The buck stops with the CEO! If the CEO knew about vulnerability that needed patching, he should have been expecting a report regarding the application of the patch. If he didn't get that he should have come down on the admin or system owner for not installing it. Unless of course that wasn't in the security policy in which case it still falls on the back of the CEO. DUE CARE and DUE DILIGENCE! Non existent.

No such thing as absolute security or zero risk. The best strategy is to assume that nothing on the internet is safe and proceed accordingly. No one security strategy will work. Everyone using the internet should apply some kind of layered security depending on the value of what they want to protect. Then there are the bots that may not necessarily attack your machine but act as infection vectors and instruments of DDoS. Mitigating these things pretty much depends on how well the user is educated. But most users can't be bothered event to change the default credential of their devices or use password vaults for lengthy random passwords. So does this mean they should be protected from on high? That probably wouldn't do any good if the user isn't educated and concerned. Accessing the internet is convenient and security tends to interfere with that.

Cops make ID errors all the time. Facial recognition is not perfect and depends on lots of things. So what happens when the camera reports a false positive? Will that include a liklihood estimate? Will the procedures be standardized?

If power for the entire country were concentrated in one place, then it seems to me that this is an attack waiting to happen. Where is the redundancy needed for a secure operation? While the power grid in the US is vulnerable, it does have some degree of redundancy.

Thank you for your very informative comments. Bugs are one thing. Security flaws are quite another.

I guess it would depend on how the policies are written. There may be upfront costs with regard to additional time writing requirements and appropriate tests following the security policies. incorporating proper secure coding techniques up front is more efficient than going back and tracing down the problem. I had a system some years ago with about 30,000 lines of code in C, that because the company was small, just 5 of us, no code reviews were done. Just before the acceptance test, the system started crashing. We got through the acceptance test, but it took me several days to find the bug. it was mainly do to a very tight schedule and a huge oversight on my part. But there was no security policy, no hard and fast requirements and of course no testing of the system other than whether it worked or not. Since I was the sole programmer for the system and the other software guy was deep into another project, I was on my own with it. I wrote about "acceptable risk" which is what the policy has to address. This is weighed against the value of what might be lost if the code is hacked. Its called return on security investment or ROSI. Its an avoided cost. Things can never be made 100% risk free, but the gods on high in company have to decide what is an appropriate investment in reducing risk. Its a balance between security and convenience. But working it up front is less costly than going back and fixing the code.

How about training developers on security policy, training mgmt on the need for secure code and the balance between acceptible risk and convenience, proper requirement and tests.

Charge controllers are supposed to adjust the output of the PV array to the load. In my home system, when the grid goes down the output of the arrays reduced from grid + house Load + battery charging to house load + battery.

Production is still a dirty process. Methane leaks into air and ground for one thing. Drillinguses millions of gallons if water. Chemicals used in ectraction get dumped into underground wells with probable additional contamination.

He will be (gasp) commander in chief. The buck stops with him! Who is in charge? Methinks his children are the brains of the operation and he is just tagging along with his mouth and twitter account. scary shit.

Like I said, the only higher power that I am referring to is the physical laws of the universe, which of course, like a higher power, we don't fully or otherwise understand. I don't pray to those laws however, I hardly think of them, unless gravity gives me a reminder or I read something about physics.

I don't attribute a spiritual experience to a divine or higher being. I really don't know how to explain what I experienced. I never had a sense of another outside of myself. I don't think or ascribe it to a religious experience. My experience with religion has been less than satisfactory over the years. This is the kind of thing that is beyond normal waking experiences. Yet I was awake during the chanting, maintaining a kneeling position with my back straight--difficult to do if one is sleeping. So the observer that I described is not something outside of me, its another part of me. I can't say that I believe in a god, at least a god that religious attribute their devotion. Rather, it seems to me that what might be called god is the laws of the universe. As far as I'm concerned, meditation is simply being quiet and listening. Some christian brothers from Canada a few years ago produced a 3 volume set of christian meditation audio tapes. In it they described prayer as not talking to god but listening. To me that listening is to ones internal voices. Experience has shown me that after a time, the noisy voices quiet and the "real" internal voice is heard. Yeah this is all very non-scientific, which is something I find interesting since my training is in engineering and science. Anyway, thanks for your questions. But for me to describe this is like trying to describe the color red to a blind man.

First of all, I'd like to distinguish between what is called a religious experience and what might be called a spiritual experience. Lets not flame this please. Many years ago, I went to a meditation camp let by Pir Vilyat Khan, the sufi leader in the US. This was held in an open air tent with a couple of hundred people. At one time, we chanted the Zhikr. The actual transation of the words were unimportant (I don't speak arabic), but the sounds resonate. I found myself having an experience as somekind of self observer--kind of looking down on myself from outside, watching my thoughts but not being connected to any of them. Kind of like a description of the Buddhist observer description. At one point however, a thought came up, "who is watching the watcher". This caused be to experience being back in my body. I had a similar experience doing a chant from the Kabbalah and is similar to the descriptions in "The Cloud of Unknowing" by a christian monk. When my son was 10 years old, his mother had him on ADD drugs. When he came to visit me, I had him do a short meditation. He told me that it felt similar to taking the medication (which he was not doing when he visited me).

In 1996-7 timeframe, the telecom act mandated retail access for cable boxes. This led to the open cable project at CableLabs which developed a portable middleware (OpenCable Application Platform, OCAP) and a removable security device (POD). The development of the middleware took nearly 10 years for development and acceptance starting in 1999. It is now legacy!

I have a 10 KW, grid tied battery backed up system in an all electric house. Everything except my deep well pump, washer/dryer, hot water, range and geothermal compressor are connected on the critical loads panel. Generally over the last 5 years or so, the system produces more power than used with the rest going to charging the batteries and powering the grid. However, there has only been a few times over the last several years that system has produced more than consumed from the grid. I estimate that I would need 30-50 kw to power everything. However, the geothermal compressor draws perhaps 5 kw for 4-5 minutes at a time and cycles several times an hour. Since the geothermal system works mostly at night or if we went off grid, the storage capacity of the battery backup would have to be increased substantially from the 16 KWH that we have now since the compressor would deplete the batteries in a few hours. None the less our electric bill is down at least 80% from pre-PV days.