Virtually all oil and gas rigs in the North Sea are connected (through firewalls of course) to the corporate office network.

Most of them are now moving to "Integrated Operations" which is a buzzword they came up with for "remote control room and maintenance" where the network is extended to vendor locations so that we do not have to send people out to the rig to look at stuff. We just call the rig and ask them to open the 'gate' so to speak and we get full raw network access to the secure network from a dedicated switch at our offices.
This is of course all tunneled across the internet... *sigh*

It is going to go horribly wrong at some point, I just hope I am on-shore when it happens.....

A safety valve -should- go into a safe position when power is lost. Virtually all such valves will be hydraulic anyway (at least in the oil/gas business where I work anyway) and can be operated manually with stored pressure.
The issue in the case of the steel plant is knowing what a 'safe' state is for the valves. That requires a proper consequence analysis with a resulting "cause and effect" matrix for executing safe shutdown. It is tedious as fuck, and expensive as all hell, but mostly worth it. Alas people tend to overestimate the rarity of such events and go or the "save us a bit of money now" solution :(

With sufficiently 'annoying' security practices, people stop following them.

We were issued password-protect usd sticks for secure use at work, and a month later we got ones without passwords. Why?
People found the encrypted and protected sticks "too cumbersome" and just went out and bought a cheap 16 gig stick for themselves....

I bet the procedures will not be properly followed until one of the oil rigs get taken down. It pains me to know the issues and have zero ways to affect it....

Except things that we regularly bring to oil rigs and plug into the 'secure' side of the network: .xlsx and .docx files containing installation instructions and checklists .pdf files with 'red markups' of changed logic .exe files fetched from manufacturer websites with firmware upgrades
A ton of files in proprietary file formats we have no actual way to check the contents of other than trusting the software which created the files.

We essentially have to trust that McAfee and MS endpoint protection will keep stuff out... (office net scans with endpoint, secure side with mcafee)

It is far far faaaar from perfect, and the staff there make it less so by putting usb sticks on their KVM boxes so every time they hop from office->secure and back they re-mount the drives automatically... it is cringeworthy for sure, but nobody sees the issue, or they plain dont care.

We have a document control system at work, it has grown to such a degree that adding a document is a 3 day process involving a document controller and various other tasks. If the document does not fit a corporate template it may get rejected.

At that point people tend to go "fuck it" and just send around work copies until it is finalized and THEN go through the hassle.

It is unfortunate, but I've seen it happen in two different companies so far... both multinational, both ignoring their own procedures for sensitive data.

Criminal case, not civil cases from what I can gather.

And the next step is kernel module for anti-cheat.. *sigh*

That is what League of Legends does. The fact that servers send the client more information than it strictly needs is just silly.
Though generating 3d sound from players client-side would require positional data.. so it is a bit tricky

VAC catches the people bad at it. Without it we would have a huge number of free hacks floating around. The ones being used now cost money, which limits the user-base somewhat at least.

Valve has done a huge job in getting rid of those sorts of hacks. But this is and has always been a big arms race.

VAC did defeat most of this crud for quite a while, but there will always be people willing to create new hacks as long as there is money or 'lulz' involved.

Best we can really do is be vigilant and weed out those who ruin the game for the rest. Be it with hacks or just general asshatesque behavior.

Wall-hacking and tracking stuff mostly. Since your client knows the location of all the players for the purpose of generating 3d sound etc you can extract that info. These hacks were distributed through steam workshop due to a flaw in that system, and were thought to be hidden from VAC.. until the bans hit ;)

"Load balancing" the work like that works nicely.. until you run at 90% load all the time, and you suddenly lose 15% of your capacity.

If I buy something and have my library set to sync I am fine with the download.

If they decided to give me something like this, let me opt-in to the download.
Data is not free.

You would love the control system software we use at work... (world leading platform for the industry).

No revision control. You have 'current' revision. That is it.

Integrated code editor that has no syntax highlighting.

Patches to the system will break components that are not considered 'core'. Which forces updates of ALL components in the system. This has lead to bugs persisting at sites for years with no patch because nobody wants to fix bugs when it costs tens of millions of dollars to do so.

No automatic testing. Of anything. When we update a component everything has to be tested manually. Someone will sit for 2 weeks and check every state of GUI symbols for the whole HMI. Oh joy...

If you change ANYTHING in code, you can no longer connect to controllers to view live data. You need to do a download to the control with the code changes before live data can be observed. This means that as soon as you make changes, you lose the ability to view the old code running. There is no way to have both a 'online capable' version of the code and a changed codebase in the same control system. We operate two separate virtual environments and switch VLANs or just move a cat6 when testing...

This is for oil rig control systems. There is no automated testing of any kind, even for critical emergency shutdown systems. Every test is done manually.
The ESD systems are usually a complex matrix of casues and effects with hundreds of inputs, hundreds of outputs... This is all tested manually as the software does not support any reasonable simulation of the controller input/output systems.

Enjoy that little gem.

How do you prove that you cannot remember something?

How do you prove that they destroyed it?

The issue here is that you have to prove your innocence, and there is no viable way to do so.