without a UI, but operators cannot monitor a plant or take corrective action without an HMI.

The HMI is graphical and allows the operator to override normal operation in order to respond to abnormal situations. It needs all the input and output devices a normal workstation requires.

You are also ignoring the issue of data storage by SCADA systems, and the generation of reports on that data which are used by various business departments in real-time. A Manufacturing Execution System may provide real-time reports for sales staff so that they can give customers accurate estimates of completion/delivery dates. Orders are added to a queue and will be automatically executed by the SCADA. Stores will receive low-stock notices for just-in-time ordering. Line stops exceeding 2 hours will result in automatic escalation to the COO.

This level of automation brings huge business benefits. The business is more responsive to customer needs, and there are fewer manual steps involved in completing an order (leading to fewer mistakes, less waste, fewer unsatisfied customers). The downside is that the business network is directly connected to the MES and the SCADA in a manner that allows at least some commands to be issued (as opposed to having read-only access to a database). An air-wall is not possible.

So now you have PCs on the business network able to interact with a MES which is necessarily able to access the network with the SCADA and HMI. And there's a 100% chance that the business PCs have e-mail access, which means that somewhere there is a physical cable to the outside world.

They could have developed their own operating system

Yeah, because they have extensive expertise in OS development and oodles of cash to throw at the problem, and as we well know the available commercial and free embedded OSes never have bugs.

The problem is that the environment is not conducive to upgrades/patches and is hard to isolate logically. The economic reality is that for any given SCADA environment the risk* inherent in regular upgrades is larger than the risk of a malicious attack (for now).

* = (likelihood of event) x (cost of event), where cost includes recovery plus the direct and opportunity costs of downtime.

Search in the page you linked to for "must", "should" and "recommend", and see just how many scientists are trying to tell people what to do.

Explaining the trends in temperature change and sea level over time is non-political.

Predicting future changes in temperature change and sea level, and predicting the impact on the environment, human settlement and human civilisation is non-political.

Saying "so we must do X to stop this" is political. It presumes that a response is required, it presumes the nature of the response, and it presumes that the response is appropriate in all contexts.

Scientists need to stop making such statements if they expect to be treated as politically neutral seekers of facts. Leave the "we should do X" to the economists and the politicians, then bring science in against to predict the likely effects of the proposals without interpreting the predicted effects ("sea level rise will displace 100,000 people" is science, "which is bad" is philosophy or politics).

Actually it's:

Grasping record companies: Give me stuff.

I would support a "for the lifetime of the author/performer" approach, with the proviso "or 50 years where the copyright holder is not a natural person". But this is a stupid musician probably getting a kick-back on a misguided campaign to put more money in the hands of non-creative companies that are killing the production of art in an attempt to prop up their understanding of an industry.

There is an existing key schedule attack against AES-256 (attack complexity 2^119) and AES-192 (complexity 2^176). The existing attack is a related-key attack, and some modes of operation (e.g. XTS as used by TrueCrypt) are not vulnerable to it.

The big deal about this paper is that it (a) operates in a single-key model, rather than requiring a related-key; and (b) is the first attack against full round AES-128.

The reason that AES remains a better choice than serpent or twofish is precisely because this sort of cryptanalysis is going on - we gain more knowledge about the weak points of AES and higher confidence in exactly what security strength it offers. Ciphers with less rigorous study may just be offering the appearance of security because we know less about their weaknesses.

The problem is not document compatibility. The problem is operator compatibility. Users are most likely to have had prior contact with Word; if training is required then it is easiest to get training in Word; and Word has a lower learning curve than OO/LO for basic tasks.

This is excellent advice.

In many parts of Africa you will meet with resistance from both the authorities and local population unless you are introduced by and working in conjunction with an NGO. African governments and NGOs have a variety of plans to address local issues, and many African communities maintain social structures that can complicate offers of aid/assistance unless approached in the appropriate manner. Wandering in naively can be seen as meddlesome rather than helpful.

