kravietz 🦇 @kravietz@social.privacytools.io

@kirschwipfel

The contamination from Asse is minimal and at depths like -900 m that are never reaching any surface waters. Asse stores low- and medium-activity waste. For example, the largest leak found was 240 kBq/l which is roughly natural (!) radioactivity of a group of 60 people (from K-40 isotope).

One of the main causes for Asse problems was anti-nuclear lobbying, which hindered any attempts to properly develop and secure the storage and eventually led to its closure.

@kirschwipfel

We need clean energy without CO2 *today*, because if not we will likely face extinction my mid-century.

There's a lot of stupid lobbying out there (e.g. in Poland for coal mining) but the root cause why solar/wind are not working *today* are science and engineering.

@kirschwipfel The latter is also reason why solar/wind are so expensive in terms of natural resources needed for construction. You need ~120 wind turbines with 100 m wings to replace one 400 MW power plant running nuclear, gas or coal. You need *a lot* of steel, concrete and rare earth metals for construction.

Current global rare earth metals production is 180 kt per year. To go 80% renewable we would need 5400 kt per year. Where do we take it from?

@kirschwipfel Back to the solar/wind: they are absolutely fantastic but they have two disadvantages.

First, they are intermittent - they don't always produce energy when we need it, and sometimes they produce too much when we don't. They need storage or intelligent grid.

Second, solar/wind have small energy density - you need to occupy 70 km2 for a 400 MW wind farm and it will only work at 40% on average, so you need 2x that really.

@kirschwipfel

> solar and wind are not options

No, I'm not saying that. I'm saying: 100% solar/wind are not an option.

> radioactive contamination

The photo shows nuclear waste storage in Switzerland. There's a man walking around in the middle. And there are ~200 nuclear reactors running in the world for the last half century without any contamination.

> killing mankind by CO2

If we don't limit CO2 emissions within a few decades yes, this will be true disaster.

Ticket title: Jenkins upgrade - CRITICAL vulnerabilities
Ticket type: Improvement

¯\_(ツ)_/¯

#DevOps #DevSecOps

EFF: BREAKING: We’ve confirmed that the Ring doorbell app on Android covertly shares personally identifiable information on its users with third-party companies, including Facebook. https://www.eff.org/deeplinks/2020/01/ring-doorbell-app-packed-third-party-trackers #amazon #privacy

@BloomingGardeng@quey.org The word "burning" is just engineering jargon. It's definitely not being "burnt" in literal sense but rather reused - see here for details https://en.wikipedia.org/wiki/Breeder_reactor and here https://www.youtube.com/watch?v=4TEyQBN0SGA

Russian BN-800 fast breeder reactor has just started commercial operations on reprocessed uranium-plutonium MOX fuel, meaning that it's now possible to "burn" nuclear waste

https://vz.ru/news/2020/1/28/1020621.html

Kubernetes Failure Stories

https://k8s.af/

#docker #kubernetes

@Limax That's unfortunately the case - because neither business nor public sector is held liable for loss of customer data (only the customers are), it's not part of their business equation.

@Limax Well, that's the essence of risk management. For the purpose of DevOps we don't need fully quantified RM, it's sufficient to know "vulnerable software increases likelihood of breach".

There's an eternal conflict between DevOps and DevSecOps - for the former "OLD IS GOOD" (tested & stable), for the latter "OLD IS EVIL" (vulnerable). Unfortunately, business shares the first point of view, while the Internet prefers the latter.

DevSecOps case study 2:

Most 3rd party vendors no longer publish packages for unsupported distros.

So if your client is on Ubuntu Trusty 14.04 that has been out-of-support for the last year, and even if they pay extended support (ESM), you are either stuck to Nginx 1.4.6 from ESM that should in theore get patches from ESM, or to Nginx 1.14 from Nginx but no longer receiving any patches for a year or so.

DevSecOps case study 1:

if your client has 5 years ago chosen a convenient repack of Nginx like OpenResty or OpenWAF as their main web server, you may not be pleased to learn that both of them were discontinued (OpenWAF in 2017) or barely updated (OpenResty half year ago).

Strategically it would be perhaps better to use a native Nginx package from Nginx upstream and internally compile NAXSI into a DEB - at least you'd be running an up-to-date Nginx.

Now I had to upgrade from 1.7 (!).

An Avast antivirus subsidiary sells 'Every search. Every click. Every buy. On every site.' Its clients have included Home Depot, Google, Microsoft, Pepsi, and McKinsey. https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation

@kirschwipfel

Just to give you some background: 20 years ago I was also very closely associated with Greens in Poland (who were influenced by German Greens). I shared all the arguments against nuclear, I personally experienced Chernobyl in 1986 etc.

However, with my background in chemistry some of their arguments sounded... a bit silly. So I started to double check in scientific sources. And gradually I became very much disillusioned in Greenpeace and the likes. They are scammers.

@kirschwipfel So you are not an exper, don't know anything about costs of decomission but you already know nuclear is *not* an option. Sorry, but this is very much a religious approach.