Waryle

You needlessly want to punish tens of thousands of people for the acts of a few hundred. It’s cruel, pointless and very damaging, and your tirades from a high-school essay only support the shallowness and immaturity of your thinking. I won’t waste any more time on you.

You want to use the “throw everybody out and see what happens”, and you claim how much better things would be under your governance.

You’re talking like a Elon Musk wanna-be, even using shitty metaphors that mask all the complexity of the problems, and the cruelty that these kinds of decisions imply.

You want to throw 20k employees out without any consideration for the economic and personal consequences, not to mention all the other companies around who will see their business sometimes heavily impacted.

All this to make a stupid metaphor. You’re 14 at best.

How old are you?

The workers, the gamers, and the industry are glad you’re not in charge of anything, punishing them for things they have no control over, and wasting good talents and infrastructure.

No, make it a entirely employee-owned company, so they can vote the execs out, sanitize the culture, and keep the thousands of worker out of unemployment

You can look up for:

• Setting up max authentication attemps per connection -> slows up a lot brute force attacks. If your password is strong enough, that’s already a big step to secure your server.
• Generate SSH Keys and disable password authentication -> do this only if you’re connecting through the same devices, because you won’t be able to connect from any device that has not being set up. Personally I don’t use this because I want to be able to access my server even if I’m not home and without my laptop
• Set up Crowdsec -> it’s a local service which scans logs and will block access to any suspicious IPs. It also relies on a crowdsourced list of IPs that are identified as threat and will preventively block them

Oh you insufferable rawgabbit. Even in the face of definitive proof, the only thing you care about is throwing a 4 paragraphs tantrum trying to twist every single word just to not say “OK, maybe I was wrong on that thing”. I’m out.

https://www.legifrance.gouv.fr/juri/id/JURITEXT000030635061/

Case law from the Cour de Cassation, where the defendant was convicted, by Articles 323-1 and 323-5, of having extracted data freely following a proven failure of the protection system.

The complainant just had to show that the data SHOULD have been inaccessible, by expressing this “with a special warning” :

"3°) alors qu’en l’absence de dispositif de protection des données, la maître du système doit manifester clairement et expressément manifester, par une mise en garde spéciale, sa volonté d’interdire ou de restreindre l’accès aux données ; qu’en déduisant de la seule présence d’un contrôle d’accès sur la page d’accueil du site de l’ANSES que M. X… s’était irrégulièrement maintenu dans le système contre le gré de son propriétaire, la cour d’appel a violé l’article 323-1 du code pénal ;

Translated :

“3°) whereas in the absence of a data protection system, the master of the system must clearly and expressly manifest, by means of a special warning, his intention to prohibit or restrict access to the data; that in deducing from the mere presence of an access control on the home page of the ANSES site that Mr. X… had irregularly maintained himself in the system against the owner’s will, the Court of Appeal violated article 323-1 of the French Penal Code ;

In my case, the first thing you see when you arrive at my Jellyfin instance is a login form blocking your entry, and you have to go through a backdoor to access my data, so there’s no ambiguity on this point.

You’re wrong, period. Stop trying to debate laws interpretation of a country you don’t even speak the language of.

I live in France, and these are the relevant laws :

• Article 323-1 : you access my server without my authorization -> 3 years of prison, 100k€ fine
• Article 323-3 : you touch my data in any way -> 5 years of prison, 150k fine

Using a flaw in a software to retrieve data you should not have access to is illegal where I live, the same way as you’re not suddenly allowed to enter my house and fetch my drawers just because I left a window open. I won’t debate this point further.

Keeping that copy on a web accessible platform that is accessible by anyone on the internet(unauthenticated) isn’t covered by your rights at a bare minimum.

It’s as accessible as my DVD collection in my living room: anyone can get into my home without a key by illegally breaking a window.

Using a flaw in my Jellyfin to access my content is illegal and can’t be used against me to sue me, period. The idea of rights holders who would hack me to sue me is just plain ridiculous.

Depending on the content “timing” if they trigger on something that doesn’t have a physical/consumer release yet… or all sorts of other “impossible” conditions. This is obviously reliant on what content you actually have on your server.

And again, the only proof they would have could not be used in courts.

For real, you’re just fear-mongering at this point.

I was sincerely hoping someone would bring some real concerns, like how one of these security breaches listed in the OP could allow privilege escalation or something, but if all you got is “Universal might hire hackers to break through your server and sue you”, you’re comforting me in my idea that I don’t have much to fear

Where I live, I have the legal right to have a copy of a film of which I have a legal version, they can watch my media library as much as they want, it’s not enough to prove that it’s illegal.

And hacking my server is illegal, they can’t go to court by presenting evidence obtained through hacking, they would risk much more than me.

My Jellyfin server is behind Cloudflare with IP outside of my country banned.

I got Crowdsec set up on Cloudflare, Traefik and Debian directly.

I got Jellyfin up in a docker container behind Traefik, my router opens only 80 and 443 ports and direct them to Traefik.

Jellyfin has only access to my media files which are just downloaded movies and shows hardlinked by Sonarr/Radarr from my download folder.

It is publicly exposed to be able to watch it from anywhere, and share it to family and friends.

So what? They might access the movies, even delete them, I don’t care, I’ll just hardlink them back or re-download them. What harm can they do that would justify locking everything down?

Brb, I must warn my ancestors of 1789 that they should have overthrown the monarchy by discussing politely rather than by cutting off the king’s head and fighting his henchmen

Don’t bother, he’s a pro-china anti-western shill, his comment history is a mess

Most instances will stop allowing new accounts to be created when it reaches a certain size that gets difficult to manage (hardware and moderating-wise). They self-regulate that way, and instances that get out of control will just be defederated by the others.