NGOs tend to be short on all resources, so most have no skills or money for infrastructure support. As the parent says, old virus-ridden PCs are common. Windows & Word are used because the staff know them, they know people who can support MS products in a pinch (Linux skills are substantially less common), and because the norm in business and government is to send and expect Word documents (this may be changing slowly).

For such NGOs, it's worth noting that Microsoft has a program for supporting certain non-profit organisations (including free software, hardware donations, and training) - see http://www.microsoft.com/about/corporatecitizenship/en-us/community-tools/non-profits/ .

If you're going to contribute your time & effort, try to contribute in a way that plays to your most valuable skills - that maximises your contribution. Building a house may make you feel good, but it's just depriving some unfortunate member of the local community of a job.

For a start, since the password is not necessarily 128/192/256 bits, you need KEY = SHA256(Password), T[1] = AESENC(Salt with KEY). Second, this raises the complexity of a brute-force attack by a factor of 3. That's all. Given a guess at the password, you are computing SHA256 + AES + SHA256, and an AES encryption is similar in speed to a SHA256 hash. The fact that the salt is encrypted is completely irrelevant. If, instead, you keep the salt in the clear and iterate the hash 1000 times, the complexity of a brute-force attack is raised by a factor of 1000.

Yes, and it causes your users to write their passwords on Post-It notes that they stick to their screens.

And you're willing to replace each password you have with one such device, and then carry said devices around with you? I would have to significantly up my time at the gym to manage that. Having one device that authenticates you to multiple sites is cryptographically difficult to set up and to secure, is still subject to phishing and man-in-the-middle attacks, and is pointless because two-factor authentication is already broken (e.g. by man-in-the-browser).

Ah yes, cryptographic hand waving - what those damned cryptographers just insist on doing do when they're right.

"It is apparent from the design of the Pro Arctic Laser that it was intended to resemble the hilts of our lightsaber swords, which are protected by copyright ..."

17 USC.101: “Pictorial, graphic, and sculptural works” include two-dimensional and three-dimensional works of fine, graphic, and applied art, photographs, prints and art reproductions, maps, globes, charts, diagrams, models, and technical drawings, including architectural plans. Such works shall include works of artistic craftsmanship insofar as their form but not their mechanical or utilitarian aspects are concerned; the design of a useful article, as defined in this section, shall be considered a pictorial, graphic, or sculptural work only if, and only to the extent that, such design incorporates pictorial, graphic, or sculptural features that can be identified separately from, and are capable of existing independently of, the utilitarian aspects of the article."

I'm guessing they are making a tenuous assertion of sculptural copyright (probably a model), on the basis that the laser could be seen to include design elements reminiscent of a lightsaber that may not be strictly dictated by the functional requirements or utility of the laser.

Sounds like a return to the days when "invest" and "charity" meant the same thing. At least commissioned art gives you something of value, i.e. an actual investment.

For your "investment" you will get limited non-commercial rights to a single frame of the movie. One "investor" will get a 1% share of the "profit". "Profit" is defined as income less all expenses including the $135k charity (whoops, I mean "investment") they received in the first place. Needless to say, "income" is undefined.

So their business model is "give us money and we will create a free movie, and then make some money for ourselves off everything other than the distribution of the movie." This is precisely the wrong model for sustainable business.

In other news, consumption of sugar and/or protein has been conclusively shown to increase the likelihood of hyperactive and/or aggressive behaviour. Researchers are also concerned about the effects of Dihydrogen Monoxide, claiming that 100% of death-row inmates have confessed to using this substances in the 24 hours prior to committing their crimes. Worldwide use of dihydrogen monoxide has increased steadily throughout the 1900's.

Security is not the only concern in a payment system, nor is it the most important. Reliability and availability are usually more important. Cost (including logistics) is weighed against risk (which may be reduced through enhanced security) to determine an appropriate equilibrium for all these requirements.