I liked the thought that if I were to lose my phone while traveling, I could just borrow a computer and access all my accounts anyway and not getting very uncomfortably stuck. This is putting me at big risk there.

ZFS Raid Expansion has been released days ago in OpenZFS 2.3.0 : https://www.cyberciti.biz/linux-news/zfs-raidz-expansion-finally-here-in-version-2-3-0/

It might help you with deciding how much storage you want

interesting idea, though Chernobyl and Fukushima were both gen2s 💀

The reactor that exploded at Chernobyl was an RBMK model, not a PWR. This implies major design differences from French PWRs, including:

• A positive temperature coefficient, which means that an increase in core temperature leads to an increase in reactivity, which in turn leads to an increase in core temperature, and so on, implying instability and the possibility of a runaway. French PWRs are designed with a negative temperature coefficient, so an increase in core temperature leads to a decrease in reactivity, and vice-versa, physically preventing the runaway that caused Chernobyl.
• A flaw in the shutdown system: graphite rods were used to reduce reactivity during reactor shutdown. On the one hand, these graphite rods descended too slowly into the reactor core, and on the other, they physically increased the reactor’s reactivity when they were first inserted, before reducing it. In fact, it was irradiated graphite that burned and radioactively contaminated the whole area around Chernobyl, not uranium or anything else. On french ones, there is simply no graphite, nothing inflammable nor any rods of any sort, it’s water that’s used to stop the reactors.
• There was also no containment vessel.

Two things to note: the USSR knew about these defects years before the Chernobyl disaster, but the scientists who raised the alarm were neutralized. The other is that the explosion and fire in the reactor were caused by the failure of inexperienced technicians to follow procedures, under pressure from senior management, because the plant was to be visited by a high-ranking official the following day, and therefore the tests they were running at the moment had to be completed at all costs.

Chernobyl exploded because of the USSR’s cult of secrecy and appearance, causing incompetence and corruption.

For Fukushima, it should be noted that Fukushima Daini, although closer to the epicenter of the earthquake, but with better safety standards, was only slightly damaged and even served as a refuge for tsunami survivors.

For Daichii, same thing as Chernobyl, we have a very long list of failures and even falsifications by TEPCO dating from 2002, and even more in 2007, with alarms sounded on all sides by seismologists and scientists of all sides, and the government did not react.

We must understand that these are not disasters that happened out of nowhere, that we could never have predicted, and even less that we could never have avoided. It was a very long succession of bad choices by the incompetent and corrupt.

But despite all this, the Fukushima nuclear disaster caused no deaths, and Chernobyl only killed a few thousand people at most. Nuclear power, in its entire history, has killed only a fraction of what coal kills each year.

I guess it could be made more safe cheaply with modern electronics and software (seeing IoT/“AI”/boeing software engineers in a nuclear facility would freak me the fuck out though)

It has already been done, and without AI/IOT or anything of that kind. For the French REPs, this resulted in the implementation of additional testing protocols (I know that they tested accelerated aging over 10-20-30 years of parts like cables, for example), addition of generators, renovation and improvement of industrial parts, etc.

Both Chernobyl and Fukushima could’ve been avoided/reduced in effect with good failsafe software imo.

No. Fukushima Daichi’s walls were just not meant to handle more than a 5 meters wave. It took a 14 meters high wave right in the face.

I kinda doubt we’d be able to make gen2s cheaper than gen3s (at least in small capacities) though, because their production lines and designs would’ve been long shut down/forgotten

The industrial fabric has been crumbling for a long time, that’s for sure, but at least the designs are much simpler, and we have thousands of engineers working on gen IIs and can contribute their expertise. We don’t have any of that on the gen IIIs.

Pretty much every nuclear reactor that’s recently been built has been crazily over budget and significantly late. It seems it is usually a decade later than planned.

If you look at the EPRs, well, we can thank the Germans who co-developed the project, and pushed for excessive requirements making the design complex, such as the double containment and the system to make maintenance possible without shutting down the reactor. Requirements that the French didn’t need or want, but which were accepted as a concession to keep the Germans in the project, before they slammed the door anyway.

Even Okiluoto and Hinkley Point can be regarded as serial entries, so different are they from Flamanville, and so much work had to be done to simplify them.

Let’s scrap the EPR design, go back to Gen IIs for now, since we know they’re reliable, safe, cheap and easy to build, and move straight on to Gen IV when it’s ready.

Anyway, the beginning of construction is a highly misleading timeframe. There’s a long process before construction even starts. Not unique to nuclear reactors.

You still have nuclear power plants, you don’t even have to start from scratch. But yes, NIMBYS are a significant problem, but renewables are already facing this problem too, and it’s going to intensify greatly with the amount of space it takes to build wind turbines, solar panels, and the colossal amount of storage it takes to make them viable without fossil, hydro or nuclear power.

I dislike nuclear reactor discussions because of similar arguments. E.g. “new technology” fixes some problem, while ignoring the drawbacks

I’m talking about Gen II reactors like the 56 that make up France’s nuclear power fleet, which are tried and tested, safe, inexpensive, efficient, and have enabled France to decarbonize almost all its electricity in two decades. I’m not into technosolutionism, I’m into empiricism.

If someone says that it’ll take 15 years then the person didn’t solely mean the actual construction. They mean from wanting it to having it working.

Okay, so the 4 Blayais reactors, totalling 3.64GWe (equivalent to almost 11GW of wind power, but without the need for storage or redundancy) were connected to the grid 6.5 to 8.5 years after the first public survey, made before the project was started.

I’m not claiming that every reactor project will be built so quickly, but we have to stop pretending that nuclear power is inherently slow to build. It’s the lack of political will that makes nuclear power slow to build, and it’s not an unsolvable problem.